pudgmo
-
Content Count
10 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by pudgmo
-
-
The computer seems to be running fine now, Thanks!
ComboFix 07-12-21.4 - Owner 2007-12-29 6:44:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.489 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sj404to
C:\sj404to\hpcd.sjp
C:\sj404to\setup.exe
C:\sj404to\usdsloc.dll
C:\sj407
C:\sj407\ipesrcs.src
C:\sj407\Setup.exe
C:\sj407\updatloc.dll
C:\sj653
C:\sj700
C:\sj700\hpcd.sjp
C:\sj700\HpGenUI.dll
C:\sj700\ppt8dll.dll
C:\sj700\Setup.exe
C:\sj700\updatloc.dll
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.
2007-12-20 17:24 . 2007-12-20 17:24 <DIR> d-------- C:\Deckard
2007-12-18 07:05 . 2007-12-18 07:06 <DIR> d-------- C:\Documents and Settings\Owner\SmitfraudFix
2007-12-16 12:50 . 2007-12-18 07:05 3,712 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 12:48 . 2007-12-16 12:49 1,125,659 --a------ C:\SmitfraudFix.exe
2007-12-16 12:41 . 2007-12-16 12:41 <DIR> d-------- C:\HostsXpert
2007-12-15 11:41 . 2007-12-15 16:10 <DIR> d-------- C:\Program Files\WinSpyKiller
2007-11-30 18:53 . 2007-11-30 18:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\iWin
2007-11-30 18:25 . 2007-12-15 16:08 <DIR> d-------- C:\Program Files\Alawar
2007-11-29 08:11 . 2007-12-02 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-29 07:19 . 2001-10-16 10:20 53,248 --a------ C:\WINDOWS\system32\hpsjusd.dll
2007-11-29 07:19 . 2001-10-16 10:20 32,768 --a------ C:\WINDOWS\system32\hpsjrreg.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 12:46 7,445,792 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-28 01:07 99,740 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-15 22:12 --------- d-----w C:\Program Files\Google
2007-11-29 14:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailFrontier
2007-11-27 12:08 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-26 12:47 17,393,684 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_25_22_03_50_full.dmp.zip
2007-11-26 12:46 2,217,469 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-26 12:46 17,139,898 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_25_22_03_37_full.dmp.zip
2007-11-24 17:31 512 ----a-w C:\ScanSectorLog.dat
2007-11-23 17:29 --------- d-----w C:\Program Files\iPod
2007-11-23 17:27 --------- d-----w C:\Program Files\QuickTime
2007-11-22 18:03 17,152,223 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_19_20_05_00_full.dmp.zip
2007-11-14 22:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 22:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-02 12:12 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((( snapshot@2007-12-27_18.56.54.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-27 05:42:41 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-12-29 07:07:24 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
- 2007-12-28 00:51:18 389,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2007-12-29 12:43:25 392,628 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2007-12-27 16:02:34 7,302,948 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-12-29 10:00:39 7,361,875 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 16:18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 12:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"CHotkey"="zHotkey.exe" [2004-05-17 19:30 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 10:09 C:\WINDOWS\ShowWnd.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 16:04]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 22:05]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 17:54 C:\WINDOWS\SOUNDMAN.EXE]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-11-10 10:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"iTunesHelper"="H:\My Music\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"hpsjbmgr"="C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe" []
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-09 16:14:36]
Billminder.lnk - D:\Program Files\QUICKEN2007\BILLMIND.EXE [2007-09-01 11:52:49]
Quicken Startup.lnk - D:\Program Files\QUICKEN2007\QWDLLS.EXE [2007-09-01 11:52:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-11-10 09:30]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-11-10 09:49]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38ca64f9-5a93-11dc-b56e-0013d32d4d40}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 15:40:56 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 06:46:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-29 6:47:17
C:\ComboFix2.txt ... 2007-12-27 18:57
.
2007-12-12 12:27:42 --- E O F ---
-----------------------------------------------------------------------------------------------------
hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:44 AM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
H:\My Music\iTunes\iTunesHelper.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\QUICKEN2007\QWDLLS.EXE
D:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Backup\Down Load\HJTInstall.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [showWnd] ShowWnd.exe
O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\My Music\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = D:\Program Files\QUICKEN2007\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\Program Files\QUICKEN2007\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196101136996
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5773 bytes
-
That did it...
ComboFix 07-12-21.4 - Owner 2007-12-27 18:53:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.474 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.
2007-12-20 17:24 . 2007-12-20 17:24 <DIR> d-------- C:\Deckard
2007-12-18 07:05 . 2007-12-18 07:06 <DIR> d-------- C:\Documents and Settings\Owner\SmitfraudFix
2007-12-16 12:50 . 2007-12-18 07:05 3,712 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 12:48 . 2007-12-16 12:49 1,125,659 --a------ C:\SmitfraudFix.exe
2007-12-16 12:41 . 2007-12-16 12:41 <DIR> d-------- C:\HostsXpert
2007-12-15 11:41 . 2007-12-15 16:10 <DIR> d-------- C:\Program Files\WinSpyKiller
2007-11-30 18:53 . 2007-11-30 18:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\iWin
2007-11-30 18:25 . 2007-12-15 16:08 <DIR> d-------- C:\Program Files\Alawar
2007-11-29 08:11 . 2007-12-02 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-29 07:25 . 2007-11-29 07:25 <DIR> d-------- C:\sj700
2007-11-29 07:19 . 2007-11-29 07:22 <DIR> d-------- C:\sj653
2007-11-29 07:19 . 2007-11-29 07:19 <DIR> d-------- C:\sj407
2007-11-29 07:19 . 2001-10-16 10:20 53,248 --a------ C:\WINDOWS\system32\hpsjusd.dll
2007-11-29 07:19 . 2001-10-16 10:20 32,768 --a------ C:\WINDOWS\system32\hpsjrreg.exe
2007-11-29 07:17 . 2007-12-26 14:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-29 07:17 . 2007-11-29 07:17 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-29 06:06 . 2007-11-29 06:06 <DIR> d-------- C:\sj404to
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 00:56 7,363,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-26 20:26 99,308 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-15 22:12 --------- d-----w C:\Program Files\Google
2007-11-29 14:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailFrontier
2007-11-27 12:08 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-26 12:47 17,393,684 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_25_22_03_50_full.dmp.zip
2007-11-26 12:46 2,217,469 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-26 12:46 17,139,898 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_25_22_03_37_full.dmp.zip
2007-11-24 17:31 512 ----a-w C:\ScanSectorLog.dat
2007-11-23 17:29 --------- d-----w C:\Program Files\iPod
2007-11-23 17:27 --------- d-----w C:\Program Files\QuickTime
2007-11-22 18:03 17,152,223 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_19_20_05_00_full.dmp.zip
2007-11-14 22:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 22:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-02 12:12 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 16:18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 12:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"CHotkey"="zHotkey.exe" [2004-05-17 19:30 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 10:09 C:\WINDOWS\ShowWnd.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 16:04]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 22:05]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 17:54 C:\WINDOWS\SOUNDMAN.EXE]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-11-10 10:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"iTunesHelper"="H:\My Music\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"hpsjbmgr"="C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe" []
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-09 16:14:36]
Billminder.lnk - D:\Program Files\QUICKEN2007\BILLMIND.EXE [2007-09-01 11:52:49]
Quicken Startup.lnk - D:\Program Files\QUICKEN2007\QWDLLS.EXE [2007-09-01 11:52:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-11-10 09:30]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-11-10 09:49]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38ca64f9-5a93-11dc-b56e-0013d32d4d40}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-21 15:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 18:56:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-27 18:57:36
.
2007-12-12 12:27:42 --- E O F ---
_____________________________________________________________________________
HJT log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:14 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
H:\My Music\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\QUICKEN2007\QWDLLS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealArcade\RNArcade.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\Backup\Down Load\HJTInstall.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [showWnd] ShowWnd.exe
O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\My Music\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = D:\Program Files\QUICKEN2007\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\Program Files\QUICKEN2007\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196101136996
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5637 bytes
-
It say's combofix.exe is not a valid win32 application.
-
Hi, Sorry it took so long. I'm showing hidden and system files...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:01 AM, on 12/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
H:\My Music\iTunes\iTunesHelper.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\QUICKEN2007\QWDLLS.EXE
D:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Backup\Down Load\HJTInstall.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [showWnd] ShowWnd.exe
O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\My Music\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = D:\Program Files\QUICKEN2007\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\Program Files\QUICKEN2007\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196101136996
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5753 bytes
-
Main.txt:
Deckard's System Scanner v20071014.68
Run by Owner on 2007-12-20 17:25:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
67: 2007-12-20 23:25:11 UTC - RP103 - Deckard's System Scanner Restore Point
66: 2007-12-20 16:19:21 UTC - RP102 - System Checkpoint
65: 2007-12-19 15:19:22 UTC - RP101 - System Checkpoint
64: 2007-12-18 14:41:51 UTC - RP100 - System Checkpoint
63: 2007-12-16 22:14:14 UTC - RP99 - System Checkpoint
-- First Restore Point --
1: 2007-09-22 00:15:46 UTC - RP37 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:27 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
H:\My Music\iTunes\iTunesHelper.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\QUICKEN2007\QWDLLS.EXE
D:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
D:\Backup\Down Load\dss.exe
D:\Backup\DOWNLO~1\Owner.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [showWnd] ShowWnd.exe
O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\My Music\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = D:\Program Files\QUICKEN2007\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\Program Files\QUICKEN2007\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196101136996
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5729 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 PQV2i - c:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector>
R1 PQIMount - c:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector>
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-12-14 09:40:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-11-20 and 2007-12-20 -----------------------------
2007-12-18 07:05:03 0 d-------- C:\Documents and Settings\Owner\SmitfraudFix
2007-12-16 12:50:23 3712 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-16 12:48:10 1125659 --a------ C:\SmitfraudFix.exe
2007-12-16 12:41:15 0 d-------- C:\HostsXpert
2007-12-16 12:34:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-12-15 11:41:23 0 d-------- C:\Program Files\WinSpyKiller
2007-11-30 18:53:15 0 d-------- C:\Documents and Settings\Owner\Application Data\iWin
2007-11-30 18:25:00 0 d-------- C:\Program Files\Alawar
2007-11-29 08:11:53 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-29 07:25:04 0 d-------- C:\sj700
2007-11-29 07:19:51 53248 --a------ C:\WINDOWS\system32\hpsjusd.dll <Not Verified; Hewlett-Packard Company; Hewlett-Packard Hpsjusd>
2007-11-29 07:19:51 32768 --a------ C:\WINDOWS\system32\hpsjrreg.exe <Not Verified; Hewlett-Packard; HPSJRREG Application>
2007-11-29 07:19:43 0 d-------- C:\sj653
2007-11-29 07:19:20 0 d-------- C:\sj407
2007-11-29 07:11:50 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2007-11-29 07:11:48 350208 --a------ C:\WINDOWS\system32\ltkrn70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-29 07:11:48 55296 --a------ C:\WINDOWS\system32\ltfil70n.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-29 07:11:48 93184 --a------ C:\WINDOWS\system32\lftif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-29 07:11:48 111104 --a------ C:\WINDOWS\system32\lfpng70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-29 07:11:48 24576 --a------ C:\WINDOWS\system32\lfpcx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-29 07:11:48 95232 --a------ C:\WINDOWS\system32\Lfkodak.dll
2007-11-29 07:11:48 32768 --a------ C:\WINDOWS\system32\lfgif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-29 07:11:48 35328 --a------ C:\WINDOWS\system32\lffpx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-29 07:11:48 306688 --a------ C:\WINDOWS\system32\Lffpx7.dll <Not Verified; ; Reference Implementation>
2007-11-29 07:11:48 55808 --a------ C:\WINDOWS\system32\lffax70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-29 07:11:48 224768 --a------ C:\WINDOWS\system32\LFCMP70n.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-29 07:11:48 24576 --a------ C:\WINDOWS\system32\lfbmp70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2007-11-29 07:11:47 13824 --a------ C:\WINDOWS\system32\reg32.dll <Not Verified; Hewlett-Packard, GHC; Hewlett-Packard, GHC reg32>
2007-11-29 07:11:47 12288 --a------ C:\WINDOWS\system32\hpsmui.dll <Not Verified; Hewlett-Packard; HPSCNMGR Dynamic Link Library>
2007-11-29 07:11:47 16384 --a------ C:\WINDOWS\system32\hpsj32.dll <Not Verified; Hewlett-Packard Company; HP ScanJet Scanners>
2007-11-29 07:11:47 928 --a------ C:\WINDOWS\system32\hpsj1695.dll
2007-11-29 07:11:47 417792 --a------ C:\WINDOWS\system32\hpscntst.dll <Not Verified; Hewlett-Packard; HP ScanJet Scanner Test>
2007-11-29 07:11:47 245760 --a------ C:\WINDOWS\system32\hpscnmgr.dll <Not Verified; Hewlett-Packard; HPSCNMGR Dynamic Link Library>
2007-11-29 07:11:46 669696 --a------ C:\WINDOWS\system32\ipeistor11.dll <Not Verified; Hewlett-Packard Company; IPEISTOR Dynamic Link Library>
2007-11-29 07:11:45 325120 --a------ C:\WINDOWS\system32\ipebase11.dll <Not Verified; Hewlett-Packard Company; IPEBASE Dynamic Link Library>
2007-11-29 07:11:45 66560 --a------ C:\WINDOWS\system32\ipeapi11.dll <Not Verified; Hewlett-Packard Company; IPEAPI Dynamic Link Library>
2007-11-29 07:11:37 0 d-------- C:\SCANJET
2007-11-29 07:11:25 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-11-29 07:11:08 0 d-------- C:\sj398
2007-11-29 06:06:46 0 d-------- C:\sj404to
2007-11-27 06:08:05 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-23 11:26:17 0 d-------- C:\Program Files\QuickTime
-- Find3M Report ---------------------------------------------------------------
2007-12-19 23:51:01 16 --a------ C:\WINDOWS\popcinfo.dat
2007-12-19 23:39:47 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-15 16:12:42 0 d-------- C:\Program Files\Google
2007-11-29 08:16:59 0 d-------- C:\Documents and Settings\Owner\Application Data\MailFrontier
2007-11-24 11:31:05 512 --a------ C:\ScanSectorLog.dat
2007-11-23 11:29:32 0 d-------- C:\Program Files\iPod
2007-10-23 05:47:17 0 d-------- C:\Program Files\Java
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 12:04 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"CHotkey"="zHotkey.exe" [05/17/2004 07:30 PM C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [09/19/2003 10:09 AM C:\WINDOWS\ShowWnd.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 04:04 PM]
"@"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/17/2005 10:05 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 09:24 PM]
"SoundMan"="SOUNDMAN.EXE" [12/01/2004 05:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [11/10/2004 10:03 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="H:\My Music\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"hpsjbmgr"="C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe" []
"ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 01:00 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [11/22/2004 04:18 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/9/2007 4:14:36 PM]
Billminder.lnk - D:\Program Files\QUICKEN2007\BILLMIND.EXE [9/1/2007 11:52:49 AM]
Quicken Startup.lnk - D:\Program Files\QUICKEN2007\QWDLLS.EXE [9/1/2007 11:52:54 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38ca64f9-5a93-11dc-b56e-0013d32d4d40}]
AutoRun\command- M:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2007-12-20 17:27:06 ------------
extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon 64 Processor 3400+
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 894.48 MiB / 445.64 MiB
Pagefile Memory (total/avail): 2166.25 MiB / 1758.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.31 MiB
C: is Fixed (NTFS) - 182.1 GiB total, 92.81 GiB free.
D: is Fixed (FAT32) - 18.67 GiB total, 15.48 GiB free.
E: is Fixed (FAT32) - 4.2 GiB total, 1.01 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Fixed (FAT32) - 153.35 GiB total, 79.37 GiB free.
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
\\.\PHYSICALDRIVE1 - SAMSUNG SV2001H - 18.68 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 18.68 GiB - D:
\\.\PHYSICALDRIVE0 - ST3200021A - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 182.1 GiB - C:
\PARTITION1 - Unknown - 4.21 GiB - E:
\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device
\\.\PHYSICALDRIVE6 - HDS72251 6VLAT20 USB Device - 153.38 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 153.38 GiB - H:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: ZoneAlarm Security Suite Firewall v7.0.462.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.462.000 (Check Point, LTD.)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"H:\\My Music\\iTunes\\iTunes.exe"="H:\\My Music\\iTunes\\iTunes.exe:*:Enabled:iTunes"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=600539OO9
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\600539OO9
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"D:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=600539OO9
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Canon PhotoRecord --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon PowerShot A40 WIA Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PowerShot A40 WIA\Uninst.isu" -c"C:\Program Files\Canon\PowerShot A40 WIA\UNSTD113.dll"
Canon Utilities PhotoStitch 3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities RAW Image Converter --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RAW Image Converter\Uninst.isu"
Canon Utilities RemoteCapture 2.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RemoteCapture\Uninst.isu"
Canon Utilities ZoomBrowser EX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
Citrix Presentation Server Client --> MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
HijackThis 2.0.2 --> "D:\Backup\Down Load\HijackThis.exe" /uninstall
HP PrecisionScan LT Software --> C:\SCANJET\PrecisionScanLT\uninstal.exe C:\SCANJET\PrecisionScanLT\uninstal.cfg
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Links LS 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Games\Links LS 2000\Uninst.isu"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
MultiMedia Software --> C:\Program Files\Video Add-on\uninst.exe
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\Setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton Ghost 9.0 --> MsiExec.exe /X{3C759736-8347-4031-BB9C-D75ADFE6B101}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quicken 2002 Basic --> C:\WINDOWS\IsUninst.exe -f"D:\Program Files\QUICKEN2007\Uninst.isu" -c"D:\Program Files\QUICKEN2007\uninst.dll"
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Recovery Software Suite eMachines --> MsiExec.exe /I{15377C3E-9655-400F-B441-E69F0A6BEAFE}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) -->
Windows XP Media Center Edition 2005 KB890629 -->
Windows XP Media Center Edition 2005 KB890760 -->
Windows XP Media Center Edition 2005 KB895198 -->
Windows XP Media Center Edition 2005 KB895678 -->
ZoneAlarm Security Suite --> D:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type379 / Error
Event Submitted/Written: 12/16/2007 06:47:05 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 00000009.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Event Record #/Type378 / Error
Event Submitted/Written: 12/16/2007 06:47:00 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16574, faulting module mscorie.dll, version 1.1.4322.2407, fault address 0x00005c80.
Processing media-specific event for [iexplore.exe!ws!]
Event Record #/Type349 / Error
Event Submitted/Written: 12/09/2007 11:11:02 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application JewelQuest.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type348 / Error
Event Submitted/Written: 12/09/2007 11:10:52 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 110758212.
Event Record #/Type347 / Error
Event Submitted/Written: 12/09/2007 11:10:43 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 110758212.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2397 / Warning
Event Submitted/Written: 12/18/2007 09:57:35 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Event Record #/Type2374 / Error
Event Submitted/Written: 12/18/2007 07:15:52 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ASPI32 service failed to start due to the following error:
%%2
Event Record #/Type2370 / Error
Event Submitted/Written: 12/18/2007 07:14:19 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type2369 / Error
Event Submitted/Written: 12/18/2007 07:06:36 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
Event Record #/Type2368 / Error
Event Submitted/Written: 12/18/2007 07:06:34 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
-- End of Deckard's System Scanner: finished at 2007-12-20 17:27:06 ------------
Thanks again!
-
Thanks!
I followed the steps, it didn't ask to replace wininet.dll, it did launch disk cleanup 2X's??? Also it did remove my desktop background. here are the results from rapport.txt...
SmitFraudFix v2.269
Scan done at 7:05:46.31, Tue 12/18/2007
Run from C:\Documents and Settings\Owner\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\wowlze.dll Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Helper\ Deleted
C:\Program Files\Video Add-on\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2D3F4D4E-306E-47F7-806B-7A969424972C}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2D3F4D4E-306E-47F7-806B-7A969424972C}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2D3F4D4E-306E-47F7-806B-7A969424972C}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
-
Thanks,
I ran HostsXpert with all the steps. Same result with smitfraudfix. I also tried it with firefox.
Edit: I shutdown zone alarm and got smitfraudfix, here's the log.
SmitFraudFix v2.269
Scan done at 12:50:19.92, Sun 12/16/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
H:\My Music\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\QUICKEN2007\QWDLLS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\wowlze.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Helper\ FOUND !
C:\Program Files\Video Add-on\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
DNS Server Search Order: 205.171.3.65
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2D3F4D4E-306E-47F7-806B-7A969424972C}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2D3F4D4E-306E-47F7-806B-7A969424972C}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2D3F4D4E-306E-47F7-806B-7A969424972C}: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 205.171.3.65
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
-
SmitfraudFix (by S!Ri) to your Desktop.
Thanks for helping MoNsTeR!
When I click on...
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
I get 'Internet explorer cannot display webpage.'
I tried http://siri.urz.free.fr and clicked on smitfraudfix, same result.
Edit: BTW it has also hijaked my homepage to http://iesecurepages.com/redirect.php
Edit II: I ran ms malicious software removal tool from http://www.microsoft.com/security/malwareremove/default.mspx
That seems to have gotten rid of the messages (and the hijack).
I re ran hjt, here's the log
Regards
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:16 AM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
H:\My Music\iTunes\iTunesHelper.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\QUICKEN2007\QWDLLS.EXE
D:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
D:\Backup\Down Load\HJTInstall.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [showWnd] ShowWnd.exe
O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\My Music\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = D:\Program Files\QUICKEN2007\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\Program Files\QUICKEN2007\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196101136996
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6500 bytes
-
Hi,
I'm getting messages about having spyware when I start ie. the first one is a message box telling me I have W32.Myzor.FK@yf and wanting me to buyt he removal tool. then I get a ballon saying it found Trojan-Spy.Win32@mx and wanting me to buy he removal tool, Help!
Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:14 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
H:\My Music\iTunes\iTunesHelper.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\QUICKEN2007\QWDLLS.EXE
D:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
D:\Backup\Down Load\HJTInstall.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: IE Custom Tools - {F2BADA0D-FD61-45EF-A994-64A073FD6613} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [showWnd] ShowWnd.exe
O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\My Music\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hpsjbmgr] C:\SCANJET\PrecisionScanLT\hpsjbmgr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Billminder.lnk = D:\Program Files\QUICKEN2007\BILLMIND.EXE
O4 - Global Startup: Quicken Startup.lnk = D:\Program Files\QUICKEN2007\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.securesoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196101136996
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7052 bytes
Remove Trojans
in Malware Removal
Posted
Thanks sarahw! all looks good.
Thanks for he links too.