mauilaui
-
Content Count
2 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by mauilaui
-
-
Greetings. I am in a bad spot as my laptop has been taken over. I could not tell you what website or email caused my issued, but they are severe. My "home" pag changes on its own to an antivius solicitation (adwareremover2007 or apantiviruspro) and the system is constantly prompting to scan for virus activity. My hijackthis log is below. Thank you greatly in advance for whatever help you can provide.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:28 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\AOL\1139417063\ee\aolsoftware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
c:\program files\common files\aol\1139417063\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1139417063\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4AAC4708-FE47-4B80-92EF-47406444DDD2} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: (no name) - {6FFE49B7-F475-4EAB-8E80-E5D74C4E8D5F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: BDEX System - {C2DE4340-CB68-450F-90CD-9BE1A26739D7} - C:\WINDOWS\domnftwmnf.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: The emlkdvo - {47906C8A-7A72-45A8-AA59-0CEC20BD3B36} - C:\WINDOWS\emlkdvo.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: NameServer = 85.255.115.155,85.255.112.128
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FE299B7-D42F-44D5-9EFF-19CBB1D76B88}: NameServer = 85.255.115.155,85.255.112.128
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF176388-2A0B-4F27-AFD7-9A9594E821B7}: NameServer = 85.255.115.155,85.255.112.128
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.155 85.255.112.128
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.155 85.255.112.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.155 85.255.112.128
O21 - SSODL: bvtqfvx - {5C2E186F-3425-4913-8E62-B5100228571E} - C:\WINDOWS\bvtqfvx.dll
O21 - SSODL: alxvdvm - {9141B5B7-20FB-4498-832A-84F7E47A1BFC} - C:\WINDOWS\alxvdvm.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9171 bytes
Malware Issues[INACTIVE]
in Malware Removal
Posted
Thank you for the instruction. As directed:
SmitFraudFix v2.274
Scan done at 20:47:44.59, Thu 12/27/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\privacy_danger\ Deleted
C:\DOCUME~1\Owner\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Spyware?Malware Protection.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: DhcpNameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: NameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9FE299B7-D42F-44D5-9EFF-19CBB1D76B88}: NameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DF176388-2A0B-4F27-AFD7-9A9594E821B7}: NameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F10AE339-AE5C-4793-9074-737A3C21CD99}: DhcpNameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: DhcpNameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: NameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9FE299B7-D42F-44D5-9EFF-19CBB1D76B88}: NameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DF176388-2A0B-4F27-AFD7-9A9594E821B7}: NameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F10AE339-AE5C-4793-9074-737A3C21CD99}: DhcpNameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: DhcpNameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9B089F64-D02A-4C6F-A0BC-B79D9EA3D9E8}: NameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9FE299B7-D42F-44D5-9EFF-19CBB1D76B88}: NameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DF176388-2A0B-4F27-AFD7-9A9594E821B7}: NameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F10AE339-AE5C-4793-9074-737A3C21CD99}: DhcpNameServer=85.255.115.155,85.255.112.128
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.155 85.255.112.128
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.155 85.255.112.128
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.155 85.255.112.128
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdgzt.exe"
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\kdgzt.exe Deleted
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» End
And
ComboFix 07-12-28.1 - Owner 2007-12-27 21:01:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.65 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MediaVideoCodec
C:\Program Files\MediaVideoCodec\install.ico
C:\Program Files\MediaVideoCodec\MediaVideoCodec.ocx
C:\Program Files\MediaVideoCodec\Uninstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\000543C7
C:\Program Files\MyWebSearch\bar\Cache\002689D8
C:\Program Files\MyWebSearch\bar\Cache\01DBD059
C:\Program Files\MyWebSearch\bar\Cache\0446A138.bin
C:\Program Files\MyWebSearch\bar\Cache\0446A251.bin
C:\Program Files\MyWebSearch\bar\Cache\0446A31C.bin
C:\Program Files\MyWebSearch\bar\Cache\0446A3F7.bin
C:\Program Files\MyWebSearch\bar\Cache\0AEB93B9
C:\Program Files\MyWebSearch\bar\Cache\20C471A6.bin
C:\Program Files\MyWebSearch\bar\Cache\20C47EE5.bin
C:\Program Files\MyWebSearch\bar\Cache\20C4806B.bin
C:\Program Files\MyWebSearch\bar\Cache\20C48146.bin
C:\Program Files\MyWebSearch\bar\Cache\20C48202
C:\Program Files\MyWebSearch\bar\Cache\297F776C
C:\Program Files\MyWebSearch\bar\Cache\37811BAD
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\alxvdvm.dll
C:\WINDOWS\bvtqfvx.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\domnftwmnf.dll
C:\WINDOWS\emlkdvo.dll
C:\WINDOWS\fvkwdrt.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.
2007-12-27 20:48 . 2007-12-27 20:48 3,112 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-27 20:47 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-27 20:47 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-27 20:47 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-27 20:47 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-27 20:47 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-27 20:47 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-26 19:18 . 2007-09-17 10:09 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2007-12-26 19:18 . 2007-09-17 10:09 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2007-12-26 19:17 . 2007-12-26 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-12-23 16:56 . 2007-12-23 16:56 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-23 12:51 . 2007-09-17 10:09 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-23 12:49 . 2007-12-25 21:48 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2007-12-23 11:58 . 2007-12-25 22:43 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2007-12-23 09:57 . 2007-12-26 21:04 <DIR> d-------- C:\Program Files\AdwareRemover2007
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 03:19 --------- d-----w C:\Program Files\Trend Micro
2007-12-23 23:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-24 21:36 --------- d-----w C:\Program Files\Disney
2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 03:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-11 06:13 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:13 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:13 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:13 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:13 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:13 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:13 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:13 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 20:07]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 12:07]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 11:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 04:36]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 16:11]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 06:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 06:11]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 17:04]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 14:24]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 14:54]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 06:50]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-11-25 20:24]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 16:42]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-09-17 10:05]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-14 23:11:40]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 09:18]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 21:09:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-27 21:10:18
.
2007-12-22 15:26:07 --- E O F ---