Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please Help Me With My Logs

Started by craft94 , Sep 09 2007 04:56 PM

  • This topic is locked This topic is locked
No replies to this topic

#1 craft94

craft94

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 09 September 2007 - 04:56 PM

I have been unable to access the internet via IE, have a good connection, able to access email, can access internet only in safe mode with networking. Adaware, spybot, and AVG found nothing. Below in my log and the combo fix report please help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:01 PM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Sweet Daddio\Desktop\Downloads\HiJackThis.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presari...t...c02&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...t...c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presari...t...c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presari...t...c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp4,0,2,2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {DE3BACC5-6616-425C-960F-3D7427865791} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1179799732671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1179797900375
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 7984 bytes



COMBOFIX

ComboFix 07-09-10.2 - "Sweet Daddio" 2007-09-09 18:43:32.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.245 [GMT -4:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\SWEETM~1\APPLIC~1\FunWebProducts
C:\WINDOWS\windows_messenger.exe


((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.

2007-09-09 18:43 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 18:40 <DIR> d-------- C:\VundoFix Backups
2007-09-08 19:58 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-02 14:23 <DIR> d-------- C:\WINDOWS\lhsp
2007-09-02 14:22 630,784 --a------ C:\WINDOWS\system32\tlpSounds.dll
2007-09-02 14:22 180,224 --a------ C:\WINDOWS\system32\ijL11.dll
2007-09-02 14:22 <DIR> d-------- C:\Program Files\TheLearningPit
2007-08-25 09:03 <DIR> d-------- C:\DOCUME~1\SWEETD~1\APPLIC~1\Google
2007-08-24 20:47 <DIR> d-------- C:\DOCUME~1\SWEETM~1\APPLIC~1\Google
2007-08-24 11:59 <DIR> d-------- C:\My Games
2007-08-24 11:58 <DIR> d-------- C:\My Download Files
2007-08-24 11:57 774,144 --a------ C:\Program Files\RngInterstitial.dll
2007-08-24 11:56 <DIR> d-------- C:\DOCUME~1\SWEETS~1\APPLIC~1\Google
2007-08-24 11:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-24 11:54 <DIR> d-------- C:\Program Files\Google
2007-08-22 22:08 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-08-22 22:08 118,784 --a------ C:\WINDOWS\system32\vbalNCSM6.dll
2007-08-22 22:08 101,888 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2007-08-22 22:06 <DIR> d-------- C:\Program Files\eGames
2007-08-22 18:25 <DIR> d-------- C:\WINDOWS\pss
2007-08-21 22:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-08-21 22:35 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-08-21 22:35 <DIR> d-------- C:\DOCUME~1\SWEETM~1\APPLIC~1\iWin
2007-08-11 20:54 <DIR> d---s---- C:\DOCUME~1\SWEETM~1\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-02 14:25 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-28 21:28 --------- d-------- C:\Program Files\Freeze.com Toolbar
2007-08-24 11:56 --------- d-------- C:\Program Files\Real
2007-07-31 20:20 --------- d-------- C:\Program Files\Freeze.com
2007-07-31 20:16 --------- d-------- C:\Program Files\The Weather Channel FW
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-12 03:03 --------- d-------- C:\Program Files\OneStepSearch
2007-07-11 22:28 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-11 12:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winferno
2007-07-11 11:09 --------- d-------- C:\DOCUME~1\SWEETS~1\APPLIC~1\Viewpoint
2007-07-11 11:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-07-10 23:19 --------- d-------- C:\Program Files\KONAMI
2007-07-10 15:40 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-09 22:05 --------- d-------- C:\Program Files\DreamWorks Interactive
2007-06-26 11:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:09 658944 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-21 17:57 359808 --a------ C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 14:09 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 14:09 615424 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 14:09 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 14:09 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 14:09 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 14:09 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 14:09 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 14:09 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 14:09 3058688 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 14:09 251392 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 14:09 205312 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 14:09 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 14:09 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 14:09 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 14:09 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 14:09 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 14:09 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 10:07 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 06:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2002-01-02 19:06 C:\WINDOWS\system32\carpserv.exe]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-01-22 17:46]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 17:34]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 16:45]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 13:00]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 13:00]
"AutoLogon"="" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-29 18:50]
"nwiz"="nwiz.exe" [2004-10-29 18:50 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-10-29 18:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 06:50]
"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-12-14 15:01]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" []

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-13 13:00:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys
R1 EAWDMFD;EAWDMFD;C:\WINDOWS\system32\drivers\EAWDMFD.sys
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K);C:\WINDOWS\system32\DRIVERS\eaps2kbd.sys
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys
S2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service
S2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
S3 gel90xne;gel90xne;\??\C:\DOCUME~1\SWEETS~1\LOCALS~1\Temp\gel90xne.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-06 15:38:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-05-21 05:14:50 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2007-05-21 05:14:50 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2007-06-05 00:20:00 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2007-09-03 13:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 18:45:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-10 18:46:11
C:\ComboFix-quarantined-files.txt ... 2007-09-10 18:46
.
--- E O F ---

    Advertisements

Register to Remove

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·