Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91734 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Problem with Netproject


  • Please log in to reply
12 replies to this topic

#1 bskid25

bskid25

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 27 May 2008 - 10:08 PM

i had a huge spyware/malware problem and seemed to get rid of a lot of them. i had internet speed monitor and antispyspider...i cleaned a lot of them out and now i am left with netproject and cannot seem to get rid of it when i run my scans. i did what was told in this post: http://forums.whatth...ect_t90730.html and when i ran the scan afterwards, it was still appearing i will post the SDfix log from when i ran the scan, and then below it i will post the hijackthis log..please help! and thank you.

SDFIX:

SDFix: Version 1.186
Run by Billy on Tue 05/27/2008 at 07:49 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
MsSecurity1.209.4

Path :
C:\WINDOWS\b2new.exe service

MsSecurity1.209.4 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\000060.exe - Deleted
C:\WINDOWS\system32\000080.exe - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\index.html - Deleted
C:\WINDOWS\licencia.txt - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\system32\adult.txt - Deleted
C:\WINDOWS\system32\finance.txt - Deleted
C:\WINDOWS\system32\lt.res - Deleted
C:\WINDOWS\system32\other.txt - Deleted
C:\WINDOWS\system32\pharma.txt - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 20:46:39
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:87,04,fa,4c,d9,c4,b7,9e,af,0c,46,fd,48,47,fa,de,cd,a9,6f,de,ef,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:87,04,fa,4c,d9,c4,b7,9e,af,0c,46,fd,48,47,fa,de,cd,a9,6f,de,ef,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:7f1e7072
"s1"=dword:c59c0ddc
"s2"=dword:d2cd3257
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:87,04,fa,4c,d9,c4,b7,9e,af,0c,46,fd,48,47,fa,de,cd,a9,6f,de,ef,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1155592687\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1155592687\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1155592687\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1155592687\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 14 Aug 2006 88 A.SHR --- "C:\i386\3B348B9EA7.sys"
Mon 14 Aug 2006 3,350 A.SH. --- "C:\i386\KGyGaAvL.sys"
Wed 26 Mar 2008 88 ..SHR --- "C:\WINDOWS\system32\3B348B9EA7.sys"
Thu 3 Apr 2008 8 ..SHR --- "C:\WINDOWS\system32\DD4E39861A.sys"
Fri 16 May 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 21 May 2008 1,505,747 ..SH. --- "C:\WINDOWS\system32\mjimafxs.tmp"
Sun 10 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 13 Sep 2005 1,847,296 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\LAUNCHER.EXE"
Sat 25 Jun 2005 62,464 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\MNYINSTA.DLL"
Fri 22 Apr 2005 95,232 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\RMVSUITE.EXE"
Thu 18 Aug 2005 36,864 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\SETUPLNG.DLL"
Wed 5 Jan 2005 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\UNREGWTR.EXE"
Thu 15 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 11 May 2008 89,088 ..SHR --- "C:\Documents and Settings\Billy\My Documents\s?stem32\smss.exe"
Sun 10 Sep 2006 4,348 ...H. --- "C:\Documents and Settings\Billy\My Documents\My Music\License Backup\drmv1key.bak"
Tue 31 Oct 2006 20 A..H. --- "C:\Documents and Settings\Billy\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 10 Sep 2006 312 A.SH. --- "C:\Documents and Settings\Billy\My Documents\My Music\License Backup\drmv2key.bak"
Tue 31 Oct 2006 23,040 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL0081.tmp"
Tue 31 Oct 2006 23,040 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL0680.tmp"
Tue 31 Oct 2006 24,576 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL0685.tmp"
Tue 31 Oct 2006 23,040 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL0764.tmp"
Tue 31 Oct 2006 23,552 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL0979.tmp"
Tue 31 Oct 2006 24,064 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL1529.tmp"
Tue 31 Oct 2006 24,064 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL2313.tmp"
Tue 31 Oct 2006 22,528 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL2749.tmp"
Tue 31 Oct 2006 22,528 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL2872.tmp"
Tue 31 Oct 2006 23,552 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL3421.tmp"
Tue 31 Oct 2006 22,528 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL3861.tmp"
Tue 31 Oct 2006 22,528 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL3898.tmp"
Wed 25 Apr 2007 1,182,720 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL0286.tmp"
Wed 25 Apr 2007 1,057,792 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL0435.tmp"
Wed 25 Apr 2007 1,057,792 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL0439.tmp"
Wed 25 Apr 2007 1,241,088 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL1059.tmp"
Wed 25 Apr 2007 1,057,792 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL1245.tmp"
Wed 25 Apr 2007 1,058,304 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL1593.tmp"
Wed 25 Apr 2007 1,058,304 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL1824.tmp"
Wed 25 Apr 2007 1,241,088 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL1937.tmp"
Wed 25 Apr 2007 1,057,792 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL1938.tmp"
Wed 25 Apr 2007 62,464 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL2066.tmp"
Wed 25 Apr 2007 1,058,304 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL2253.tmp"
Wed 25 Apr 2007 1,057,792 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL2260.tmp"
Wed 25 Apr 2007 1,058,816 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL2436.tmp"
Wed 25 Apr 2007 1,242,112 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL2675.tmp"
Wed 25 Apr 2007 1,058,304 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL2734.tmp"
Wed 25 Apr 2007 1,058,304 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL3388.tmp"
Wed 25 Apr 2007 1,057,792 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL3440.tmp"
Wed 25 Apr 2007 1,058,816 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL3504.tmp"
Wed 25 Apr 2007 1,057,280 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL3756.tmp"
Wed 25 Apr 2007 1,243,136 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL3776.tmp"
Sun 15 Apr 2007 8 A..H. --- "C:\Documents and Settings\Billy\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sun 15 Apr 2007 8 A..H. --- "C:\Documents and Settings\Billy\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sun 22 Apr 2007 8 A..H. --- "C:\Documents and Settings\Billy\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun 22 Apr 2007 8 A..H. --- "C:\Documents and Settings\Billy\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!





HIJACKTHIS:

Logfile of HijackThis v1.99.1
Scan saved at 12:03:58 AM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\AdwareFilter\adwarefilter.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.warwick.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BM5bcd7db7] Rundll32.exe "C:\WINDOWS\system32\sjwrsktp.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Systray] rundll32.exe sockins32.dll,RunMain
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    Advertisements

Register to Remove


#2 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 31 May 2008 - 06:10 AM

hi,

one more download:

Download combofix from one of these links and save it to your Desktop:

http://subs.geekstogo.com/ComboFix.exe
http://download.blee...Bs/ComboFix.exe

double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" in your reply
How Can I Reduce My Risk?

#3 bskid25

bskid25

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 31 May 2008 - 01:56 PM

hi, i followed instructions and here is the long from combofix..


ComboFix 08-05-29.1 - Billy 2008-05-31 14:59:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.129 [GMT -4:00]
Running from: C:\Documents and Settings\Billy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Billy\My Documents\SSTEM3~1
C:\Documents and Settings\Billy\My Documents\SSTEM3~1\s?stem32\
C:\Documents and Settings\Billy\My Documents\SSTEM3~1\smss.exe
C:\Program Files\WinBudget
C:\WINDOWS\b2new.exe
C:\WINDOWS\BM5bcd7db7.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\mainms.vpi
C:\WINDOWS\promo1.html
C:\WINDOWS\promo2.html
C:\WINDOWS\promo3.html
C:\WINDOWS\promo4.html
C:\WINDOWS\promo5.html
C:\WINDOWS\promo6.html
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\promogif3.gif
C:\WINDOWS\system32\aGNTvyay.ini
C:\WINDOWS\system32\aGNTvyay.ini2
C:\WINDOWS\system32\alemofwq.ini
C:\WINDOWS\system32\bhborvtx.dll
C:\WINDOWS\system32\bpoyekfg.dll
C:\WINDOWS\system32\buhvyetc.ini
C:\WINDOWS\system32\cdfidemc.dll
C:\WINDOWS\system32\cjeqejyc.ini
C:\WINDOWS\system32\cktveyxu.ini
C:\WINDOWS\system32\difnxobi.dll
C:\WINDOWS\system32\eaerfppm.ini
C:\WINDOWS\system32\eubcbixs.dll
C:\WINDOWS\system32\exqwjwlu.dll
C:\WINDOWS\system32\FhiQBcdd.ini
C:\WINDOWS\system32\FhiQBcdd.ini2
C:\WINDOWS\system32\foatxcrh.dll
C:\WINDOWS\system32\fsppiaet.dll
C:\WINDOWS\system32\ftuglbkf.dll
C:\WINDOWS\system32\fxbbgeme.dll
C:\WINDOWS\system32\gcqkjvsp.dll
C:\WINDOWS\system32\gfchiyal.dll
C:\WINDOWS\system32\giuewqgo.dll
C:\WINDOWS\system32\gofhkahs.dll
C:\WINDOWS\system32\gPXbKRqr.ini
C:\WINDOWS\system32\gPXbKRqr.ini2
C:\WINDOWS\system32\HPpYayay.ini2
C:\WINDOWS\system32\hvqaxnej.dll
C:\WINDOWS\system32\irifetto.dll
C:\WINDOWS\system32\jijcwcdx.dll
C:\WINDOWS\system32\jjxawdnr.ini
C:\WINDOWS\system32\jvxhjfgr.dll
C:\WINDOWS\system32\liqbmsoj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mjimafxs.tmp
C:\WINDOWS\system32\mppfreae.dll
C:\WINDOWS\system32\muuccrnw.dll
C:\WINDOWS\system32\nfwpmpvj.dll
C:\WINDOWS\system32\NXxGNqss.ini
C:\WINDOWS\system32\NXxGNqss.ini2
C:\WINDOWS\system32\ofacbpfp.ini
C:\WINDOWS\system32\ofsspkqw.dll
C:\WINDOWS\system32\pkhcolui.dll
C:\WINDOWS\system32\pphnncxc.dll
C:\WINDOWS\system32\QBLloXbc.ini
C:\WINDOWS\system32\QBLloXbc.ini2
C:\WINDOWS\system32\qltjmwwv.dll
C:\WINDOWS\system32\rgbqwdvp.dll
C:\WINDOWS\system32\rioodyir.dll
C:\WINDOWS\system32\rrrwpplm.dll
C:\WINDOWS\system32\rvspqrws.ini
C:\WINDOWS\system32\sjjukeln.dll
C:\WINDOWS\system32\sjwrsktp.dll
C:\WINDOWS\system32\SsBbefii.ini
C:\WINDOWS\system32\SsBbefii.ini2
C:\WINDOWS\system32\sxfamijm.dll
C:\WINDOWS\system32\TDNXaccf.ini
C:\WINDOWS\system32\TDNXaccf.ini2
C:\WINDOWS\system32\teaippsf.ini
C:\WINDOWS\system32\tpoqmuvk.ini
C:\WINDOWS\system32\ttcutcyl.ini
C:\WINDOWS\system32\tttkaiiq.dll
C:\WINDOWS\system32\twsviguh.ini
C:\WINDOWS\system32\uanttdev.dll
C:\WINDOWS\system32\uompmved.dll
C:\WINDOWS\system32\vwoxaxab.ini
C:\WINDOWS\system32\wEMnUvut.ini
C:\WINDOWS\system32\wEMnUvut.ini2
C:\WINDOWS\system32\wFLoqtwa.ini
C:\WINDOWS\system32\wFLoqtwa.ini2
C:\WINDOWS\system32\wkhtcigr.dll
C:\WINDOWS\system32\wkvswnvg.dll
C:\WINDOWS\system32\wnrccuum.ini
C:\WINDOWS\system32\wqkpssfo.ini
C:\WINDOWS\system32\xbjkcttr.dll
C:\WINDOWS\system32\xfyrontn.ini
C:\WINDOWS\system32\xgprpato.ini
C:\WINDOWS\system32\xnsrrhll.dll
C:\WINDOWS\system32\xsylqnej.dll
C:\WINDOWS\system32\yjaavjlo.ini
C:\WINDOWS\system32\ympkuuqe.dll
C:\WINDOWS\system32\yxbxplqv.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.

2008-05-28 20:20 . 2008-05-28 20:20 <DIR> d-------- C:\Program Files\iPod
2008-05-27 19:39 . 2008-05-27 19:39 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-27 18:57 . 2008-05-27 20:51 <DIR> d-------- C:\SDFix
2008-05-23 16:50 . 2008-05-23 16:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-22 22:38 . 2007-07-12 02:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-22 22:34 . 2008-05-22 22:34 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-22 22:33 . 2008-05-22 22:39 <DIR> d-------- C:\Program Files\LimeWire
2008-05-21 01:54 . 2008-05-22 22:54 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-21 01:54 . 2008-05-21 01:54 <DIR> d-------- C:\Documents and Settings\Billy\Application Data\PC Tools
2008-05-21 01:54 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-21 01:54 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-21 01:54 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-21 01:54 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-21 00:59 . 2008-05-21 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-21 00:40 . 2008-05-30 02:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-21 00:40 . 2008-05-21 00:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-20 23:26 . 2008-05-21 00:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-20 23:26 . 2008-05-20 23:26 <DIR> d-------- C:\Documents and Settings\Billy\Application Data\SUPERAntiSpyware.com
2008-05-20 19:31 . 2008-05-20 19:31 294 ---hs---- C:\WINDOWS\system32\rvabfyec.ini
2008-05-19 00:27 . 2008-05-31 14:12 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-19 00:24 . 2008-05-30 16:44 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-05-19 00:22 . 2008-05-31 05:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-18 18:34 . 2008-05-18 18:34 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 06:12 . 2008-05-17 06:12 16,640 --a------ C:\WINDOWS\changeurl_30.dll.del
2008-05-16 20:48 . 2008-05-16 20:48 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-05-13 10:07 . 2008-05-13 10:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-13 10:07 . 2008-05-13 10:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-13 10:05 . 2008-05-20 23:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-13 10:01 . 2008-05-13 10:01 <DIR> d-------- C:\Documents and Settings\Billy\Application Data\U3
2008-05-12 20:45 . 2008-05-12 20:57 <DIR> d-------- C:\Documents and Settings\Billy\Application Data\McAfee.com Personal Firewall
2008-05-12 20:44 . 2008-05-12 20:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-05-12 20:42 . 2008-05-30 02:25 72,928 --a------ C:\WINDOWS\system32\Status.MPF
2008-05-12 20:39 . 2008-05-12 20:42 <DIR> d-------- C:\WINDOWS\system32\mclsphlr
2008-05-12 20:38 . 2005-07-26 14:50 94,208 --a------ C:\WINDOWS\system32\mclsp.dll
2008-05-12 20:38 . 2005-07-26 14:47 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2008-05-12 20:38 . 2005-04-20 19:22 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2008-05-12 20:38 . 2005-04-20 19:22 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2008-05-12 20:37 . 2008-05-12 20:37 <DIR> d-------- C:\Program Files\McAfee
2008-05-12 20:37 . 2008-05-12 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-12 20:36 . 2008-05-13 02:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-05-12 20:36 . 2005-08-16 16:18 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2008-05-12 20:36 . 2005-08-16 16:13 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2008-05-12 20:35 . 2005-08-10 11:22 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2008-05-12 20:34 . 2008-05-12 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-12 20:08 . 2008-05-12 20:39 <DIR> d-------- C:\Program Files\McAfee.com
2008-05-12 20:08 . 2005-09-19 12:13 349,760 -ra------ C:\WINDOWS\system32\mcinsctl.dll
2008-05-12 20:08 . 2005-09-19 12:13 288,320 -ra------ C:\WINDOWS\system32\mcgdmgr.dll
2008-05-12 01:10 . 2008-05-12 01:10 1,998 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-12 01:09 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-12 01:09 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-12 01:09 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-12 01:09 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-12 01:09 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-12 01:09 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-12 01:09 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-12 01:09 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-12 01:04 . 2006-08-08 03:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-05-12 01:04 . 2006-08-08 03:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-12 01:04 . 2008-05-21 00:34 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-11 21:00 . 2008-05-22 22:38 <DIR> d-------- C:\Config.Msdi
2008-05-11 03:32 . 2008-05-11 03:32 1,294 --a------ C:\WINDOWS\homepage.html
2008-05-11 03:29 . 2008-05-11 03:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-04-26 02:59 . 2008-05-30 01:21 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-03 19:35 . 2008-04-03 19:35 8 -r-hs---- C:\WINDOWS\system32\DD4E39861A.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 20:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-29 22:56 --------- d-----w C:\Program Files\Apple Software Update
2008-05-29 00:21 --------- d-----w C:\Program Files\iTunes
2008-05-29 00:10 --------- d-----w C:\Program Files\QuickTime
2008-05-27 05:39 --------- d--h--r C:\Documents and Settings\Billy\Application Data\yahoo!
2008-05-27 05:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-05-23 02:38 --------- d-----w C:\Program Files\Java
2008-05-21 06:08 --------- d-----w C:\Program Files\AdwareFilter
2008-05-21 03:14 --------- d-----w C:\Program Files\mIRC
2008-05-19 04:22 --------- d-----w C:\Program Files\Google
2008-05-13 06:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-12 04:51 --------- d-----w C:\Documents and Settings\Billy\Application Data\Move Networks
2008-05-12 01:08 --------- d-----w C:\Program Files\Dl_cats
2008-05-11 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-25 21:05 29,150 ----a-w C:\Documents and Settings\Billy\Application Data\wklnhst.dat
2008-04-18 05:14 --------- d-----w C:\Documents and Settings\Billy\Application Data\LimeWire
2007-05-04 03:42 57,528 -c--a-w C:\Documents and Settings\Billy\Application Data\GDIPFONTCACHEV1.DAT
2007-03-28 07:08 87,608 -c--a-w C:\Documents and Settings\Billy\Application Data\ezpinst.exe
2007-03-28 07:08 47,360 -c--a-w C:\Documents and Settings\Billy\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 67,160 2005-08-05 19:08:26 C:\Program Files\AIM\bak\aim.exe
----a-w 67,112 2006-08-01 20:35:36 C:\Program Files\AIM\aim.exe

----a-w 159,832 2005-08-02 19:33:02 C:\Program Files\Common Files\AOL\1155592687\ee\bak\AOLHostManager.exe

----a-w 81,920 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 249,856 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

----a-w 58,992 2004-12-13 20:30:00 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

----a-w 53,248 2005-02-23 21:19:56 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe

----a-w 1,032,192 2006-04-06 19:58:52 C:\Program Files\Dell\QuickSet\bak\quickset.exe

----a-w 460,784 2007-03-15 15:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 385,024 2004-10-30 19:59:54 C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe

----a-w 267,048 2007-11-02 23:36:42 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 14:36:40 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 132,496 2007-07-12 09:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
----a-w 132,496 2007-07-12 08:00:36 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

----a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe

----a-w 20,480 2003-09-10 07:24:00 C:\Program Files\NetWaiting\bak\netWaiting.exe

----a-w 1,537,696 2005-12-07 21:05:30 C:\Program Files\Norton Ghost\Agent\bak\GhostTray.exe

----a-w 286,720 2007-10-20 01:16:26 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-03-29 03:37:20 C:\Program Files\QuickTime\QTTask.exe

----a-w 761,947 2006-03-08 23:48:02 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe

----a-w 48 2008-02-01 05:30:52 C:\Program Files\Trend Micro\Internet Security 12\bak\pc-cillin.ini

----a-w 823,362 2005-08-23 03:21:24 C:\Program Files\Trend Micro\Internet Security 12\bak\pccguide.exe

----a-w 176,201 2006-04-11 23:39:22 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe
----a-w 176,201 2006-04-12 00:39:22 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

----a-w 15,360 2004-08-04 10:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 10:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 77,824 2005-10-15 01:46:34 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 114,688 2005-10-15 01:50:30 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 94,208 2005-10-15 01:49:46 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 155,648 2001-07-09 14:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-w 127,035 2004-12-06 06:05:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 00:22 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 07:55 73728]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 14:26 212992]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-08-18 17:52 999424]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 18:06 110592]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 19:05 1117184]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2005-07-26 14:49 294912]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BM5bcd7db7"="C:\WINDOWS\system32\sjwrsktp.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Systray"="sockins32.dll" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AdwareFilter Background Protection.lnk - C:\Program Files\AdwareFilter\adwarefilter.exe [2008-05-08 02:04:32 4568376]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-10-23 02:15:44 303104]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"VIDC.X264"= x264vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
C:\DOCUME~1\Billy\MYDOCU~1\SSTEM3~1\smss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-19 00:22 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\1155592687\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05c8735a-2097-11dd-94ff-00166fa0d1bf}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cb8c0c0-37fa-11db-9448-0015c5639485}]
\Shell\AutoRun\command - F:\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be585b42-2bb8-11db-9436-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - ERASERUTILDRV10741
.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 23:37:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-30 22:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (BILLYSLAPTOP-Administrator).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-05-30 20:44:32 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-05-31 15:53:41
ComboFix-quarantined-files.txt 2008-05-31 19:53:16

Pre-Run: 20,058,152,960 bytes free
Post-Run: 19,260,379,136 bytes free

340 --- E O F --- 2008-05-28 02:53:54

#4 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 01 June 2008 - 09:44 AM

hi,

ok thanks for the info. please rerun sdfix, but first delete the copy you have-- as its been updated. new version is v1.187


Download SDFix and save it to your Desktop.

http://downloads.and...Tools/SDFix.exe

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
How Can I Reduce My Risk?

#5 bskid25

bskid25

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 02 June 2008 - 07:50 PM

ok i did as you said..here are the logs...

SDFIX:

SDFix: Version 1.187
Run by Billy on Mon 06/02/2008 at 09:06 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\sn.txt - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 21:40:07
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:87,04,fa,4c,d9,c4,b7,9e,af,0c,46,fd,48,47,fa,de,cd,a9,6f,de,ef,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:87,04,fa,4c,d9,c4,b7,9e,af,0c,46,fd,48,47,fa,de,cd,a9,6f,de,ef,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:7f1e7072
"s1"=dword:c59c0ddc
"s2"=dword:d2cd3257
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:87,04,fa,4c,d9,c4,b7,9e,af,0c,46,fd,48,47,fa,de,cd,a9,6f,de,ef,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1155592687\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1155592687\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1155592687\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1155592687\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 14 Aug 2006 88 A.SHR --- "C:\i386\3B348B9EA7.sys"
Mon 14 Aug 2006 3,350 A.SH. --- "C:\i386\KGyGaAvL.sys"
Wed 26 Mar 2008 88 ..SHR --- "C:\WINDOWS\system32\3B348B9EA7.sys"
Thu 3 Apr 2008 8 ..SHR --- "C:\WINDOWS\system32\DD4E39861A.sys"
Fri 30 May 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 10 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 13 Sep 2005 1,847,296 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\LAUNCHER.EXE"
Sat 25 Jun 2005 62,464 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\MNYINSTA.DLL"
Fri 22 Apr 2005 95,232 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\RMVSUITE.EXE"
Thu 18 Aug 2005 36,864 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\SETUPLNG.DLL"
Wed 5 Jan 2005 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2006\Setup\UNREGWTR.EXE"
Thu 15 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 10 Sep 2006 4,348 ...H. --- "C:\Documents and Settings\Billy\My Documents\My Music\License Backup\drmv1key.bak"
Tue 31 Oct 2006 20 A..H. --- "C:\Documents and Settings\Billy\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 10 Sep 2006 312 A.SH. --- "C:\Documents and Settings\Billy\My Documents\My Music\License Backup\drmv2key.bak"
Tue 31 Oct 2006 23,040 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL0081.tmp"
Tue 31 Oct 2006 23,040 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL0680.tmp"
Tue 31 Oct 2006 24,576 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL0685.tmp"
Tue 31 Oct 2006 23,040 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL0764.tmp"
Tue 31 Oct 2006 23,552 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL0979.tmp"
Tue 31 Oct 2006 24,064 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL1529.tmp"
Tue 31 Oct 2006 24,064 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL2313.tmp"
Tue 31 Oct 2006 22,528 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL2749.tmp"
Tue 31 Oct 2006 22,528 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL2872.tmp"
Tue 31 Oct 2006 23,552 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL3421.tmp"
Tue 31 Oct 2006 22,528 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL3861.tmp"
Tue 31 Oct 2006 22,528 A..H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Fall 2006\Tax 2\~WRL3898.tmp"
Wed 25 Apr 2007 1,182,720 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL0286.tmp"
Wed 25 Apr 2007 1,057,792 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL0435.tmp"
Wed 25 Apr 2007 1,057,792 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL0439.tmp"
Wed 25 Apr 2007 1,241,088 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL1059.tmp"
Wed 25 Apr 2007 1,057,792 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL1245.tmp"
Wed 25 Apr 2007 1,058,304 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL1593.tmp"
Wed 25 Apr 2007 1,058,304 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL1824.tmp"
Wed 25 Apr 2007 1,241,088 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL1937.tmp"
Wed 25 Apr 2007 1,057,792 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL1938.tmp"
Wed 25 Apr 2007 62,464 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL2066.tmp"
Wed 25 Apr 2007 1,058,304 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL2253.tmp"
Wed 25 Apr 2007 1,057,792 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL2260.tmp"
Wed 25 Apr 2007 1,058,816 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL2436.tmp"
Wed 25 Apr 2007 1,242,112 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL2675.tmp"
Wed 25 Apr 2007 1,058,304 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL2734.tmp"
Wed 25 Apr 2007 1,058,304 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL3388.tmp"
Wed 25 Apr 2007 1,057,792 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL3440.tmp"
Wed 25 Apr 2007 1,058,816 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL3504.tmp"
Wed 25 Apr 2007 1,057,280 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL3756.tmp"
Wed 25 Apr 2007 1,243,136 ...H. --- "C:\Documents and Settings\Billy\Desktop\WPUNJ\Spring 2007\World Music\~WRL3776.tmp"
Sun 15 Apr 2007 8 A..H. --- "C:\Documents and Settings\Billy\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sun 15 Apr 2007 8 A..H. --- "C:\Documents and Settings\Billy\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sun 22 Apr 2007 8 A..H. --- "C:\Documents and Settings\Billy\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun 22 Apr 2007 8 A..H. --- "C:\Documents and Settings\Billy\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!




HIJACKTHIS:

Logfile of HijackThis v1.99.1
Scan saved at 9:49:12 PM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AdwareFilter\adwarefilter.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.warwick.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM5bcd7db7] Rundll32.exe "C:\WINDOWS\system32\sjwrsktp.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#6 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 03 June 2008 - 04:10 PM

hi, ok thanks for the info. lets get a couple of files checked out: first to help show all files: FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok navigate here: C:\WINDOWS\system32 see if you can locate these in the dir.: 3B348B9EA7.sys DD4E39861A.sys if so go to the website below, browse for the files again one by one and upload them by clicking the send button. they will be scanned, you can copy paste the results in your reply. shelf life
How Can I Reduce My Risk?

#7 bskid25

bskid25

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 04 June 2008 - 02:05 AM

hi, im sorry i was able to locate the files...but i am confused as to which website you would like me to upload them to?..i went to the one in ur sig i believe, but i just saw tips on malware, nowhere to upload/scan...is that the site you were talking about?sorry to slow down the process.... Billy

#8 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 04 June 2008 - 03:36 PM

hi,

sorry, i didnt post the link. the website to upload the files to:

http://www.virustotal.com/
How Can I Reduce My Risk?

#9 bskid25

bskid25

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 06 June 2008 - 09:43 PM

hello, i scanned those files on the site you posted: File 3B348B9EA7.sys received on 06.07.2008 05:41:02 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.5.30.1 2008.06.05 - AntiVir 7.8.0.55 2008.06.06 - Authentium 5.1.0.4 2008.06.06 - Avast 4.8.1195.0 2008.06.07 - AVG 7.5.0.516 2008.06.06 - BitDefender 7.2 2008.06.07 - CAT-QuickHeal 9.50 2008.06.06 - ClamAV 0.92.1 2008.06.06 - DrWeb 4.44.0.09170 2008.06.06 - eSafe 7.0.15.0 2008.06.05 - eTrust-Vet 31.6.5855 2008.06.06 - Ewido 4.0 2008.06.06 - F-Prot 4.4.4.56 2008.06.06 - F-Secure 6.70.13260.0 2008.06.06 - Fortinet 3.14.0.0 2008.06.07 - GData 2.0.7306.1023 2008.06.07 - Ikarus T3.1.1.26.0 2008.06.07 - Kaspersky 7.0.0.125 2008.06.07 - McAfee 5312 2008.06.06 - Microsoft None 2008.06.07 - NOD32v2 3165 2008.06.06 - Norman 5.80.02 2008.06.06 - Panda 9.0.0.4 2008.06.06 - Prevx1 V2 2008.06.07 - Rising 20.47.42.00 2008.06.06 - Sophos 4.30.0 2008.06.07 - Sunbelt 3.0.1145.1 2008.06.05 - Symantec 10 2008.06.07 - TheHacker 6.2.92.339 2008.06.07 - VBA32 3.12.6.7 2008.06.06 - VirusBuster 4.3.26:9 2008.06.06 - Webwasher-Gateway 6.6.2 2008.06.06 - Additional information File size: 88 bytes MD5...: c596deb6015893ed02ddb11f927688e6 SHA1..: 94903fb4d6b0d719d0e1716220c4d5346a39cd5b SHA256: f0ca7b26ce18f2ec7baaba5b6dd16143f97bbbfc5151d32d2a86b9ea3ab96ff6 SHA512: e9cd57bda02d6a5fa586213ac4f363805381bddb0dd9f9e55d49890b764a60b9 e37b44d7fe78d772207d26596ea161b31a76f9e822abab5f0b0ffa80fef5ac10 PEiD..: - PEInfo: - File DD4E39861A.sys received on 06.07.2008 05:43:33 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) Loading server information... Your file is queued in position: 1. Estimated start time is between 37 and 53 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.5.30.1 2008.06.05 - AntiVir 7.8.0.55 2008.06.06 - Authentium 5.1.0.4 2008.06.06 - Avast 4.8.1195.0 2008.06.07 - AVG 7.5.0.516 2008.06.06 - BitDefender 7.2 2008.06.07 - CAT-QuickHeal 9.50 2008.06.06 - ClamAV 0.92.1 2008.06.06 - DrWeb 4.44.0.09170 2008.06.06 - eSafe 7.0.15.0 2008.06.05 - eTrust-Vet 31.6.5855 2008.06.06 - Ewido 4.0 2008.06.06 - F-Prot 4.4.4.56 2008.06.06 - F-Secure 6.70.13260.0 2008.06.06 - Fortinet 3.14.0.0 2008.06.07 - GData 2.0.7306.1023 2008.06.07 - Ikarus T3.1.1.26.0 2008.06.07 - Kaspersky 7.0.0.125 2008.06.07 - McAfee 5312 2008.06.06 - Microsoft None 2008.06.07 - NOD32v2 3165 2008.06.06 - Norman 5.80.02 2008.06.06 - Panda 9.0.0.4 2008.06.06 - Prevx1 V2 2008.06.07 - Rising 20.47.42.00 2008.06.06 - Sophos 4.30.0 2008.06.07 - Sunbelt 3.0.1145.1 2008.06.05 - Symantec 10 2008.06.07 - TheHacker 6.2.92.339 2008.06.07 - VBA32 3.12.6.7 2008.06.06 - VirusBuster 4.3.26:9 2008.06.06 - Webwasher-Gateway 6.6.2 2008.06.06 - Additional information File size: 8 bytes MD5...: 0641a46f1e58529a42ead4573a3a0861 SHA1..: 2fa91927668fb0b3a4da32722825e15080cb5c21 SHA256: 9d7d948ef1329cc1db5fb77cbe9ed7bbf7d74cd8be1ad214689ebbe52a2267cb SHA512: a176bddbd12b058a1932bcf39e6b848c195b4293aad3dcb829ed8b093c2d096a deb5dbaf2e5182bebab7afb899c47f5e33298060f7cedbbd7ef569ac36f23a6e PEiD..: - PEInfo: -

#10 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 07 June 2008 - 09:37 AM

hi bskid25, thanks for the info. they appear to be ok, nothing flagged at virustotal anyway. if you havent rebooted your computer since last hjt scan, please reboot and post anew hjt log. hows it looking on your end now?
How Can I Reduce My Risk?

#11 bskid25

bskid25

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 11 June 2008 - 05:33 PM

the computer is running 100% better but when i run adware scans....they still always find something and delete it...when i run pcsafe it sometimes finds somethin w/netproject..but the computer runs good...when i turn the computer on after restarting it, this msg always pops up..."Error Loading C:\Windows\system32\sjwrsktp.dll, The Specified Module could not be found"...any ideas on that? anyway, heres a new hjt log...and by the way, thank you..



Logfile of HijackThis v1.99.1
Scan saved at 7:34:28 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AdwareFilter\adwarefilter.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.warwick.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM5bcd7db7] Rundll32.exe "C:\WINDOWS\system32\sjwrsktp.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#12 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 11 June 2008 - 06:02 PM

hi,

thanks for the info. we will use combofix.

Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM5bcd7db7"=-


Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon
using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log and a new hjt log.--

after the above:

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"
O4 - HKLM\..\Run: [BM5bcd7db7] Rundll32.exe "C:\WINDOWS\system32\sjwrsktp.dll",s

reboot once, rescan and post a final hjt log.

pcsafe it sometimes finds somethin w/netproject


is pcsafe a malware scanner? does it provide a path to the file it is finding?
How Can I Reduce My Risk?

#13 bskid25

bskid25

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 24 June 2008 - 11:40 PM

COMBOFIX log;

ComboFix 08-06-20.4 - Billy 2008-06-25 1:24:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.165 [GMT -4:00]
Running from: C:\Documents and Settings\Billy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Billy\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\homepage.html

.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-11 01:29 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 01:29 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-02 00:49 . 2008-06-20 03:09 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-31 15:55 . 2008-05-31 15:55 0 --a------ C:\WINDOWS\BM5bcd7db7.xml
2008-05-28 20:20 . 2008-05-28 20:20 <DIR> d-------- C:\Program Files\iPod
2008-05-27 19:39 . 2008-05-27 19:39 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-27 18:57 . 2008-06-02 21:44 <DIR> d-------- C:\SDFix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 05:15 --------- d-----w C:\Program Files\mIRC
2008-06-25 04:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 01:25 --------- d-----w C:\Program Files\AdwareFilter
2008-06-25 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-20 22:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-20 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-18 05:37 --------- d--h--r C:\Documents and Settings\Billy\Application Data\yahoo!
2008-06-18 05:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-11 07:22 --------- d-----w C:\Program Files\Dl_cats
2008-06-03 21:53 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-01 02:55 --------- d-----w C:\Program Files\Google
2008-05-30 05:21 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-29 22:56 --------- d-----w C:\Program Files\Apple Software Update
2008-05-29 00:21 --------- d-----w C:\Program Files\iTunes
2008-05-29 00:10 --------- d-----w C:\Program Files\QuickTime
2008-05-23 20:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-23 02:54 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-23 02:39 --------- d-----w C:\Program Files\LimeWire
2008-05-23 02:38 --------- d-----w C:\Program Files\Java
2008-05-23 02:34 --------- d-----w C:\Program Files\Common Files\Java
2008-05-21 05:54 --------- d-----w C:\Documents and Settings\Billy\Application Data\PC Tools
2008-05-21 04:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-21 03:26 --------- d-----w C:\Documents and Settings\Billy\Application Data\SUPERAntiSpyware.com
2008-05-21 03:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-13 14:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-13 14:07 --------- d-----w C:\Program Files\Lavasoft
2008-05-13 14:01 --------- d-----w C:\Documents and Settings\Billy\Application Data\U3
2008-05-13 06:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 06:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-05-13 00:57 --------- d-----w C:\Documents and Settings\Billy\Application Data\McAfee.com Personal Firewall
2008-05-13 00:44 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-05-13 00:39 --------- d-----w C:\Program Files\McAfee.com
2008-05-13 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-13 00:37 --------- d-----w C:\Program Files\McAfee
2008-05-13 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-12 05:10 1,998 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-12 04:51 --------- d-----w C:\Documents and Settings\Billy\Application Data\Move Networks
2008-05-11 07:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-28 12:03 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-04-28 12:03 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-04-25 21:05 29,150 ----a-w C:\Documents and Settings\Billy\Application Data\wklnhst.dat
2008-04-24 12:10 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2007-05-04 03:42 57,528 -c--a-w C:\Documents and Settings\Billy\Application Data\GDIPFONTCACHEV1.DAT
2007-03-28 07:08 87,608 -c--a-w C:\Documents and Settings\Billy\Application Data\ezpinst.exe
2007-03-28 07:08 47,360 -c--a-w C:\Documents and Settings\Billy\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 67,160 2005-08-05 19:08:26 C:\Program Files\AIM\bak\aim.exe
----a-w 67,112 2006-08-01 20:35:36 C:\Program Files\AIM\aim.exe

----a-w 159,832 2005-08-02 19:33:02 C:\Program Files\Common Files\AOL\1155592687\ee\bak\AOLHostManager.exe

----a-w 81,920 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 249,856 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

----a-w 58,992 2004-12-13 20:30:00 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

----a-w 53,248 2005-02-23 21:19:56 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe

----a-w 1,032,192 2006-04-06 19:58:52 C:\Program Files\Dell\QuickSet\bak\quickset.exe

----a-w 460,784 2007-03-15 15:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 385,024 2004-10-30 19:59:54 C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe

----a-w 267,048 2007-11-02 23:36:42 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 14:36:40 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 132,496 2007-07-12 09:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
----a-w 132,496 2007-07-12 08:00:36 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

----a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe

----a-w 20,480 2003-09-10 07:24:00 C:\Program Files\NetWaiting\bak\netWaiting.exe

----a-w 1,537,696 2005-12-07 21:05:30 C:\Program Files\Norton Ghost\Agent\bak\GhostTray.exe

----a-w 286,720 2007-10-20 01:16:26 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-03-29 03:37:20 C:\Program Files\QuickTime\QTTask.exe

----a-w 761,947 2006-03-08 23:48:02 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe

----a-w 48 2008-02-01 05:30:52 C:\Program Files\Trend Micro\Internet Security 12\bak\pc-cillin.ini

----a-w 823,362 2005-08-23 03:21:24 C:\Program Files\Trend Micro\Internet Security 12\bak\pccguide.exe

----a-w 176,201 2006-04-11 23:39:22 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe
----a-w 176,201 2006-04-12 00:39:22 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

----a-w 15,360 2004-08-04 10:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 10:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 77,824 2005-10-15 01:46:34 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 114,688 2005-10-15 01:50:30 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 94,208 2005-10-15 01:49:46 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 155,648 2001-07-09 14:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-w 127,035 2004-12-06 06:05:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 00:22 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-03 17:53 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 07:55 73728]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 14:26 212992]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-08-18 17:52 999424]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 18:06 110592]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 19:05 1117184]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2005-07-26 14:49 294912]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Systray"="sockins32.dll" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AdwareFilter Background Protection.lnk - C:\Program Files\AdwareFilter\adwarefilter.exe [2008-05-08 02:04:32 4568376]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-10-23 02:15:44 303104]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"VIDC.X264"= x264vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
C:\DOCUME~1\Billy\MYDOCU~1\SSTEM3~1\smss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-19 00:22 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\1155592687\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05c8735a-2097-11dd-94ff-00166fa0d1bf}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cb8c0c0-37fa-11db-9448-0015c5639485}]
\Shell\AutoRun\command - F:\autorun\autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-10 15:19:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-20 22:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (BILLYSLAPTOP-Administrator).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-06-21 01:11:20 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 01:30:39
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-25 1:34:25
ComboFix-quarantined-files.txt 2008-06-25 05:34:12
ComboFix2.txt 2008-05-31 19:53:42

Pre-Run: 9,546,895,360 bytes free
Post-Run: 9,710,280,704 bytes free

226 --- E O F --- 2008-06-20 07:01:50




as for HJT, i ran the scan and that file you typed did not appear on the listing...here is the log

Logfile of HijackThis v1.99.1
Scan saved at 1:38:57 AM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AdwareFilter\adwarefilter.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.warwick.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe




and also, pcsafe is a malware scanner, but as far as im aware it doesnt provide a path...just says what it finds, and to remove/quarantine.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users