|
|
||
08-26-2008, 10:27 AM
|
#1 (permalink) |
|
Bronze Member
 Join Date: Apr 2008
Posts: 45
|
computer definitely infected
my computer is definitely infected with something all kinds of adds for stuff pop up and come threw my speakers but theres nothing to close out i have to pull up the windows task manager and it shows that its an internet explorer program
|
|
|
|
08-26-2008, 11:15 AM
|
#2 (permalink) |
|
Moderator
 
Join Date: Dec 2005
Location: Melbourne, Australia
Age: 22
Posts: 5,418
|
Post a HijackThis log and we'll take it from there:
Please download the HijackThis installer from http://www.trendsecure.com/portal/en...HJTInstall.exe. Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis. Click Do a system scan and save a logfile When the Notepad window opens choose Edit -> Select All to select the entire log, and copy and paste the log into a reply post. Most of what it lists will be harmless or even essential, don't fix anything yet.
__________________
CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870 RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. |
|
|
|
|
08-26-2008, 11:17 AM
|
#3 (permalink) |
|
Diamond Member
 
Join Date: Jul 2008
Location: Suceava, Ro
Posts: 1,221
|
1. Use and post a log after running ComboFix; here are download links and instructions: http://www.bleepingcomputer.com/comb...o-use-combofix
2. Post a fresh HijackThis log. Here is a download link: http://www.download.com/Trend-Micro-...-10227353.html
__________________
There are 10 kinds of people: those who understand binary and those who don't. If only DEAD people understand hexadecimal, how many people understand hexadecimal? Real programmers confuse Halloween and Christmas — because dec(25) = oct(31). |
|
|
|
|
08-27-2008, 06:50 PM
|
#4 (permalink) |
|
Bronze Member
Join Date: Apr 2008
Posts: 45
|
ok here we go
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:48:25 PM, on 8/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\inf\svchoct.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft Works\WksSb.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Ahead\InCD\InCD.exe C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\system32\AFinding.exe C:\WINDOWS\system32\afisicx.exe C:\Program Files\Verizon Online\bin\mpbtn.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\WINDOWS\smss.exe C:\WINDOWS\system32\macidwe.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system\proxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\NewDotNet\nnrun.exe C:\WINDOWS\system32\Nobicyt.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\noxtcyr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\roxtctm.exe C:\WINDOWS\system32\sobicyt.exe C:\WINDOWS\system32\tdxdowkc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\system32\WServing.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\wsldoekd.exe C:\Program Files\NewDotNet\nnrun.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\1024\SVCHOST.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\oduxftw.sys C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w...bjj/DrdfyWPdc= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=w...xwWdHTOxaaBt4= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\1024\SVCHOST.EXE" O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\1024\SVCHOST.EXE" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [minitnyus] C:\WINDOWS\system32\inf\svchosd.exe C:\WINDOWS\wftadfi16_080821a.dll tanlt88 O4 - HKLM\..\Policies\Explorer\Run: [mininyust] C:\WINDOWS\system32\inf\svchoct.exe C:\WINDOWS\wftadfi16_080825a.dll tanlt88 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\CreataCard\Gold\fmrmd32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: moffice.lnk = C:\WINDOWS\system\sgcxcxxaspf080823.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: Encarta &Definition - http://encarta.msn.com/encnet/featur...Dictionary.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\mmchost.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mmchost.dll O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb028.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/...2/axofupld.cab O16 - DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} - http://www.antivirusxp08.net/tools/virusremover.dll O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINDOWS\system32\AFinding.exe O23 - Service: afisicx Manages messages (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\SYSTEM~1\autocomp.exe (file missing) O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Internet Service - Unknown owner - C:\WINDOWS\smss.exe O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe O23 - Service: MsService - Unknown owner - C:\WINDOWS\system\proxy.exe O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe O23 - Service: nobicyt Service (nobicyt) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: noxtcyr Manages messages (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: roxtctm Co. Ltd. (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe O23 - Service: sobicyt Service (sobicyt) - Unknown owner - C:\WINDOWS\system32\sobicyt.exe O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe O23 - Service: wsldoekd Settings storage service (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe -- End of file - 10892 bytes |
|
|
|
|
08-27-2008, 10:23 PM
|
#5 (permalink) |
|
Moderator
 
Join Date: Sep 2005
Location: Near Joliet Illinois
Age: 39
Posts: 3,612
|
You have a bunch of bad stuff on there. Download and run combofix from here.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe After that has run come back here and post the log that it displays along with a new hijackthis log.
__________________
Motherboard - Gigabyte GA-EP45-UD3R CPU - E8400 Memory - 2GB Corsair XMS2 (2x 1gb) Graphics - ATI HD3870 Hard Drives - 250GB Seagate DVD Drive - Lite-On DVD Burner - Lite-On Power Supply - Rosewill RP600V2-S-SL 600W 22" Acer widescreen AL2216WBD |
|
|
|
|
08-27-2008, 11:21 PM
|
#6 (permalink) | |
|
Diamond Member
 
Join Date: Jan 2008
Location: Melbourne, Australia
Age: 15
Posts: 8,361
|
Quote:
Thanks.
__________________
Cohen |
|
|
|
|
|
08-28-2008, 06:59 AM
|
#7 (permalink) |
|
Moderator
Join Date: Dec 2005
Location: Melbourne, Australia
Age: 22
Posts: 5,418
|
This system is very badly infected.
Please download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to C:\SDFix You may wish to print out these instructions or copy them to a notepad document since you will be unable to access the Internet while in Safe Mode to read from this site. Please then reboot your computer in Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list).
Please download Malwarebytes' Anti-Malware to your desktop.
Please post
__________________
CPU: Core 2 Duo E6600 / MOBO: Gigabyte 965P-DS3 / GPU: Gigabyte HD4870 RAM: 2GB G.Skill F2-6400CL4D-2GBPK / HDD: 2TB Total HDD / PSU: Antec NeoPower 480W Cheap PSUs - 2% of system costs, responsible for 28% of system deaths As Sealed Stick was removed, lost or damaged, it shall be out of warranty validity. - The "Warranty void if removed" sticker on numerous CoolerMaster PSUs. |
|
|
|
|
08-28-2008, 10:17 AM
|
#8 (permalink) |
|
Bronze Member
Join Date: Apr 2008
Posts: 45
|
SDFix
SDFix: Version 1.219
Run by michele on Thu 08/28/2008 at 03:14 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Name : afinding macidwe nobicyt perfs routing sobicyt tdxdowkc wserving Path : C:\WINDOWS\system32\AFinding.exe C:\WINDOWS\system32\macidwe.exe C:\WINDOWS\system32\Nobicyt.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\sobicyt.exe C:\WINDOWS\system32\tdxdowkc.exe C:\WINDOWS\system32\WServing.exe afinding - Deleted macidwe - Deleted nobicyt - Deleted perfs - Deleted routing - Deleted sobicyt - Deleted tdxdowkc - Deleted wserving - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\AFinding.exe - Deleted C:\WINDOWS\system32\atsxyzd.sys - Deleted C:\WINDOWS\system32\comsa32.sys - Deleted C:\WINDOWS\system32\edtxfst.sys - Deleted C:\WINDOWS\system32\macidwe.exe - Deleted C:\WINDOWS\system32\Nobicyt.exe - Deleted C:\WINDOWS\system32\perfs.exe - Deleted C:\WINDOWS\system32\routing.exe - Deleted C:\WINDOWS\system32\rtl60.bpl - Deleted C:\WINDOWS\system32\sobicyt.exe - Deleted C:\WINDOWS\system32\tdxdowkc.exe - Deleted C:\WINDOWS\system32\WServing.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-28 03:21:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\Documents and Settings\michele\Cookies\system@narutoanko[2].txt 372 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Abacast\\Abaclient.exe"="C:\\Program Files\\Abacast\\Abaclient.exe:*  isabled:Abaclient ""C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:* isabled:Internet Explorer""C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:* isabled:R ealPlayer""C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\Common Files\\AOL\\1143661978\\ee\\aolsoftware.exe"="C:\\ Program Files\\Common Files\\AOL\\1143661978\\ee\\aolsoftware.exe:*:Enab led:AOL Services" "C:\\Program Files\\Common Files\\AOL\\1143661978\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1143661978\\ee\\aim6.exe:*:Enabled:AIM " "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\system32\\1024\\SVCHOST.EXE"="C:\\WI NDOWS\\system32\\1024\\SVCHOST.EXE:*:Enabled:SVCHO ST.EXE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 27 Aug 2008 15,360 A..H. --- "C:\WINDOWS\system32\dbi102.dll" Wed 27 Aug 2008 14,848 A..H. --- "C:\WINDOWS\system32\zordisa.dll" Mon 7 Jul 2008 26,624 ...H. --- "C:\Documents and Settings\michele\My Documents\~WRL3746.tmp" Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\michele\Application Data\U3\temp\Launchpad Removal.exe" Finished! |
|
|
|
|
08-28-2008, 10:18 AM
|
#9 (permalink) |
|
Bronze Member
Join Date: Apr 2008
Posts: 45
|
Malwarebytes
Malwarebytes' Anti-Malware 1.25
Database version: 1090 Windows 5.1.2600 Service Pack 2 3:57:15 AM 8/28/2008 mbam-log-08-28-2008 (03-57-15).txt Scan type: Full Scan (C:\|G:\|) Objects scanned: 80063 Time elapsed: 28 minute(s), 5 second(s) Memory Processes Infected: 2 Memory Modules Infected: 1 Registry Keys Infected: 20 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 40 Files Infected: 81 Memory Processes Infected: C:\WINDOWS\system\proxy.exe (Trojan.Proxy) -> Unloaded process successfully. C:\WINDOWS\smss.exe (Trojan.Agent) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\MSSqlServer.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m sservice (Trojan.Proxy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\m sservice (Trojan.Proxy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\msservice (Trojan.Proxy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransp orterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{014da6c4-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{014da6c6-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{014da6cc-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d714a94f-123a-45cc-8f03-040bcaf82ad6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\c:/windows/downloaded program files/sbcie028.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Internet Service (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i nternet service (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\i nternet service (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\saap (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\starware358 (Adware.Starware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\starware358 (Adware.Starware) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\SbCIe028.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Adware.Starware) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Application Data\Starware358 (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\buttons (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\contexts (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\EntertainmentMarketingSP (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\EntertainmentMarketingSP\images (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\EntertainmentMarketingSP\images\a ctive (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\EntertainmentMarketingSP\images\d efault (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\Games (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\Games\images (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\Movies (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\Movies\images (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\ScreensaversMarketingSitePager\im ages (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\ScreensaversMarketingSitePager\im ages\active (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\ScreensaversMarketingSitePager\im ages\default (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358 (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\CelebrityNews (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\CelebritySearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Configurator (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\EntertainmentMarketingSP (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Games (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Layouts (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Manager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Movies (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Toolbar (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system\proxy.exe (Trojan.Proxy) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\SbCIe028.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5BA07873-9C5D-45AE-BC15-5B1489014F3D}\RP1724\A0131244.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5BA07873-9C5D-45AE-BC15-5B1489014F3D}\RP1730\A0131374.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5BA07873-9C5D-45AE-BC15-5B1489014F3D}\RP1730\A0132231.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5BA07873-9C5D-45AE-BC15-5B1489014F3D}\RP1730\A0132257.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5BA07873-9C5D-45AE-BC15-5B1489014F3D}\RP1731\A0132282.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\dcbdcatys32_080827a.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\U28B33D60.exe (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\buttons\celebrity_news.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\buttons\celebrity_search.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\EntertainmentMarketingSP\images\a ctive\EntertainmentMarketingSP0.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\ScreensaversMarketingSitePager\im ages\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\ProductMessagingConf ig.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\ProductMessagingConf ig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\SimpleUpdateConfig.x ml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\SimpleUpdateConfig.x ml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\TimerManagerConfig.x ml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\TimerManagerConfig.x ml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\BrowserSearch\BrowserSearch.xml.b ackup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\CelebrityNews\CelebrityNewsOption s.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\CelebrityNews\CelebrityNewsOption s.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\CelebritySearch\CelebritySearchOp tions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\CelebritySearch\CelebritySearchOp tions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Configurator\Configurator.xml.bac kup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\EntertainmentMarketingSP\Entertai nmentMarketingSPOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\EntertainmentMarketingSP\Entertai nmentMarketingSPOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\ErrorSearch\ErrorSearchOptions.xm l (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\ErrorSearch\ErrorSearchOptions.xm l.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Layouts\PitchLayout.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Layouts\PitchLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\RelatedSearch\RelatedSearchOption s.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\RelatedSearch\RelatedSearchOption s.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\ScreensaversMarketingSitePager\Sc reensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\SearchAssistPlus\SearchAssistPlus Options.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\SearchAssistPlus\SearchAssistPlus Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\SearchMatch\SearchMatchOptions.xm l (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\SearchMatch\SearchMatchOptions.xm l.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\Toolbar\TBProductsOptions.xml.bac kup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\ToolbarLogo\ToolbarLogoOptions.xm l (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\ToolbarLogo\ToolbarLogoOptions.xm l.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\ToolbarSearch\ToolbarSearchOption s.xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\ToolbarSearch\ToolbarSearchOption s.xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\TravelSearch\TravelSearchOptions. xml (Adware.Starware) -> Quarantined and deleted successfully. C:\Documents and Settings\michele\Application Data\Starware358\TravelSearch\TravelSearchOptions. xml.backup (Adware.Starware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\1024\svchost.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\dbi102.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\inf\scsys16_080827.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\inf\sppdcrs080827.scr (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\MSSqlServer.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\wftadfi16_080825a.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\wftadfi16_080827a.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system\sgcxcxxaspf080827.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
|
|
|
|
08-28-2008, 10:19 AM
|
#10 (permalink) |
|
Bronze Member
Join Date: Apr 2008
Posts: 45
|
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:49 AM, on 8/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NewDotNet\nnrun.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\wltrysvc.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\NewDotNet\nnrun.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Microsoft Works\WksSb.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Verizon Online\bin\mpbtn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\dwbins.exe C:\WINDOWS\system32\inf\svchoct.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\noxtcyr.exe C:\WINDOWS\system32\wsldoekd.exe C:\WINDOWS\system32\afisicx.exe C:\WINDOWS\system32\roxtctm.exe C:\WINDOWS\system32\tdxdowkc.exe C:\WINDOWS\system32\macidwe.exe C:\WINDOWS\system32\sotpeca.exe C:\WINDOWS\system32\xdufytw.sys C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=w...xwWdHTOxaaBt4= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [mininyust] C:\WINDOWS\system32\inf\svchoct.exe C:\WINDOWS\wftadfi16_080827a.dll tanlt88 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\CreataCard\Gold\fmrmd32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: moffice.lnk = C:\WINDOWS\system\sgcxcxxaspf080823.exe O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: Encarta &Definition - http://encarta.msn.com/encnet/featur...Dictionary.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\mmchost.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mmchost.dll O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb028.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/...2/axofupld.cab O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: afisicx Manages messages (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\SYSTEM~1\autocomp.exe (file missing) O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: macidwe Manages messages (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: noxtcyr Manages messages (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: roxtctm Co. Ltd. (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe O23 - Service: sotpeca Event propagation service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe O23 - Service: tdxdowkc Settings storage service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O23 - Service: wsldoekd Settings storage service (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe -- End of file - 9605 bytes |
|
|
|
 |
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Is this a virus or Just stupid people working on my computer? | alan48 | Computer Security | 5 | 04-25-2009 10:57 PM |
| computer infected bigtime | johnb35 | Computer Security | 3 | 01-14-2008 11:46 AM |
| Hijackthis Log-Inability to open Task Manager | kobaj | Computer Security | 7 | 12-26-2007 04:25 AM |
| Computer is infected bad! | royal | Computer Security | 1 | 07-23-2006 06:45 AM |
| Help! Computer Is Infected | navelorange | Computer Security | 3 | 07-14-2006 11:49 PM |
Linear Mode
