Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help


  • This topic is locked This topic is locked
20 replies to this topic

#1 crzywhteboy1

crzywhteboy1

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 17 September 2008 - 06:54 PM

here is my log i have tried everything to fix this.any help would do thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:18 PM, on 9/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MPBarOpener Class - {8FD66659-A7AF-4641-9999-C56607D3A0AB} - C:\Program Files\Mpire\Mpire Plugin\MPBand.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ICTC] E:\Setup.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Wedding Dash\Images\stg_drm.ocx
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 5326 bytes

BC AdBot (Login to Remove)

 


#2 crzywhteboy1

crzywhteboy1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 23 September 2008 - 11:17 AM

Well...thought I had this fixed but apparantly not. Any help would be appreciated!!

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:13 AM

Posted 29 September 2008 - 08:12 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

#4 crzywhteboy1

crzywhteboy1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 29 September 2008 - 11:14 AM

I still need help with this problem do you need me to repost my logs?

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:13 AM

Posted 30 September 2008 - 11:02 AM

Please download Malwarebytes' Anti-Malware from here:

MalwareBytes' AntiMalware download link

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#6 crzywhteboy1

crzywhteboy1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 04 October 2008 - 01:49 AM

Sorry for taking a while to respond.Mozilla firefox has went to hell,for some reason everytime i click on it it starts downloading as a text document.Then if i click on the download it takes me to my homepage.Any site i click on it starts a download and wont take me to the site until i click on the downloaded text document,so i deleted mozilla and tried to reinstall it and the problem is still there.I have to go to the start menu then search,then i click search the internet.That is how i get online now.my computer is extremely slow now also.Just thought you should know about these new problems.Thank you for being patient. Here is my malware and my new hijack this log.



Malwarebytes' Anti-Malware 1.26
Database version: 1119
Windows 5.1.2600 Service Pack 2

10/4/2008 1:48:04 AM
mbam-log-2008-10-04 (01-48-04).txt

Scan type: Quick Scan
Objects scanned: 40464
Time elapsed: 11 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:48 AM, on 10/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MPBarOpener Class - {8FD66659-A7AF-4641-9999-C56607D3A0AB} - C:\Program Files\Mpire\Mpire Plugin\MPBand.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ICTC] E:\Setup.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Wedding Dash\Images\stg_drm.ocx
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 5396 bytes

#7 crzywhteboy1

crzywhteboy1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 04 October 2008 - 08:04 AM

should i install mozilla again so that it will be fixed also?

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:13 AM

Posted 04 October 2008 - 03:45 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [ICTC] E:\Setup.exe

Reboot your computer and post a new log.

As for Mozilla, I would reinstall it .

#9 crzywhteboy1

crzywhteboy1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 05 October 2008 - 10:43 PM

I reinstalled mozilla after doing all of the above and it is still making text documents to get me onto websites.There is a new file on my desktop labled backups do i need to leave that on there for now?I can not thank you enough for all your help. here is my new log




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:09 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MPBarOpener Class - {8FD66659-A7AF-4641-9999-C56607D3A0AB} - C:\Program Files\Mpire\Mpire Plugin\MPBand.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Wedding Dash\Images\stg_drm.ocx
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 6104 bytes

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:13 AM

Posted 06 October 2008 - 08:47 AM

Leave the backups folder for now.

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When following the instructions please install the Windows XP Recovery Console if you are using XP.

After running ComboFix, please post the ComboFix log as well as a brand new HijackThis as a reply to this topic.

#11 crzywhteboy1

crzywhteboy1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 06 October 2008 - 07:22 PM

ComboFix 08-10-06.05 - HP_Owner 2008-10-06 18:50:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.61 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\HP_Owner\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\HP_Owner\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\SuggestedSites.dat
C:\Program Files\SoftwareOnline
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\test.txt
C:\WINDOWS\system32\bszip.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
.

2008-10-05 22:59 . 2007-10-27 16:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-04 04:12 . 2008-10-04 04:12 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-04 02:01 . 2008-10-04 02:01 <DIR> d-------- C:\sUBs
2008-09-30 20:31 . 2008-09-30 20:31 <DIR> d--hs---- C:\Documents and Settings\HP_Owner\PrivacIE
2008-09-30 20:13 . 2008-09-30 20:14 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-30 20:09 . 2008-09-30 20:09 <DIR> d-------- C:\aab4c459cf993d16cd5729
2008-09-30 16:56 . 2007-08-13 18:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-09-24 22:28 . 2008-09-30 20:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-07 20:31 . 2008-09-25 03:58 <DIR> d-------- C:\WINDOWS\EHome
2008-09-06 06:10 . 2008-09-06 06:10 <DIR> d-------- C:\Program Files\CONEXANT
2008-09-06 05:16 . 2008-09-06 05:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-06 05:16 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-06 05:16 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 01:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-21 03:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-06 11:06 --------- d-----w C:\Program Files\Yahoo!
2008-09-06 10:44 --------- d-----w C:\Program Files\MySpace
2008-09-05 23:39 --------- d-----w C:\Program Files\Google
2008-09-04 01:49 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-04 01:49 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-09-03 00:43 --------- d-----w C:\Program Files\Java
2008-08-31 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-29 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-29 17:06 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-08-29 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-22 08:16 637,984 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-22 08:10 11,985,408 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-22 08:09 5,699,584 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-22 08:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 08:08 878,592 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-22 08:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 08:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-22 08:08 236,544 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-22 08:08 1,206,784 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-22 08:07 755,200 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
2008-08-22 08:07 193,536 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-22 08:07 18,944 ----a-w C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-22 08:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 08:07 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-08-22 08:07 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-08-22 08:05 70,656 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-22 08:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 08:04 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-22 08:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-22 07:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-22 07:57 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-22 07:42 443,392 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-19 01:57 --------- d-----w C:\Program Files\LimeWire
2008-08-09 16:11 --------- d-----w C:\Program Files\PlayFirst
2008-08-05 22:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-03-10 12:11 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-01-19 22:02 0 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FD66659-A7AF-4641-9999-C56607D3A0AB}]
2007-09-13 01:54 86016 --a------ C:\Program Files\Mpire\Mpire Plugin\MPBand.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 126976]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-08-15 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [2005-12-26 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= nsvideo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16082:TCP"= 16082:TCP:listening port

R2 WUSB300NSvc;WUSB300NSvc;C:\Program Files\Linksys\WUSB300N\WLService.exe WUSB300N.exe [ ]
S0 pcimfmmw;pcimfmmw;C:\WINDOWS\system32\drivers\kweflazc.dat [ ]
S3 gwiopm;gwiopm;C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for SkyMax2.2.zip\gwiopm.sys [ ]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 14095]
S3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-09-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-10-06 C:\WINDOWS\Tasks\User_Feed_Synchronization-{2CE5AE67-1A8B-4420-9D29-3F73155D2E3C}.job
- C:\WINDOWS\system32\msfeedssync.exe [2008-08-22 03:05]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSPM Startup - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-YSearchProtection - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\7jidx828.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 18:55:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\pcimfmmw]
"ImagePath"="system32\drivers\kweflazc.dat"
.
Completion time: 2008-10-06 18:58:57
ComboFix-quarantined-files.txt 2008-10-06 23:58:48

Pre-Run: 76,304,146,432 bytes free
Post-Run: 77,364,629,504 bytes free

172 --- E O F --- 2008-09-25 09:02:59


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:09 PM, on 10/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MPBarOpener Class - {8FD66659-A7AF-4641-9999-C56607D3A0AB} - C:\Program Files\Mpire\Mpire Plugin\MPBand.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Wedding Dash\Images\stg_drm.ocx
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 4886 bytes

#12 crzywhteboy1

crzywhteboy1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 06 October 2008 - 07:24 PM

I cannot get firefox to work.It is still downloading as text.Computer performance seems to be much better though.any suggestions as far as firefox?

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:13 AM

Posted 07 October 2008 - 12:02 PM

Found something:

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Rootkit::
C:\WINDOWS\system32\drivers\kweflazc.dat
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for SkyMax2.2.zip\gwiopm.sys

Driver::
pcimfmmw
gwiopm


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#14 crzywhteboy1

crzywhteboy1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 07 October 2008 - 05:27 PM

ComboFix 08-10-07.03 - HP_Owner 2008-10-07 16:25:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.38 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\SuggestedSites.dat
C:\test.txt
C:\WINDOWS\IE4 Error Log.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PCIMFMMW
-------\Service_gwiopm
-------\Service_pcimfmmw


((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.

2008-10-06 20:09 . 2008-10-06 20:09 <DIR> d-------- C:\Program Files\Avira
2008-10-06 20:09 . 2008-10-06 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-05 22:59 . 2007-10-27 16:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-04 04:12 . 2008-10-04 04:12 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-04 02:01 . 2008-10-04 02:01 <DIR> d-------- C:\sUBs
2008-09-30 20:31 . 2008-09-30 20:31 <DIR> d--hs---- C:\Documents and Settings\HP_Owner\PrivacIE
2008-09-30 20:13 . 2008-09-30 20:14 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-30 20:09 . 2008-09-30 20:09 <DIR> d-------- C:\aab4c459cf993d16cd5729
2008-09-30 16:56 . 2007-08-13 18:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-09-24 22:28 . 2008-09-30 20:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-07 20:31 . 2008-09-25 03:58 <DIR> d-------- C:\WINDOWS\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 01:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-21 03:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-06 11:10 --------- d-----w C:\Program Files\CONEXANT
2008-09-06 11:06 --------- d-----w C:\Program Files\Yahoo!
2008-09-06 10:44 --------- d-----w C:\Program Files\MySpace
2008-09-06 10:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 23:39 --------- d-----w C:\Program Files\Google
2008-09-04 01:49 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-09-04 01:49 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-09-03 00:43 --------- d-----w C:\Program Files\Java
2008-09-02 05:16 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-02 05:16 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-31 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-29 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-29 17:06 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-08-29 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-22 08:16 637,984 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-22 08:10 11,985,408 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-22 08:09 5,699,584 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-22 08:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 08:08 878,592 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-22 08:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 08:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-22 08:08 236,544 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-22 08:08 1,206,784 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-22 08:07 755,200 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
2008-08-22 08:07 193,536 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-22 08:07 18,944 ----a-w C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-22 08:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 08:07 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-08-22 08:07 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-08-22 08:05 70,656 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-22 08:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 08:04 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-22 08:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-22 07:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-22 07:57 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-22 07:42 443,392 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-19 01:57 --------- d-----w C:\Program Files\LimeWire
2008-08-09 16:11 --------- d-----w C:\Program Files\PlayFirst
2008-08-05 22:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-03-10 12:11 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-01-19 22:02 0 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-06_18.58.20.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-05-09 18:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 23:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 20:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 15:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FD66659-A7AF-4641-9999-C56607D3A0AB}]
2007-09-13 01:54 86016 --a------ C:\Program Files\Mpire\Mpire Plugin\MPBand.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 126976]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-08-15 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [2005-12-26 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= nsvideo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16082:TCP"= 16082:TCP:listening port

R2 WUSB300NSvc;WUSB300NSvc;C:\Program Files\Linksys\WUSB300N\WLService.exe WUSB300N.exe [ ]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 14095]
S3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-09-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-10-07 C:\WINDOWS\Tasks\User_Feed_Synchronization-{2CE5AE67-1A8B-4420-9D29-3F73155D2E3C}.job
- C:\WINDOWS\system32\msfeedssync.exe [2008-08-22 03:05]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 16:40:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\WUSB300N_I1.gif 10234 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
.
**************************************************************************
.
Completion time: 2008-10-07 16:49:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-07 21:49:34
ComboFix2.txt 2008-10-06 23:58:59

Pre-Run: 77,143,715,840 bytes free
Post-Run: 77,148,127,232 bytes free

179 --- E O F --- 2008-09-25 09:02:59



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:19 PM, on 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MPBarOpener Class - {8FD66659-A7AF-4641-9999-C56607D3A0AB} - C:\Program Files\Mpire\Mpire Plugin\MPBand.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Wedding Dash\Images\stg_drm.ocx
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://cafecam.heerenvanbeijerland.nl/activex/AMC.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 5543 bytes


firefox still shot had to uninstall to get back on here.

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:13 AM

Posted 08 October 2008 - 09:36 AM

What I saw is now gone. Did reinstalling firefox fix that problem?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users