mauilaui

December 28, 2007

Please download SmitfraudFix (by S!Ri) to your Desktop. (Some AV's will say that parts of it are malware, they are not.)
Now, you should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with the combofix log(below).
Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post
C:\rapport.txt
c:\Combofix.txt
in your next reply .
Warning : running option #2 on a non infected computer will remove your Desktop background.

Thank you for the instruction. As directed:

SmitFraudFix v2.274

Scan done at 20:47:44.59, Thu 12/27/2007

Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

127.0.0.1 localhost

S!Ri's WS2Fix: LSP not Found.

GenericRenosFix by S!Ri

C:\WINDOWS\privacy_danger\ Deleted

C:\DOCUME~1\Owner\Desktop\Error Cleaner.url Deleted

C:\DOCUME~1\Owner\Desktop\Privacy Protector.url Deleted

C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url Deleted

C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url Deleted

C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url Deleted

C:\DOCUME~1\Owner\FAVORI~1\Spyware?Malware Protection.url Deleted

IEDFix.exe by S!Ri

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: DhcpNameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: NameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9FE299B7-D42F-44D5-9EFF-19CBB1D76B88}: NameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DF176388-2A0B-4F27-AFD7-9A9594E821B7}: NameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F10AE339-AE5C-4793-9074-737A3C21CD99}: DhcpNameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CS1\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: DhcpNameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CS1\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: NameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CS1\Services\Tcpip\..\{9FE299B7-D42F-44D5-9EFF-19CBB1D76B88}: NameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CS1\Services\Tcpip\..\{DF176388-2A0B-4F27-AFD7-9A9594E821B7}: NameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CS1\Services\Tcpip\..\{F10AE339-AE5C-4793-9074-737A3C21CD99}: DhcpNameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CS2\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: DhcpNameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CS2\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: NameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CS2\Services\Tcpip\..\{9FE299B7-D42F-44D5-9EFF-19CBB1D76B88}: NameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CS2\Services\Tcpip\..\{DF176388-2A0B-4F27-AFD7-9A9594E821B7}: NameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CS2\Services\Tcpip\..\{F10AE339-AE5C-4793-9074-737A3C21CD99}: DhcpNameServer=85.255.115.155,85.255.112.128

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.155 85.255.112.128

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.155 85.255.112.128

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.155 85.255.112.128

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"="kdgzt.exe"

Registry Cleaning done.

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

C:\WINDOWS\system32\kdgzt.exe Deleted

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

And

ComboFix 07-12-28.1 - Owner 2007-12-27 21:01:50.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.65 [GMT -6:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\FunWebProducts

C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Program Files\internet explorer\msimg32.dll

C:\Program Files\MediaVideoCodec

C:\Program Files\MediaVideoCodec\install.ico

C:\Program Files\MediaVideoCodec\MediaVideoCodec.ocx

C:\Program Files\MediaVideoCodec\Uninstall.exe

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Cache\000543C7

C:\Program Files\MyWebSearch\bar\Cache\002689D8

C:\Program Files\MyWebSearch\bar\Cache\01DBD059

C:\Program Files\MyWebSearch\bar\Cache\0446A138.bin

C:\Program Files\MyWebSearch\bar\Cache\0446A251.bin

C:\Program Files\MyWebSearch\bar\Cache\0446A31C.bin

C:\Program Files\MyWebSearch\bar\Cache\0446A3F7.bin

C:\Program Files\MyWebSearch\bar\Cache\0AEB93B9

C:\Program Files\MyWebSearch\bar\Cache\20C471A6.bin

C:\Program Files\MyWebSearch\bar\Cache\20C47EE5.bin

C:\Program Files\MyWebSearch\bar\Cache\20C4806B.bin

C:\Program Files\MyWebSearch\bar\Cache\20C48146.bin

C:\Program Files\MyWebSearch\bar\Cache\20C48202

C:\Program Files\MyWebSearch\bar\Cache\297F776C

C:\Program Files\MyWebSearch\bar\Cache\37811BAD

C:\Program Files\MyWebSearch\bar\Cache\files.ini

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\History\search2

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S

C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files\MyWebSearch\bar\Settings\setting2.htm

C:\Program Files\MyWebSearch\bar\Settings\settings.dat

C:\WINDOWS\alxvdvm.dll

C:\WINDOWS\bvtqfvx.dll

C:\WINDOWS\dat.txt

C:\WINDOWS\domnftwmnf.dll

C:\WINDOWS\emlkdvo.dll

C:\WINDOWS\fvkwdrt.exe

C:\WINDOWS\rs.txt

C:\WINDOWS\search_res.txt

.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))

.

2007-12-27 20:48 . 2007-12-27 20:48 3,112 --a------ C:\WINDOWS\system32\tmp.reg

2007-12-27 20:47 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2007-12-27 20:47 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-12-27 20:47 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe

2007-12-27 20:47 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-12-27 20:47 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-12-27 20:47 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-12-26 19:18 . 2007-09-17 10:09 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys

2007-12-26 19:18 . 2007-09-17 10:09 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys

2007-12-26 19:17 . 2007-12-26 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro

2007-12-23 16:56 . 2007-12-23 16:56 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2007-12-23 12:51 . 2007-09-17 10:09 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-12-23 12:49 . 2007-12-25 21:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6

2007-12-23 11:58 . 2007-12-25 22:43 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6

2007-12-23 09:57 . 2007-12-26 21:04 <DIR> d-------- C:\Program Files\AdwareRemover2007

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-27 03:19 --------- d-----w C:\Program Files\Trend Micro

2007-12-23 23:35 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-24 21:36 --------- d-----w C:\Program Files\Disney

2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-29 03:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks

2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-11 06:13 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll

2007-10-11 06:13 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-11 06:13 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-11 06:13 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-11 06:13 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-11 06:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-10-11 06:13 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll

2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-11 06:13 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-11 06:13 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll

2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-10-11 06:13 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll

2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll

2007-10-10 11:16 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]

"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 20:07]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 12:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 11:00]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 04:36]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 16:11]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 06:12]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 06:11]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 17:04]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 14:24]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 14:54]

"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 06:50]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-11-25 20:24]

"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 16:42]

"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-17 10:05]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-14 23:11:40]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 09:18]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-27 21:09:44

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-27 21:10:18

.

2007-12-22 15:26:07 --- E O F ---

December 27, 2007

Greetings. I am in a bad spot as my laptop has been taken over. I could not tell you what website or email caused my issued, but they are severe. My "home" pag changes on its own to an antivius solicitation (adwareremover2007 or apantiviruspro) and the system is constantly prompting to scan for virus activity. My hijackthis log is below. Thank you greatly in advance for whatever help you can provide.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:54:28 PM, on 12/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Common Files\AOL\1139417063\ee\aolsoftware.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

c:\program files\common files\aol\1139417063\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe

c:\program files\common files\aol\1139417063\ee\aolsoftware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Trend Micro\Internet Security\UfNavi.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {4AAC4708-FE47-4B80-92EF-47406444DDD2} - (no file)

O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O2 - BHO: (no name) - {6FFE49B7-F475-4EAB-8E80-E5D74C4E8D5F} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: BDEX System - {C2DE4340-CB68-450F-90CD-9BE1A26739D7} - C:\WINDOWS\domnftwmnf.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: The emlkdvo - {47906C8A-7A72-45A8-AA59-0CEC20BD3B36} - C:\WINDOWS\emlkdvo.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: NameServer = 85.255.115.155,85.255.112.128

O17 - HKLM\System\CCS\Services\Tcpip\..\{9FE299B7-D42F-44D5-9EFF-19CBB1D76B88}: NameServer = 85.255.115.155,85.255.112.128

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF176388-2A0B-4F27-AFD7-9A9594E821B7}: NameServer = 85.255.115.155,85.255.112.128

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.155 85.255.112.128

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.155 85.255.112.128

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.155 85.255.112.128

O21 - SSODL: bvtqfvx - {5C2E186F-3425-4913-8E62-B5100228571E} - C:\WINDOWS\bvtqfvx.dll

O21 - SSODL: alxvdvm - {9141B5B7-20FB-4498-832A-84F7E47A1BFC} - C:\WINDOWS\alxvdvm.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 9171 bytes

Sign In

mauilaui

Content Count

Joined

Last visited

Content Type

Profiles

Forums

Calendar

Posts posted by mauilaui

Malware Issues[INACTIVE]

Malware Issues[INACTIVE]

Browse

Activity