Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help, Infected With Oinadserver


  • This topic is locked This topic is locked
15 replies to this topic

#1 Generand

Generand

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 17 September 2006 - 04:12 PM

Hi, I've done as much preparation as I know how. I have been infected with oinadserver. I also get the "server busy" screen that doesn't go away. I am posting my HJT log. Thanks in advance for your help!

Logfile of HijackThis v1.99.1
Scan saved at 4:06:23 PM, on 9/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\MSC\McLogCln.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\SiteAdv.exe
G:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: (no name) - {183FD617-33F3-6D0F-A4DE-1343C46BA49E} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xrrrilv.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [McLogLch_exe] "C:\Program Files\McAfee\MSC\McLogLch.exe"
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Generand\LOCALS~1\Temp\{39277182-0CB1-4131-82A4-879709811351}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Fhtg] "C:\Program Files\Common Files\??crosoft\winlogon.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Iinl] "C:\WINDOWS\SSTEM3~1\taskmgr.exe" -vt ndrv
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141353034375
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CWShredder Service - Unknown owner - c:\program files\InterMute\SpySubtract\CWShredder.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - G:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:55 AM

Posted 18 September 2006 - 05:26 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Generand

Generand
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 18 September 2006 - 09:29 PM

Thanks, here's the log after I ran combofix

Generand - 06-09-18 21:20:51.54 Service Pack 2
ComboFix 06.09.14 - Running from: G:\Application Download

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\updrun.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Generand\My Documents\CROSOF~1
C:\QooBox\Purity\Documents and Settings\Generand\My Documents\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\CROSOF~1
C:\QooBox\Purity\WINDOWS\SKS~1
C:\QooBox\Purity\WINDOWS\SSTEM3~1
C:\QooBox\Purity\WINDOWS\SSTEM3~1\s?stem32


((((((((((((((((((((((((((((((( Files Created from 2006-08-18 to 2006-09-18 ))))))))))))))))))))))))))))))))))


2006-09-13 18:52 2 --a------ C:\WINDOWS\system32\wapisvtr.exe
2006-09-10 06:45 927 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-09-10 06:43 205 --a------ C:\WINDOWS\vhaqp.dll
2006-09-10 06:38 73,728 --a------ C:\WINDOWS\appupdate.exe
2006-09-03 01:45 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-03 01:14 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-09-03 01:14 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-09-03 01:14 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-09-03 01:14 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-09-03 01:14 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-09-03 01:12 2,973,696 --------- C:\WINDOWS\NuNinst.exe
2006-09-03 01:07 16,384 --a------ C:\WINDOWS\system32\lgfwunis.exe
2006-09-03 01:07 102,912 --------- C:\WINDOWS\system32\Vb6stkit.dll
2006-09-03 01:07 102,160 --------- C:\WINDOWS\system32\VB6KO.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-18 21:22 -------- d-------- C:\Program Files\Common Files
2006-09-18 07:31 -------- d-------- C:\Documents and Settings\Generand\Application Data\SiteAdvisor
2006-09-18 02:04 -------- d-------- C:\Program Files\SiteAdvisor
2006-09-17 15:47 -------- d-------- C:\Program Files\Internet Explorer
2006-09-17 15:46 -------- d-------- C:\Documents and Settings\Generand\Application Data\Sun
2006-09-17 15:45 -------- d-------- C:\Program Files\Java
2006-09-17 15:44 -------- d-------- C:\Program Files\Common Files\Java
2006-09-16 20:51 -------- d-------- C:\Program Files\McAfee
2006-09-16 17:58 -------- d-------- C:\Program Files\Common Files\McAfee
2006-09-16 17:21 -------- d-------- C:\Program Files\mcafee.com
2006-09-16 17:13 -------- d-------- C:\Documents and Settings\Generand\Application Data\Google
2006-09-16 07:01 0 --a------ C:\AUTOEXEC.BAT
2006-09-15 21:03 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-09-15 21:03 -------- d-------- C:\Program Files\Symantec
2006-09-15 21:03 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-15 20:41 -------- d-------- C:\Program Files\Google
2006-09-14 23:53 -------- d-------- C:\Documents and Settings\Generand\Application Data\Lavasoft
2006-09-13 19:05 -------- d-------- C:\Program Files\Yahoo!
2006-09-11 12:00 -------- d-------- C:\Program Files\Sony Handheld
2006-09-10 10:09 -------- d-------- C:\Program Files\Common Files\roww
2006-09-10 06:38 -------- d-------- C:\Program Files\Icon Drop
2006-09-03 01:44 -------- d-------- C:\Program Files\CyberLink
2006-09-03 01:42 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-03 01:14 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-03 01:14 -------- d-------- C:\Program Files\Ahead
2006-08-21 11:10 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-21 11:09 -------- d-------- C:\Program Files\MSN Messenger
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 04:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-14 16:26 37832 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2006-08-14 16:25 33928 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2006-08-14 16:25 31752 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2006-08-14 16:25 162504 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2006-08-14 13:00 104536 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2006-08-06 09:16 -------- d-------- C:\Program Files\QuickTime
2006-08-03 23:13 -------- d-------- C:\Program Files\America Online 9.0a
2006-08-03 19:33 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-08-03 19:33 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-08-03 19:33 13824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-08-03 19:33 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-22 00:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 00:06 1435648 --a------ C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Fhtg"="\"C:\\Program Files\\Common Files\\??crosoft\\winlogon.exe\""
"swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe\""
"Iinl"="\"C:\\WINDOWS\\SSTEM3~1\\taskmgr.exe\" -vt ndrv"
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0a\\AOL.EXE\" -b"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\\WINDOWS\\system32\\ezSP_Px.exe"
"McLogLch_exe"="\"C:\\Program Files\\McAfee\\MSC\\McLogLch.exe\""
"LanzarL2007"="\"C:\\DOCUME~1\\Generand\\LOCALS~1\\Temp\\{39277182-0CB1-4131-82A4-879709811351}\\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\\..\\..\\L2007tmp\\Setup.exe\" /SETUP:\"/l0x0009\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Image Zone Fast Start.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Image Zone Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Image Zone Fast Start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package Menu.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package Menu.lnkCommon Startup"
"location"="Common Startup"
"command"="G:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~3\\SonyTray.exe "
"item"="Picture Package Menu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package VCD Maker.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package VCD Maker.lnkCommon Startup"
"location"="Common Startup"
"command"="G:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~1\\RESIDE~1.EXE -h"
"item"="Picture Package VCD Maker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Real-time Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\Real-time Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{A839294B-70A9-11D5-9F5A-0050DAD742CD}\\_106B5A0.exe "
"item"="Real-time Monitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\VAIO Action Setup (Server).lnk"
"backup"="C:\\WINDOWS\\pss\\VAIO Action Setup (Server).lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Sony\\VAIOAC~1\\VAServ.exe "
"item"="VAIO Action Setup (Server)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Generand^Start Menu^Programs^Startup^Think-Adz.lnk]
"path"="C:\\Documents and Settings\\Generand\\Start Menu\\Programs\\Startup\\Think-Adz.lnk"
"backup"="C:\\WINDOWS\\pss\\Think-Adz.lnkStartup"
"location"="Startup"
"command"="C:\\WINDOWS\\system32\\lwinppex.exe GID002"
"item"="Think-Adz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AltnetPointsManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="points manager"
"hkey"="HKLM"
"command"="c:\\program files\\altnet\\points manager\\points manager.exe -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Fast Start]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOL"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\America Online 9.0a\\AOL.EXE\" -b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLSPScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\AOL\\1107750170\\ee\\services\\sscAntiSpywarePlugin\\ver1_10_3_1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ChikkaIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Chikka"
"hkey"="HKCU"
"command"="G:\\PROGRA~1\\Chikka\\Chikka.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DIGServices]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DIGServices"
"hkey"="HKLM"
"command"="C:\\Program Files\\ESPNRunTime\\DIGServices.exe /brand=ESPN /priority=0 /poll=24"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DIGStream]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="digstream"
"hkey"="HKLM"
"command"="C:\\Program Files\\DIGStream\\digstream.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ExploreUpdSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lwinppex"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\lwinppex.exe\" GID002"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ezShieldProtector for Px]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezSP_Px"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ezSP_Px.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\gcasServ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gcasServ"
"hkey"="HKLM"
"command"="\"G:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1107750170\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Ahead\\InCD\\InCD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="G:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MacName]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MACNAME"
"hkey"="HKLM"
"command"="\"g:\\program files\\MACNAME.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\P2P Networking]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="P2P Networking"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe\" /AUTOSTART"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Pop3trap.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pop3trap"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2000\\Pop3trap.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Pure Networks Port Magic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PortAOL"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickFinder Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QFSCHD100"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Corel\\WordPerfect Office 2002\\Programs\\QFSCHD100.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SearchUpgrader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SearchUpgrader"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common files\\SearchUpgrader\\SearchUpgrader.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SiS Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sscRun]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSCRun"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\AOL\\1107750170\\ee\\services\\sscFirewallPlugin\\ver1_10_3_1\\SSCRun.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UserFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -u"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -u"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WebTrapNT.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WebTrapNT"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2000\\WebTrapNT.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\{9D-D0-00-07-ZN}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dwdsregt"
"hkey"="HKLM"
"command"="\"c:\\windows\\system32\\dwdsregt.exe\" GID002"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

Completion time: Mon 09/18/2006 21:23:01.87
ComboFix.txt

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:55 AM

Posted 19 September 2006 - 09:32 AM

Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\{9D-D0-00-07-ZN}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SearchUpgrader]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ExploreUpdSched]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AltnetPointsManager]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Generand^Start Menu^Programs^Startup^Think-Adz.lnk]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanzarL2007"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fhtg"=-
"Iinl"=-
Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.



==============



Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\system32\wapisvtr.exe
    C:\WINDOWS\system32\winpfg32.sys
    C:\WINDOWS\vhaqp.dll
    C:\WINDOWS\appupdate.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
============



Download and scan with the free 15 day trial of Counterspy
Save the report when it's finished:
  • Once Counterspy has done scanning,the 'Scan Results' box will appear.
  • Click on 'View Results'.
  • Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
  • Then click on Take Action.
  • Once everything has been removed,click on View Details.
  • Copy and Paste those details into your next reply here.
Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Generand

Generand
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 19 September 2006 - 08:25 PM

Pocket Killbox version 2.0.0.881
Running on Windows XP as Generand(Administrator)
was started @ Tuesday, September 19, 2006, 8:14 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\wapisvtr.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\winpfg32.sys


# 3 [Delete on Reboot]
Path = C:\WINDOWS\vhaqp.dll


# 4 [Delete on Reboot]
Path = C:\WINDOWS\appupdate.exe


I Rebooted @ 8:16:08 PM
Killbox Closed(Exit) @ 8:16:09 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Generand(Administrator)
was started @ Tuesday, September 19, 2006, 8:21 PM

#6 Generand

Generand
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 19 September 2006 - 09:56 PM

Counterspy Log

Spyware Scan Details
Start Date: 9/19/2006 8:30:12 PM
End Date: 9/19/2006 9:36:16 PM
Total Time: 1 hrs 6 mins 4 secs

Detected spyware

KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected files detected
c:\documents and settings\generand\desktop\kazaa.lnk
c:\documents and settings\generand\desktop\my shared folder.lnk
G:\Program Files\Kazaa\Db\ctx4-060124.cab
G:\Program Files\Kazaa\Db\tsi4-060124a.cab
G:\Program Files\Kazaa\Help\mykazaa.css

Infected registry entries detected
HKEY_CURRENT_USER\Software\Kazaa
HKEY_CURRENT_USER\Software\Kazaa\Advanced ScanFolder 1
HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed
HKEY_CURRENT_USER\Software\Kazaa\Advanced ScWeeklyDate 23-4-2006
HKEY_CURRENT_USER\Software\Kazaa\DontShow CancelDownload 1
HKEY_CURRENT_USER\Software\Kazaa\DontShow CloseToSystray 0
HKEY_CURRENT_USER\Software\Kazaa\InstantMessaging IgnoreAll 1
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 0 211
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 1 108
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 2 80
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 3 50
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 4 50
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 5 70
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 6 49
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 7 82
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 8 60
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 9 64
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 10 76
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 11 76
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 12 64
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 13 50
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 14 180
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 0 232
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 1 143
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 2 54
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 3 54
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 4 54
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 5 100
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 6 122
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 7 96
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 8 108
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 0 289
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 1 108
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 2 80
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 3 50
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 4 50
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 5 70
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 6 72
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 7 82
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 8 60
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 9 64
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 10 60
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 11 76
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 12 180
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\MyKazaaStates My Media 1
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\MyKazaaStates My Kapsules 0
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\MyKazaaStates My Playlists 1
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Settings WindowPos 0,1,-32000,-32000,-1,-1,51,53,973,805
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Settings SACol1 75
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Settings SACol2 50
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Settings SACol3 125
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 0 0
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 1 1
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 2 2
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 3 3
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 4 4
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 5 5
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 6 6
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 7 7
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 8 8
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 9 9
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 10 10
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 11 11
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 12 12
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 13 13
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 14 14
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Video 15 15
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 0 305
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 1 108
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 2 80
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 3 50
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 4 50
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 5 70
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 6 72
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 7 82
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 8 60
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 9 64
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 10 76
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 11 76
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 12 180
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 13 64
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 14 50
HKEY_CURRENT_USER\Software\Kazaa\Kazaa\VideoWidth 15 64
HKEY_CURRENT_USER\Software\Kazaa\LocalContent ChannelsDir G:\Program Files\Kazaa\My Channels
HKEY_CURRENT_USER\Software\Kazaa\LocalContent SearchAgents G:\Program Files\Kazaa\My Search Agents
HKEY_CURRENT_USER\Software\Kazaa\LocalContent DisableListFiles 0
HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter firewall_filter 1
HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter adult_filter_level 0
HKEY_CURRENT_USER\Software\Kazaa\Settings AutoUpdateSkype 0
HKEY_CURRENT_USER\Software\Kazaa\Settings +
HKEY_CURRENT_USER\Software\Kazaa\Settings Date 9-26-2005
HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0
HKEY_CURRENT_USER\Software\Kazaa\Settings Quarantine G:\Program Files\Kazaa\Quarantine
HKEY_CURRENT_USER\Software\Kazaa\Settings HelpDir G:\Program Files\Kazaa\Help
HKEY_CURRENT_USER\Software\Kazaa\Settings SearchDir G:\Program Files\Kazaa\Search
HKEY_CURRENT_USER\Software\Kazaa\Settings UserId 4925629215531227226
HKEY_CURRENT_USER\Software\Kazaa\Skins SkinsDir G:\Program Files\Kazaa\Skins
HKEY_CURRENT_USER\Software\Kazaa\Transfer +
HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 1
HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheHost 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer CachePort 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheDiscoveryTime 1152680176
HKEY_CURRENT_USER\Software\Kazaa\Transfer DlDir0 G:\Program Files\Kazaa\My Shared Folder
HKEY_CURRENT_USER\Software\Kazaa\UserDetails AutoConnected 0
HKEY_CURRENT_USER\Software\Kazaa\UserDetails +
HKEY_CURRENT_USER\Software\Kazaa\UserDetails FirstRunDlg 1
HKEY_CURRENT_USER\Software\Kazaa\UserDetails CountryCode US
HKEY_CURRENT_USER\Software\Kazaa\UserDetails UserName Generand
HKEY_CURRENT_USER\Software\Kazaa Tmp 0
HKEY_CURRENT_USER\Software\Kazaa LastSearchHash
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa\Type urn:kzhash 0
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa\Type urn:topsearch 0
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa\Type http 0
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Kazaa Media Desktop
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa kt 0
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Description Download files using Kazaa Media Desktop
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa ShellExecute "G:\Program Files\Kazaa\kazaa.exe" /url "%URL"
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa DdeApplication Kazaa
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa DdeTopic URL
HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}\TreatAs {0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
HKEY_LOCAL_MACHINE\software\sharman networks ltd
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225}
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Instal
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} DisplayName Kazaa 3.0
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} LogFile C:\Program Files\InstallShield Installation Information\{38C76428-6C9C-4CC6-B747-3AB6A4770225}\setup.ilg
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} ProductGuid {38C76428-6C9C-4CC6-B747-3AB6A4770225}
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} InstallLocation G:\Program Files\Kazaa
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} DisplayVersion 3.0
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} Version 50331648
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} MajorVersion 3
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} MinorVersion 0
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} LogMode 1


My Way Speedbar Potentially Unwanted Program more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted


Altnet P2P Networking Low Risk Adware more information...
Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\Contains\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\DownloadInformation CODEBASE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\DownloadInformation INF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\InstalledVersion 1,1,0,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468e-B848-2B2E8E697B74} 2 %SystemRoot%\System32\P2P Networking v126.cpl
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0


Need2FindBar Potentially Unwanted Program more information...
Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Need2Find
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.32105)
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Id FD427B2C-D1C0-4DFF-AF45-4410A21B49BD
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pid KB
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Program Files\Need2Find\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 3
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar PluginPath C:\Program Files\Need2Find\bar\1.bin\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Build 143.33430
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CacheDir C:\Program Files\Need2Find\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Visible 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar SettingsDir C:\Program Files\Need2Find\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigDateStamp 2005092610
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HTMLMenuRevision 86
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Flags 530
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CfgUrl http://km.barcfg.need2find.com/speedbar/my...p?s=kb&p=KM
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HistoryDir C:\Program Files\Need2Find\bar\History\


RealVNC Commercial Remote Control Tool more information...
Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\ORL\VNCHooks
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\Hpqdirec.exe use_GetUpdateRect 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\Hpqdirec.exe use_Timer 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\Hpqdirec.exe use_KeyPress 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\Hpqdirec.exe use_LButtonUp 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\Hpqdirec.exe use_MButtonUp 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\Hpqdirec.exe use_RButtonUp 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\Hpqdirec.exe use_Deferral 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpqtra08.exe use_GetUpdateRect 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpqtra08.exe use_Timer 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpqtra08.exe use_KeyPress 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpqtra08.exe use_LButtonUp 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpqtra08.exe use_MButtonUp 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpqtra08.exe use_RButtonUp 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpqtra08.exe use_Deferral 1


FullContext.EQAdvice Adware (General) more information...
Details: FullContext.EQAdvice is an advertising program that displays ads and allows the installation of other adware.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html
HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html RXResult MIME Filter


Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\generand\cookies\generand@atdmt[2].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\generand\cookies\generand@doubleclick[1].txt


Cookie: LookSmart Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\generand\cookies\generand@looksmart[1].txt

#7 Generand

Generand
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 19 September 2006 - 09:59 PM

New HJT log

Logfile of HijackThis v1.99.1
Scan saved at 9:56:18 PM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\wanmpsvc.exe
G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
G:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
G:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
G:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: (no name) - {183FD617-33F3-6D0F-A4DE-1343C46BA49E} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xrrrilv.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SunServer] G:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] G:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141353034375
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CWShredder Service - Unknown owner - c:\program files\InterMute\SpySubtract\CWShredder.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - G:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:55 AM

Posted 20 September 2006 - 04:57 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: (no name) - {183FD617-33F3-6D0F-A4DE-1343C46BA49E} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xrrrilv.exe



Reboot your computer and post a new hijackthis log.
Let me know of any problems that you are still having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Generand

Generand
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 20 September 2006 - 09:24 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:21:19 PM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
G:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
G:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
G:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SunServer] G:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141353034375
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CWShredder Service - Unknown owner - c:\program files\InterMute\SpySubtract\CWShredder.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - G:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#10 Generand

Generand
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 20 September 2006 - 10:06 PM

after reboot, i ran ad aware and came up with 8 critical objects and errors. Should I be worried? here is the log of that scan. i will post another HJT scan after I clean up these errors


Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, September 20, 2006 9:24:23 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R123 14.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):12 total references
Tracking Cookie(TAC index:3):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


9-20-2006 9:24:23 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Generand\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1904607352-4097411637-2529006832-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1904607352-4097411637-2529006832-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1904607352-4097411637-2529006832-1005\software\microsoft\terminal server client\default
Description : list of recent systems connected to using remote desktop / terminal services


MRU List Object Recognized!
Location: : S-1-5-21-1904607352-4097411637-2529006832-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1904607352-4097411637-2529006832-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1904607352-4097411637-2529006832-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1904607352-4097411637-2529006832-1005\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1904607352-4097411637-2529006832-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 900
ThreadCreationTime : 9-21-2006 2:17:31 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 960
ThreadCreationTime : 9-21-2006 2:17:33 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 984
ThreadCreationTime : 9-21-2006 2:17:33 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1028
ThreadCreationTime : 9-21-2006 2:17:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1040
ThreadCreationTime : 9-21-2006 2:17:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1204
ThreadCreationTime : 9-21-2006 2:17:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1260
ThreadCreationTime : 9-21-2006 2:17:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1504
ThreadCreationTime : 9-21-2006 2:17:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 1528
ThreadCreationTime : 9-21-2006 2:17:34 AM
BasePriority : Normal
FileVersion : 4, 3, 18, 0
ProductVersion : 4, 3, 18, 0
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1712
ThreadCreationTime : 9-21-2006 2:17:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1840
ThreadCreationTime : 9-21-2006 2:17:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 140
ThreadCreationTime : 9-21-2006 2:17:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 416
ThreadCreationTime : 9-21-2006 2:17:42 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [ezsp_px.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 9-21-2006 2:17:44 AM
BasePriority : Normal


#:15 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0\bin\
ProcessID : 628
ThreadCreationTime : 9-21-2006 2:17:44 AM
BasePriority : Normal


#:16 [sunserver.exe]
FilePath : G:\Program Files\Sunbelt Software\CounterSpy\Consumer\
ProcessID : 636
ThreadCreationTime : 9-21-2006 2:17:44 AM
BasePriority : Normal
FileVersion : 1.05.0082
ProductVersion : 1.05.0082
ProductName : CounterSpy
CompanyName : Sunbelt Software
InternalName : SunServer
LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved.
OriginalFilename : SunServer.exe

#:17 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 644
ThreadCreationTime : 9-21-2006 2:17:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:18 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 652
ThreadCreationTime : 9-21-2006 2:17:44 AM
BasePriority : Normal
FileVersion : 8.0.0812.00
ProductVersion : 8.0.0812
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe

#:19 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\
ProcessID : 660
ThreadCreationTime : 9-21-2006 2:17:44 AM
BasePriority : Normal
FileVersion : 1, 0, 720, 3640
ProductVersion : 1, 0, 720, 3640
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:20 [jucheck.exe]
FilePath : C:\Program Files\Java\jre1.5.0\bin\
ProcessID : 668
ThreadCreationTime : 9-21-2006 2:17:44 AM
BasePriority : Normal
FileVersion : 1.5.0.0
ProductVersion : 1.5.0.0
ProductName : Java™ 2 Platform Standard Edition 5.0
CompanyName : Sun Microsystems, Inc.
FileDescription : Java™ Update Checker
InternalName : Java™ Update Checker
LegalCopyright : Copyright © 2004
OriginalFilename : jucheck.exe

#:21 [waol.exe]
FilePath : C:\Program Files\America Online 9.0a\
ProcessID : 708
ThreadCreationTime : 9-21-2006 2:17:45 AM
BasePriority : Idle


#:22 [hotsync.exe]
FilePath : C:\Program Files\Sony Handheld\
ProcessID : 752
ThreadCreationTime : 9-21-2006 2:17:45 AM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:23 [sunprotectionserver.exe]
FilePath : G:\Program Files\Sunbelt Software\CounterSpy\Consumer\
ProcessID : 796
ThreadCreationTime : 9-21-2006 2:17:46 AM
BasePriority : Normal
FileVersion : 1.02.0097
ProductVersion : 1.02.0097
ProductName : CounterSpy
CompanyName : Sunbelt Software
FileDescription : CounterSpy Active Protection
InternalName : SunProtectionServer
LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved.
OriginalFilename : SunProtectionServer.exe

#:24 [sunthreatengine.exe]
FilePath : G:\Program Files\Sunbelt Software\CounterSpy\Consumer\
ProcessID : 844
ThreadCreationTime : 9-21-2006 2:17:48 AM
BasePriority : Normal
FileVersion : 1.02.0097
ProductVersion : 1.02.0097
ProductName : CounterSpy
CompanyName : Sunbelt Software
FileDescription : CounterSpy Threat Audit Engine
InternalName : sunThreatEngine
LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved.
OriginalFilename : sunThreatEngine.exe

#:25 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1876
ThreadCreationTime : 9-21-2006 2:18:20 AM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:26 [aoltsmon.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1888
ThreadCreationTime : 9-21-2006 2:18:20 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:27 [hwapi.exe]
FilePath : C:\Program Files\Common Files\McAfee\HackerWatch\
ProcessID : 1936
ThreadCreationTime : 9-21-2006 2:18:20 AM
BasePriority : Normal
FileVersion : 8.0.162.0
ProductVersion : 8.0.162.0
ProductName : McAfee HackerWatch Service
CompanyName : McAfee, Inc.
FileDescription : McAfee HackerWatch Service
LegalCopyright : © McAfee, Inc. All rights reserved.
OriginalFilename : HWAPI.exe

#:28 [mclogsrv.exe]
FilePath : C:\PROGRA~1\McAfee\MSC\
ProcessID : 1968
ThreadCreationTime : 9-21-2006 2:18:20 AM
BasePriority : Normal
FileVersion : 7,0,327,0
ProductVersion : 7,0,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : MSC Log Manager
InternalName : mclogsrv
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mclogsrv.exe

#:29 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1996
ThreadCreationTime : 9-21-2006 2:18:20 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™ Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:30 [mcupdmgr.exe]
FilePath : C:\PROGRA~1\McAfee\MSC\
ProcessID : 208
ThreadCreationTime : 9-21-2006 2:18:20 AM
BasePriority : Normal
FileVersion : 7,0,327,0
ProductVersion : 7,0,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Update Manager Service
InternalName : mcupdmgr
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mcupdmgr.exe

#:31 [mcnasvc.exe]
FilePath : c:\program files\common files\mcafee\mna\
ProcessID : 380
ThreadCreationTime : 9-21-2006 2:18:26 AM
BasePriority : Normal
FileVersion : 1,0,178,0
ProductVersion : 1,0,0,0
ProductName : McAfee Integrated Security Platform
CompanyName : McAfee, Inc.
FileDescription : McAfee Network Agent
InternalName : McNASvc
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McNASvc.exe

#:32 [mcods.exe]
FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\
ProcessID : 1612
ThreadCreationTime : 9-21-2006 2:18:27 AM
BasePriority : Normal
FileVersion : 11,0,210,0
ProductVersion : 11,0,0,0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan - On Demand Scan
InternalName : mcods.exe
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mcods.exe

#:33 [mcpromgr.exe]
FilePath : C:\PROGRA~1\McAfee\MSC\
ProcessID : 572
ThreadCreationTime : 9-21-2006 2:18:28 AM
BasePriority : Normal
FileVersion : 7,0,327,0
ProductVersion : 7,0,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Integrated Security Platform
InternalName : McProMgr
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McProMgr.exe

#:34 [redirsvc.exe]
FilePath : c:\PROGRA~1\COMMON~1\mcafee\redirsvc\
ProcessID : 584
ThreadCreationTime : 9-21-2006 2:18:28 AM
BasePriority : Normal
FileVersion : 1,0,205,0
ProductVersion : 1,0,0,0
ProductName : McAfee Redirector
CompanyName : McAfee, Inc.
FileDescription : McAfee Redirector Service Module
InternalName : McRedirector
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : RedirSvc.exe
Comments : McAfee Redirector Service

#:35 [mcshield.exe]
FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\
ProcessID : 1044
ThreadCreationTime : 9-21-2006 2:18:28 AM
BasePriority : High


#:36 [mcsysmon.exe]
FilePath : C:\PROGRA~1\McAfee\VIRUSS~1\
ProcessID : 1312
ThreadCreationTime : 9-21-2006 2:18:28 AM
BasePriority : Normal
FileVersion : 11,0,286,0
ProductVersion : 11,0,0,0
ProductName : McAfee VirusScan API
CompanyName : McAfee, Inc.
FileDescription : McAfee SystemGuards Service
InternalName : sysmon
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : sysmon.exe

#:37 [mctskshd.exe]
FilePath : C:\PROGRA~1\McAfee\MSC\
ProcessID : 1392
ThreadCreationTime : 9-21-2006 2:18:30 AM
BasePriority : Normal
FileVersion : 7,0,327,0
ProductVersion : 7,0,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Tqsk Scheduler
InternalName : McTskShd
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : mctskshd.exe

#:38 [mcusrmgr.exe]
FilePath : C:\PROGRA~1\McAfee\MSC\
ProcessID : 1444
ThreadCreationTime : 9-21-2006 2:18:30 AM
BasePriority : Normal
FileVersion : 7,0,327,0
ProductVersion : 7,0,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : MISP User Manager
InternalName : McUsrMgr
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McUsrMgr.exe

#:39 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1452
ThreadCreationTime : 9-21-2006 2:18:30 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:40 [mpfsrv.exe]
FilePath : C:\Program Files\McAfee\MPF\
ProcessID : 1484
ThreadCreationTime : 9-21-2006 2:18:31 AM
BasePriority : Normal
FileVersion : 8.0.207.0
ProductVersion : 8.0.207.0
ProductName : McAfee Personal Firewall
CompanyName : McAfee, Inc.
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:41 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2112
ThreadCreationTime : 9-21-2006 2:18:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:42 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2348
ThreadCreationTime : 9-21-2006 2:18:34 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:43 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 2404
ThreadCreationTime : 9-21-2006 2:18:35 AM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:44 [spysweeper.exe]
FilePath : G:\Program Files\Webroot\Spy Sweeper\
ProcessID : 2512
ThreadCreationTime : 9-21-2006 2:18:36 AM
BasePriority : Normal
FileVersion : 3,0,7,1608
ProductVersion : 3, 0
ProductName : Spy Sweeper SDK
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper Engine
LegalCopyright : Copyright © 2002 - 2006, All Rights Reserved.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
OriginalFilename : SpySweeper.exe

#:45 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 3008
ThreadCreationTime : 9-21-2006 2:19:22 AM
BasePriority : Normal
FileVersion : 7,0,330,0
ProductVersion : 7,0,0,0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc.
FileDescription : McAfee Integrated Security Platform
InternalName : McAgent
LegalCopyright : Copyright © 2006 McAfee, Inc.
OriginalFilename : McAgent.exe

#:46 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3744
ThreadCreationTime : 9-21-2006 2:19:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:47 [shellmon.exe]
FilePath : C:\Program Files\America Online 9.0a\
ProcessID : 3896
ThreadCreationTime : 9-21-2006 2:19:44 AM
BasePriority : Normal


#:48 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 4072
ThreadCreationTime : 9-21-2006 2:20:00 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:49 [ad-aware.exe]
FilePath : G:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3956
ThreadCreationTime : 9-21-2006 2:24:08 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : generand@edge.ru4[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:generand@edge.ru4.com/
Expires : 9-11-2036 10:05:22 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : generand@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:35
Value : Cookie:generand@2o7.net/
Expires : 9-19-2011 7:41:48 PM
LastSync : Hits:35
UseCount : 0
Hits : 35

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : generand@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:generand@doubleclick.net/
Expires : 9-19-2009 3:47:12 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : generand@overstock[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:35
Value : Cookie:generand@overstock.com/
Expires : 2-19-2020 9:28:00 AM
LastSync : Hits:35
UseCount : 0
Hits : 35

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : generand@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:generand@atdmt.com/
Expires : 9-18-2011 7:00:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : generand@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:28
Value : Cookie:generand@advertising.com/
Expires : 9-19-2011 3:47:14 PM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : generand@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:generand@zedo.com/
Expires : 9-17-2016 6:59:06 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : generand@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:generand@casalemedia.com/
Expires : 9-11-2007 11:47:30 AM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 20



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 20




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20

9:54:37 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:30:13.79
Objects scanned:268883
Objects identified:8
Objects ignored:0
New critical objects:8

#11 Generand

Generand
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 20 September 2006 - 10:07 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:05:16 PM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
G:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
G:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
G:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SunServer] G:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141353034375
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CWShredder Service - Unknown owner - c:\program files\InterMute\SpySubtract\CWShredder.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - G:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - G:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#12 Generand

Generand
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 20 September 2006 - 10:10 PM

Also, my wife has been using Friendster to communicate with some of her friends overseas. It was about this time that the adware started popping up. Is there a way for her to use this, but set up my computer to prevent the adware from being put into my computer? Thanks a lot for your help!

#13 Generand

Generand
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 21 September 2006 - 12:03 PM

Counterspy ran last night and I came up with this log after identifying 9 items

Spyware Scan Details
Start Date: 9/21/2006 2:00:09 AM
End Date: 9/21/2006 2:55:14 AM
Total Time: 55 mins 5 secs

Detected spyware

Cookie: ad.yieldmanager Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\generand\cookies\generand@ad.yieldmanager[2].txt


Cookie: Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\generand\cookies\generand@advertising[2].txt


Cookie: PriceBandit Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\generand\cookies\generand@apmebf[2].txt


Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\generand\cookies\generand@atdmt[2].txt


Cookie: Bravenet.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\generand\cookies\generand@bravenet[1].txt


Cookie: Com.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\generand\cookies\generand@com[1].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\generand\cookies\generand@doubleclick[1].txt


Cookie: Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\generand\cookies\generand@mediaplex[1].txt


Cookie: statcounter.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\documents and settings\generand\cookies\generand@statcounter[1].txt



Are any of these adware or are these just normal computer functions. Please advise and I do thank you for all of your help. I currently am not receiving any pop-ups at this time, and I'd like to keep it that way.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:55 AM

Posted 21 September 2006 - 04:19 PM

Everything that you are finding now has just been cookies. Cookies are not necessarily bad, and certainly not critical. In fact, most cookies are quite helpful. You're almost always going to have cookies show up in your malware scans. They're not anything to be concerned about. Just let your antispyware apps remove the ones that they don't like and you'll be fine. :thumbsup:


Your log is clean! :flowers:


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:huh: :huh:




I don't know enough about Friendster to know if it installs adware or not, but I doubt it. Follow the steps outlined above and use good common sense and you'll be fine no matter what site you visit. :huh:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Generand

Generand
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 21 September 2006 - 09:55 PM

Thanks so much, I really appreciated your time and your help! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users