Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer


  • Please log in to reply
37 replies to this topic

#1 gossipgirl

gossipgirl

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 18 December 2007 - 08:25 PM

Hi everyone. My computer was running slowly yesterday, so I ran an Adaware scan for the first time in a while. It found a few processes, registry scans and modules, so I was worried. It deleted all of them them except for this one thing (somesort of Trojan, I think it was?) Today I ran another scan and nothing came up except for some cookies, but it was still running slowly. Shortly after that, I started getting some popups, so I disconnected the internet and ran Super AntiSpyware. There's no popups now but I still feel like there's a problem- I'm not sure though. If someone could just take a quick look at my log to see if there's any problems, thanks alot!!!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:23 PM, on 18/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\bak\qttask.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: {ce44214a-24d9-d8ba-dd24-2522e0ca6b65} - {56b6ac0e-2252-42dd-ab8d-9d42a41244ec} - C:\WINDOWS\system32\ixkhxsad.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} - C:\WINDOWS\system32\mljjgda.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE2EB50-9EAB-4076-9F69-17C7C8BC3FE8}: NameServer = 207.164.234.193 207.164.234.129
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mljjgda - C:\WINDOWS\SYSTEM32\mljjgda.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6950 bytes

BC AdBot (Login to Remove)

 


#2 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:09:26 AM

Posted 29 December 2007 - 02:39 PM

Hi gossipgirl

I will be helping you with your problems.

Please post a fresh Hijackthis log in a reply to this post.

DC

#3 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 02 January 2008 - 10:16 PM

Thank you! Here's my new log. Also, my computer seems to be running fine, but whenever I run a scan with Ad-Aware, it comes up with some sort of virus thing. I always remove it, but it always comes back. Hm.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:21 PM, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C0A88961-15FC-527A-DA5B-30E678F75EE6} - C:\WINDOWS\system32\qhehgtc.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\bak\McUpdate.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE2EB50-9EAB-4076-9F69-17C7C8BC3FE8}: NameServer = 207.164.234.193 207.164.234.129
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mljjgda - mljjgda.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 5850 bytes

Edited by gossipgirl, 02 January 2008 - 11:38 PM.


#4 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:09:26 AM

Posted 03 January 2008 - 10:21 AM

Hi gossipgirl

whenever I run a scan with Ad-Aware, it comes up with some sort of virus thing. I always remove it, but it always comes back.


Could you tell me more about the virus Ad-Aware is detecting?

*** Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


DC

#5 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 06 January 2008 - 08:22 PM

I'm attaching a picture of what Ad-aware always finds.

Or here's a text version: Win32.Trojan.BHO and something called Clickspring

Attached Files



#6 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 06 January 2008 - 08:43 PM

ComboFix 08-01-04.1 - Gwen 2008-01-06 20:32:04.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.336 [GMT -5:00]
Running from: C:\Documents and Settings\Gwen\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Georgia\Application Data\ASKS~1
C:\Documents and Settings\Georgia\Application Data\MANTEC~1
C:\Documents and Settings\Georgia\My Documents\FNTS~1
C:\Documents and Settings\Georgia\My Documents\PPATCH~1
C:\Documents and Settings\Georgia\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Georgia\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Georgia\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\sstem3~1
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\crosof~1
C:\Program Files\crosof~1\??crosoft\
C:\Program Files\crosof~1\svchost.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\tpBe12
C:\Temp\tpBe12\etFr.log
C:\WINDOWS\crosof~1.net
C:\WINDOWS\racle~1
C:\WINDOWS\sstem3~1
C:\WINDOWS\system32\appatc~1
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\prutv.ini
C:\WINDOWS\SYSTEM32\prutv.ini2
C:\WINDOWS\system32\rumxsu.dll
C:\WINDOWS\system32\wnsintsv.exe
C:\WINDOWS\SYSTEM32\wvvwa.ini
C:\WINDOWS\SYSTEM32\wvvwa.ini2

.
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-02 22:53 . 2003-06-11 18:09 16,896 --a------ C:\WINDOWS\SYSTEM32\grwinsthlp.exe
2007-12-30 20:49 . 2007-12-30 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 18:29 . 2007-12-31 22:39 <DIR> d-------- C:\Documents and Settings\Georgia\Shared
2007-12-30 18:29 . 2007-12-31 22:32 <DIR> d-------- C:\Documents and Settings\Georgia\Incomplete
2007-12-30 18:28 . 2007-12-31 22:05 <DIR> d-------- C:\Documents and Settings\Georgia\Application Data\LimeWire
2007-12-25 16:53 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\SYSTEM32\d3dx9_33.dll
2007-12-25 13:25 . 2007-12-25 13:25 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\HP
2007-12-25 12:54 . 2007-12-25 12:54 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-25 12:53 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-12-19 16:39 . 2007-12-20 17:40 9,407 --ahs---- C:\WINDOWS\SYSTEM32\mlkkj.ini
2007-12-17 18:54 . 2007-12-20 18:13 <DIR> d-------- C:\WINDOWS\SYSTEM32\ip3
2007-12-17 18:54 . 2007-12-18 20:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\dre1
2007-12-17 18:54 . 2008-01-06 20:35 <DIR> d-------- C:\Temp
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 22:40 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-01-04 20:20 --------- d-----w C:\Program Files\EA GAMES
2008-01-03 04:37 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-03 04:05 --------- d-----w C:\Program Files\AOL 7.0
2008-01-03 03:53 263 ----a-w C:\UnInstall.dat
2008-01-02 00:11 --------- d-----w C:\Program Files\Modem Helper
2008-01-02 00:11 --------- d-----w C:\Program Files\LimeWire
2008-01-02 00:11 --------- d-----w C:\Program Files\Harry Potter SS1
2007-12-31 01:49 --------- d-----w C:\Program Files\Lavasoft
2007-12-31 01:49 --------- d-----w C:\Documents and Settings\Gwen\Application Data\Lavasoft
2007-12-31 01:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 21:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 21:49 --------- d-----w C:\Program Files\Nancy Drew
2007-12-25 18:00 --------- d-----w C:\Program Files\QuickTime
2007-12-25 17:58 --------- d-----w C:\Program Files\iTunes
2007-12-25 17:58 --------- d-----w C:\Program Files\iPod
2007-12-21 06:29 --------- d-----w C:\Program Files\SUPERAntiSpyware
2005-05-12 03:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-10-07 20:24 69 ----a-w C:\Documents and Settings\Georgia\Application Data\tvmcwrd.dll
2004-10-07 13:15 225,465 ----a-w C:\Documents and Settings\Chris\Application Data\tvmknwrd.dll
2004-10-07 00:46 225,465 ----a-w C:\Documents and Settings\Georgia\Application Data\tvmknwrd.dll
2004-10-04 21:13 224,644 ----a-w C:\Documents and Settings\Gwen\Application Data\tvmknwrd.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 135,264 2002-04-03 06:01:00 C:\Program Files\Creative\SBLive\Diagnostics\bak\diagent.exe
----a-w 135,264 2002-04-03 06:01:00 C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

----a-w 6,731,312 2007-06-11 09:25:42 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe

----a-w 270,648 2007-06-28 13:14:42 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2007-12-11 17:10:26 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 83,608 2007-03-14 07:43:44 C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe

----a-w 200,704 2003-03-18 17:53:52 C:\Program Files\McAfee.com\Agent\bak\mcagent.exe
----a-w 200,704 2003-03-18 17:53:52 C:\Program Files\McAfee.com\Agent\mcagent.exe

----a-w 159,744 2003-08-04 22:25:18 C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe
----a-w 24,080 2007-08-22 23:53:06 C:\Program Files\McAfee.com\Agent\McUpdate.exe

----a-w 122,880 2003-03-21 16:50:32 C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe
----a-w 122,880 2003-03-21 16:50:32 C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe

----a-w 159,744 2003-03-21 16:52:12 C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe

----a-w 190,024 2006-05-12 21:06:22 C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe

----a-w 53,248 2003-07-02 17:35:45 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe

----a-w 143,360 2003-03-28 22:20:38 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe

----a-w 393,216 2004-10-22 20:13:54 C:\Program Files\NetAssistant\SmartBridge\bak\MotiveSB.exe

----a-w 0 2007-09-14 01:32:46 C:\Program Files\NetAssistant\SmartBridge\bak\log\httpclient.log

----a-w 282,624 2007-04-27 13:41:54 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 286,720 2007-12-11 15:56:54 C:\Program Files\QuickTime\QTTask.exe

----a-w 1,261 2007-09-16 03:15:59 C:\Program Files\Real\RealPlayer\bak\channels.xml
----a-w 1,261 2007-08-19 22:10:29 C:\Program Files\Real\RealPlayer\channels.xml

----a-w 26,112 2003-06-03 01:49:03 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe

----a-w 684,032 2002-12-17 17:28:00 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe
----a-w 684,032 2002-12-17 17:28:00 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

----a-w 364,544 2002-04-20 12:00:22 C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\bak\IPClient.exe
----a-w 364,544 2002-04-20 12:00:22 C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe

----a-w 102,400 2002-04-20 12:00:24 C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\bak\IPMon32.exe
----a-w 102,400 2002-04-20 12:00:24 C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe

----a-w 15,360 2004-08-04 04:56:50 C:\WINDOWS\SYSTEM32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 04:56:50 C:\WINDOWS\SYSTEM32\ctfmon.exe

----a-r 28,672 2002-08-14 23:22:52 C:\WINDOWS\SYSTEM32\bak\DSentry.exe
----a-w 28,672 2002-08-14 23:22:52 C:\WINDOWS\SYSTEM32\DSentry.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0A88961-15FC-527A-DA5B-30E678F75EE6}]
C:\WINDOWS\system32\qhehgtc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\kcm2sppz]
@={DDFDD27F-2D73-1B18-B1F6-05BD6725EB51}

[HKEY_CLASSES_ROOT\CLSID\{DDFDD27F-2D73-1B18-B1F6-05BD6725EB51}]
C:\WINDOWS\system32\kcm2sppz.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe" [2003-08-04 17:25 159744]
"POINTER"="point32.exe" []
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\SYSTEM32\nwiz.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [ ]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 7.0 Tray Icon.lnk - C:\Program Files\AOL 7.0\aoltray.exe [2003-06-02 20:48:51]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2004-12-29 18:29:37]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-06-17 16:00:11]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjgda]
mljjgda.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 11:35 49152 --a------ C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-10-10 04:18]
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 04:18]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 17:54:38 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-06-06 20:35:43 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2003-06-06 20:35:43 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2003-06-06 20:35:43 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-01-07 01:44:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D8VQYV21-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-01-07 01:40:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D-Chris).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-01-07 01:42:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D-Georgia).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-01-07 01:41:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D-Gwen).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-01-07 01:42:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D-Yvonne).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate.ex
- C:\PROGRA~1\mcafee.com\agent.YvonneYMcAfee SecurityCenter periodically checks for updates for your McAfee Security Services.
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 20:38:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 20:45:08 - machine was rebooted [Gwen]
ComboFix-quarantined-files.txt 2008-01-07 01:45:05

#7 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 06 January 2008 - 08:44 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:00 PM, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DllHost.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C0A88961-15FC-527A-DA5B-30E678F75EE6} - C:\WINDOWS\system32\qhehgtc.dll (file missing)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE2EB50-9EAB-4076-9F69-17C7C8BC3FE8}: NameServer = 207.164.234.193 207.164.234.129
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mljjgda - mljjgda.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 5988 bytes

#8 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:09:26 AM

Posted 07 January 2008 - 12:05 PM

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojans have been identified and can be killed, because of their backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the Operating System.

Visit the following sites for more information on internet theft and when to reformat!

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

If you have any questions before to you come to a final decision, please feel free to ask.

If you do decide to be cleaned please post another Hijackthis log in your reply.

Let me know your decision, until then don't do anything other than instructed above!

DC

#9 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 08 January 2008 - 11:14 PM

:blink: Omg... This sucks. The last time I was having problems with spyware, someone here told me the same thing, but they managed to fix it. Well, no one in my family does online banking or anything like that, so there's no passwords that could lead to major problems if they were hacked, thank goodness. I think that I'd like you to try to clean my computer for me, so that I don't have to reformat. :thumbsup: Here's my new log. Thanks again!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:18 PM, on 08/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {C0A88961-15FC-527A-DA5B-30E678F75EE6} - C:\WINDOWS\system32\qhehgtc.dll (file missing)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/re...es/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE2EB50-9EAB-4076-9F69-17C7C8BC3FE8}: NameServer = 207.164.234.193 207.164.234.129
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mljjgda - mljjgda.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6001 bytes

#10 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:09:26 AM

Posted 09 January 2008 - 02:06 PM

Hi gossipgirl

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\grwinsthlp.exe
C:\WINDOWS\SYSTEM32\mlkkj.ini
C:\WINDOWS\system32\qhehgtc.dll
C:\WINDOWS\system32\mljjgda.dll
C:\WINDOWS\system32\kcm2sppz.dll

Folder::
C:\WINDOWS\SYSTEM32\ip3
C:\WINDOWS\SYSTEM32\dre1

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0A88961-15FC-527A-DA5B-30E678F75EE6}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjgda]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\kcm2sppz]
[-HKEY_CLASSES_ROOT\CLSID\{DDFDD27F-2D73-1B18-B1F6-05BD6725EB51}]


Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will start Combofix

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




DC

#11 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 09 January 2008 - 10:21 PM

ComboFix 08-01-04.1 - Gwen 2008-01-09 22:16:04.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.475 [GMT -5:00]
Running from: C:\Documents and Settings\Gwen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gwen\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\grwinsthlp.exe
C:\WINDOWS\system32\kcm2sppz.dll
C:\WINDOWS\system32\mljjgda.dll
C:\WINDOWS\SYSTEM32\mlkkj.ini
C:\WINDOWS\system32\qhehgtc.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\dre1
C:\WINDOWS\SYSTEM32\grwinsthlp.exe
C:\WINDOWS\SYSTEM32\ip3
C:\WINDOWS\SYSTEM32\mlkkj.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2007-12-30 20:49 . 2007-12-30 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 18:29 . 2007-12-31 22:39 <DIR> d-------- C:\Documents and Settings\Georgia\Shared
2007-12-30 18:29 . 2007-12-31 22:32 <DIR> d-------- C:\Documents and Settings\Georgia\Incomplete
2007-12-30 18:28 . 2007-12-31 22:05 <DIR> d-------- C:\Documents and Settings\Georgia\Application Data\LimeWire
2007-12-25 16:53 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\SYSTEM32\d3dx9_33.dll
2007-12-25 13:25 . 2007-12-25 13:25 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\HP
2007-12-25 12:54 . 2007-12-25 12:54 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-25 12:53 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-12-17 18:54 . 2008-01-06 20:35 <DIR> d-------- C:\Temp
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 21:27 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-01-04 20:20 --------- d-----w C:\Program Files\EA GAMES
2008-01-03 04:37 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-03 04:05 --------- d-----w C:\Program Files\AOL 7.0
2008-01-03 03:53 263 ----a-w C:\UnInstall.dat
2008-01-02 00:11 --------- d-----w C:\Program Files\Modem Helper
2008-01-02 00:11 --------- d-----w C:\Program Files\LimeWire
2008-01-02 00:11 --------- d-----w C:\Program Files\Harry Potter SS1
2007-12-31 01:49 --------- d-----w C:\Program Files\Lavasoft
2007-12-31 01:49 --------- d-----w C:\Documents and Settings\Gwen\Application Data\Lavasoft
2007-12-31 01:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 21:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 21:49 --------- d-----w C:\Program Files\Nancy Drew
2007-12-25 18:00 --------- d-----w C:\Program Files\QuickTime
2007-12-25 17:58 --------- d-----w C:\Program Files\iTunes
2007-12-25 17:58 --------- d-----w C:\Program Files\iPod
2007-12-21 06:29 --------- d-----w C:\Program Files\SUPERAntiSpyware
2005-05-12 03:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-10-07 20:24 69 ----a-w C:\Documents and Settings\Georgia\Application Data\tvmcwrd.dll
2004-10-07 13:15 225,465 ----a-w C:\Documents and Settings\Chris\Application Data\tvmknwrd.dll
2004-10-07 00:46 225,465 ----a-w C:\Documents and Settings\Georgia\Application Data\tvmknwrd.dll
2004-10-04 21:13 224,644 ----a-w C:\Documents and Settings\Gwen\Application Data\tvmknwrd.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 135,264 2002-04-03 06:01:00 C:\Program Files\Creative\SBLive\Diagnostics\bak\diagent.exe
----a-w 135,264 2002-04-03 06:01:00 C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

----a-w 6,731,312 2007-06-11 09:25:42 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe

----a-w 270,648 2007-06-28 13:14:42 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2007-12-11 17:10:26 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 83,608 2007-03-14 07:43:44 C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe

----a-w 200,704 2003-03-18 17:53:52 C:\Program Files\McAfee.com\Agent\bak\mcagent.exe
----a-w 200,704 2003-03-18 17:53:52 C:\Program Files\McAfee.com\Agent\mcagent.exe

----a-w 159,744 2003-08-04 22:25:18 C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe
----a-w 24,080 2007-08-22 23:53:06 C:\Program Files\McAfee.com\Agent\McUpdate.exe

----a-w 122,880 2003-03-21 16:50:32 C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe
----a-w 122,880 2003-03-21 16:50:32 C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe

----a-w 159,744 2003-03-21 16:52:12 C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe

----a-w 190,024 2006-05-12 21:06:22 C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe

----a-w 53,248 2003-07-02 17:35:45 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe

----a-w 143,360 2003-03-28 22:20:38 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe

----a-w 393,216 2004-10-22 20:13:54 C:\Program Files\NetAssistant\SmartBridge\bak\MotiveSB.exe

----a-w 0 2007-09-14 01:32:46 C:\Program Files\NetAssistant\SmartBridge\bak\log\httpclient.log

----a-w 282,624 2007-04-27 13:41:54 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 286,720 2007-12-11 15:56:54 C:\Program Files\QuickTime\QTTask.exe

----a-w 1,261 2007-09-16 03:15:59 C:\Program Files\Real\RealPlayer\bak\channels.xml
----a-w 1,261 2007-08-19 22:10:29 C:\Program Files\Real\RealPlayer\channels.xml

----a-w 26,112 2003-06-03 01:49:03 C:\Program Files\Real\RealPlayer\bak\RealPlay.exe

----a-w 684,032 2002-12-17 17:28:00 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe
----a-w 684,032 2002-12-17 17:28:00 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

----a-w 364,544 2002-04-20 12:00:22 C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\bak\IPClient.exe
----a-w 364,544 2002-04-20 12:00:22 C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe

----a-w 102,400 2002-04-20 12:00:24 C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\bak\IPMon32.exe
----a-w 102,400 2002-04-20 12:00:24 C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe

----a-w 15,360 2004-08-04 04:56:50 C:\WINDOWS\SYSTEM32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 04:56:50 C:\WINDOWS\SYSTEM32\ctfmon.exe

----a-r 28,672 2002-08-14 23:22:52 C:\WINDOWS\SYSTEM32\bak\DSentry.exe
----a-w 28,672 2002-08-14 23:22:52 C:\WINDOWS\SYSTEM32\DSentry.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe" [2003-08-04 17:25 159744]
"POINTER"="point32.exe" []
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\SYSTEM32\nwiz.exe]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [ ]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 7.0 Tray Icon.lnk - C:\Program Files\AOL 7.0\aoltray.exe [2003-06-02 20:48:51]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2004-12-29 18:29:37]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-06-17 16:00:11]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 11:35 49152 --a------ C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-10-10 04:18]
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 04:18]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 17:54:38 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-06-06 20:35:43 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2003-06-06 20:35:43 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2003-06-06 20:35:43 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-01-10 03:19:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D8VQYV21-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-01-10 03:20:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D-Chris).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-01-10 03:22:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D-Georgia).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-01-10 03:21:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D-Gwen).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate.ex
- C:\PROGRA~1\mcafee.com\agent
"2008-01-10 03:22:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D-Yvonne).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate.ex
- C:\PROGRA~1\mcafee.com\agent.YvonneYMcAfee SecurityCenter periodically checks for updates for your McAfee Security Services.
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 22:23:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-09 22:23:55
ComboFix-quarantined-files.txt 2008-01-10 03:23:41
ComboFix2.txt 2008-01-07 01:45:08

#12 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:09:26 AM

Posted 10 January 2008 - 02:36 AM

Hi gossipgirl

Click HERE to download FindAWF.exe and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 1, then press Enter.
FindAWF tool will begin scanning.
It may take a few minutes to complete so be patient.
When the scan is finished, a text file in notepad called AWF.txt will automatically open.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.

DC

#13 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 11 January 2008 - 10:29 PM

Find AWF report by noahdfear 2006
Version 1.40

The current date is: 11/01/2008
The current time is: 22:25:34.10


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

28/06/2007 08:14 AM 270,648 iTunesHelper.exe
1 File(s) 270,648 bytes

Directory of C:\PROGRA~1\MESSEN~3\BAK

12/05/2006 04:06 PM 190,024 MsgPlus.exe
1 File(s) 190,024 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

27/04/2007 08:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

03/08/2004 11:56 PM 15,360 ctfmon.exe
14/08/2002 06:22 PM 28,672 DSentry.exe
2 File(s) 44,032 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGANT~1.5\BAK

11/06/2007 04:25 AM 6,731,312 avgas.exe
1 File(s) 6,731,312 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

18/03/2003 12:53 PM 200,704 mcagent.exe
04/08/2003 05:25 PM 159,744 McUpdate.exe
2 File(s) 360,448 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\VSO\BAK

21/03/2003 11:50 AM 122,880 mcmnhdlr.exe
21/03/2003 11:52 AM 159,744 mcvsshld.exe
2 File(s) 282,624 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~1\BAK

28/03/2003 05:20 PM 143,360 mm_tray.exe
02/07/2003 12:35 PM 53,248 mmtask.exe
2 File(s) 196,608 bytes

Directory of C:\PROGRA~1\NETASS~1\SMARTB~1\BAK

22/10/2004 03:13 PM 393,216 MotiveSB.exe
1 File(s) 393,216 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

15/09/2007 10:15 PM 1,261 channels.xml
02/06/2003 08:49 PM 26,112 RealPlay.exe
2 File(s) 27,373 bytes

Directory of C:\PROGRA~1\CREATIVE\SBLIVE\DIAGNO~1\BAK

03/04/2002 01:01 AM 135,264 diagent.exe
1 File(s) 135,264 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

14/03/2007 02:43 AM 83,608 jusched.exe
1 File(s) 83,608 bytes


17/12/2002 12:28 PM 684,032 DirectCD.exe
1 File(s) 684,032 bytes

Directory of C:\PROGRA~1\VISUAL~1\VISUAL~1\SYMPAT~1\BAK

20/04/2002 07:00 AM 364,544 IPClient.exe
20/04/2002 07:00 AM 102,400 IPMon32.exe
2 File(s) 466,944 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 Dec 11 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
270648 Jun 28 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Dec 25 2007 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
190024 May 12 2006 "C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\QTTask.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 3 2004 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
15360 Aug 3 2004 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\DSentry.exe"
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe"
6731312 Jun 11 2007 "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe"
200704 Mar 18 2003 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
200704 Mar 18 2003 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
24080 Aug 22 2007 "C:\Program Files\McAfee.com\Agent\McUpdate.exe"
159744 Aug 4 2003 "C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe"
122880 Mar 21 2003 "C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe"
122880 Mar 21 2003 "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
159744 Mar 21 2003 "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
53248 Jul 2 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe"
143360 Mar 28 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
393216 Oct 22 2004 "C:\Program Files\NetAssistant\SmartBridge\bak\MotiveSB.exe"
393216 Oct 22 2004 "C:\Program Files\NetAssistant\SmartBridge\Original\MotiveSB.exe"
480 Mar 6 2007 "C:\Program Files\NetAssistant\SmartBridge\log\httpclient.log"
0 Sep 13 2007 "C:\Program Files\NetAssistant\SmartBridge\bak\log\httpclient.log"
1261 Aug 19 2007 "C:\Program Files\Real\RealPlayer\channels.xml"
1261 Sep 15 2007 "C:\Program Files\Real\RealPlayer\bak\channels.xml"
26112 Jun 2 2003 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
135264 Apr 3 2002 "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe"
135264 Apr 3 2002 "C:\Program Files\Creative\SBLive\Diagnostics\bak\diagent.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"
684032 Dec 17 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
684032 Dec 17 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
364544 Apr 20 2002 "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe"
364544 Apr 20 2002 "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\bak\IPClient.exe"
102400 Apr 20 2002 "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
102400 Apr 20 2002 "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\bak\IPMon32.exe"


end of report

#14 Demon Cleaner

Demon Cleaner

  • Members
  • 1,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chester uk
  • Local time:09:26 AM

Posted 13 January 2008 - 10:15 AM

Hi gossipgirl

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow steps below:

Copy the file paths in quote below to the clipboard, highlight all of them right-click and choose copy, or highlight them and press Ctrl+C:

"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe"
"C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe"
"C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe"
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
"C:\Program Files\NetAssistant\SmartBridge\bak\log\httpclient.log"
"C:\Program Files\Real\RealPlayer\bak\channels.xml"
"C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 2, then press Enter.
Press any key to continue.
A Notepad document files.txt will appear with instructions to click below the line and paste the list of files to be restored.
Right click below the line and paste the list of files that were copied to the clipboard (Ctrl+V).
Close Notepad and you will receive prompt to save the changes, click Yes.
The program will proceed with working.
It may take a few minutes to complete so be patient.
When the scan is finished, it will open a text file in notepad called AWF.txt.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.

DC

#15 gossipgirl

gossipgirl
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 13 January 2008 - 03:34 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: 13/01/2008
The current time is: 15:30:21.34


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

28/06/2007 08:14 AM 270,648 iTunesHelper.exe
1 File(s) 270,648 bytes

Directory of C:\PROGRA~1\MESSEN~3\BAK

12/05/2006 04:06 PM 190,024 MsgPlus.exe
1 File(s) 190,024 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

27/04/2007 08:41 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

03/08/2004 11:56 PM 15,360 ctfmon.exe
14/08/2002 06:22 PM 28,672 DSentry.exe
2 File(s) 44,032 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGANT~1.5\BAK

11/06/2007 04:25 AM 6,731,312 avgas.exe
1 File(s) 6,731,312 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

18/03/2003 12:53 PM 200,704 mcagent.exe
04/08/2003 05:25 PM 159,744 McUpdate.exe
2 File(s) 360,448 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\VSO\BAK

21/03/2003 11:50 AM 122,880 mcmnhdlr.exe
21/03/2003 11:52 AM 159,744 mcvsshld.exe
2 File(s) 282,624 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~1\BAK

28/03/2003 05:20 PM 143,360 mm_tray.exe
02/07/2003 12:35 PM 53,248 mmtask.exe
2 File(s) 196,608 bytes

Directory of C:\PROGRA~1\NETASS~1\SMARTB~1\BAK

22/10/2004 03:13 PM 393,216 MotiveSB.exe
1 File(s) 393,216 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

15/09/2007 10:15 PM 1,261 channels.xml
02/06/2003 08:49 PM 26,112 RealPlay.exe
2 File(s) 27,373 bytes

Directory of C:\PROGRA~1\CREATIVE\SBLIVE\DIAGNO~1\BAK

03/04/2002 01:01 AM 135,264 diagent.exe
1 File(s) 135,264 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

14/03/2007 02:43 AM 83,608 jusched.exe
1 File(s) 83,608 bytes


17/12/2002 12:28 PM 684,032 DirectCD.exe
1 File(s) 684,032 bytes

Directory of C:\PROGRA~1\VISUAL~1\VISUAL~1\SYMPAT~1\BAK

20/04/2002 07:00 AM 364,544 IPClient.exe
20/04/2002 07:00 AM 102,400 IPMon32.exe
2 File(s) 466,944 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

270648 Jun 28 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
270648 Jun 28 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Dec 25 2007 "C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe"
116008 Dec 11 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
190024 May 12 2006 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
190024 May 12 2006 "C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Apr 27 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 3 2004 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
15360 Aug 3 2004 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\DSentry.exe"
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe"
6731312 Jun 11 2007 "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
6731312 Jun 11 2007 "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe"
200704 Mar 18 2003 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
200704 Mar 18 2003 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
159744 Aug 4 2003 "C:\Program Files\McAfee.com\Agent\McUpdate.exe"
159744 Aug 4 2003 "C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe"
122880 Mar 21 2003 "C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe"
122880 Mar 21 2003 "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
159744 Mar 21 2003 "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
159744 Mar 21 2003 "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
53248 Jul 2 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
53248 Jul 2 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe"
143360 Mar 28 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
143360 Mar 28 2003 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
393216 Oct 22 2004 "C:\Program Files\NetAssistant\SmartBridge\bak\MotiveSB.exe"
393216 Oct 22 2004 "C:\Program Files\NetAssistant\SmartBridge\Original\MotiveSB.exe"
0 Sep 13 2007 "C:\Program Files\NetAssistant\SmartBridge\log\httpclient.log"
0 Sep 13 2007 "C:\Program Files\NetAssistant\SmartBridge\bak\log\httpclient.log"
1261 Sep 15 2007 "C:\Program Files\Real\RealPlayer\channels.xml"
1261 Sep 15 2007 "C:\Program Files\Real\RealPlayer\bak\channels.xml"
26112 Jun 2 2003 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Jun 2 2003 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
135264 Apr 3 2002 "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe"
135264 Apr 3 2002 "C:\Program Files\Creative\SBLive\Diagnostics\bak\diagent.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"
684032 Dec 17 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
684032 Dec 17 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
364544 Apr 20 2002 "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe"
364544 Apr 20 2002 "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\bak\IPClient.exe"
102400 Apr 20 2002 "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
102400 Apr 20 2002 "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\bak\IPMon32.exe"


end of report




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users