Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I believe my computer is infected with malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I believe my computer is infected with malware

Unread postby JLHJR » March 10th, 2008, 6:52 pm

Hello I have been having problems with my computer running slow for the past couple of months please help.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:43 PM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
C:\Program Files\Grisoft\AVG AntiSpyware 7.5\guard.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\SYSTEM32\ZONELABS\avsys\ScanningProcess.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\Google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\googletoolbar3.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [2wSysTray] "C:\Program Files\2Wire\2PortalMon.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [rcnaip] c:\windows\system32\rcnaip.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\YAHOO!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/c ... dot2_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F141395-C5AC-43DC-ABA9-095DED7DBBDA}: NameServer = 85.255.113.205,85.255.112.66
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Unknown owner - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE (file missing)

--
End of file - 12771 bytes
JLHJR
Active Member
 
Posts: 9
Joined: March 10th, 2008, 3:59 pm
Advertisement
Register to Remove

Re: I believe my computer is infected with malware

Unread postby Shaba » March 15th, 2008, 6:55 am

Hi JLHJR

How much RAM you have?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I believe my computer is infected with malware

Unread postby JLHJR » March 17th, 2008, 10:42 pm

Hello Shaba

640 MB of RAM
JLHJR
Active Member
 
Posts: 9
Joined: March 10th, 2008, 3:59 pm

Re: I believe my computer is infected with malware

Unread postby Shaba » March 18th, 2008, 9:39 am

Hi

Thanks for the info.

We'll continue with this:

Please click this link-->Jotti

Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

c:\windows\system32\rcnaip.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I believe my computer is infected with malware

Unread postby JLHJR » March 18th, 2008, 5:26 pm

Hello

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
JLHJR
Active Member
 
Posts: 9
Joined: March 10th, 2008, 3:59 pm

Re: I believe my computer is infected with malware

Unread postby Shaba » March 19th, 2008, 5:22 am

Hi

Does that file exist anyway?

Please do the following:

Please do a search:
  • Go "Start">"Search">"All Files and Folders"
  • Enter rcnaip.exe in "All or part of file name"
  • Select "More advanced options"
  • Check-mark "Search System Folders", "Search hidden files and folders", and "Search subfolders".
  • Click "Search".

And tell me results :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I believe my computer is infected with malware

Unread postby JLHJR » March 19th, 2008, 2:30 pm

Hi Shaba

I don't think that file exist, no sign of it in my search
JLHJR
Active Member
 
Posts: 9
Joined: March 10th, 2008, 3:59 pm

Re: I believe my computer is infected with malware

Unread postby Shaba » March 19th, 2008, 2:41 pm

Hi

Thanks for the info.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lo ... areout.exe

  • Save it to your desktop and run it. Click Next, then Install, make sure Run fixit is checked and click Finish.
  • The fix will begin; follow the prompts.
  • You will be asked to reboot your computer; please do so.
  • Your system may take longer than usual to load; this is normal.
  • Once the desktop loads, post the text that will open (report.txt) and a new Hijackthis log in the forum please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I believe my computer is infected with malware

Unread postby JLHJR » March 19th, 2008, 5:32 pm

Hi

Username - 03/19/2008 16:05:00 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdohq.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.205 85.255.112.66" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5F141395-C5AC-43DC-ABA9-095DED7DBBDA}
"nameserver"="85.255.113.205,85.255.112.66" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{C85DF9C9-E711-4604-8E22-B83A200D8236}
"DhcpNameServer"="85.255.113.205,85.255.112.66" <Value cleared.

Could not flush the DNS Resolver Cache: Function failed during execution.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\TEMP\kdohq.ren 63453 08/04/2004

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"Microsoft Works Portfolio"="\"C:\\Program Files\\Microsoft Works\\WksSb.exe\" /AllUsers"
"Microsoft Works Update Detection"="\"C:\\Program Files\\Microsoft Works\\WkDetect.exe\""
"AdaptecDirectCD"="\"C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"Sunkist2k"="\"C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe\""
"QuickFinder Scheduler"="\"C:\\Program Files\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\""
"2wSysTray"="\"C:\\Program Files\\2Wire\\2PortalMon.exe\""
"IPInSightMonitor 01"="\"C:\\Program Files\\SBC Yahoo!\\Connection Manager\\IP InSight\\IPMon32.exe\""
"Motive SmartBridge"="C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"rcnaip"="c:\\windows\\system32\\rcnaip.exe"
"YOP"="\"C:\\PROGRA~1\\YAHOO!\\YOP\\yop.exe\" /autostart"
"UserFaultCheck"="C:\\WINDOWS\\system32\\dumprep 0 -u"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"ISTray"="\"C:\\Program Files\\Spyware Doctor\\pctsTray.exe\""
"KernelFaultCheck"="C:\\WINDOWS\\system32\\dumprep 0 -k"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:22 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\SYSTEM32\ZONELABS\avsys\ScanningProcess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [2wSysTray] "C:\Program Files\2Wire\2PortalMon.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [rcnaip] c:\windows\system32\rcnaip.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\YAHOO!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User '?')
O4 - HKUS\S-1-5-21-583907252-688789844-1060284298-1004\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-583907252-688789844-1060284298-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-583907252-688789844-1060284298-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User 'Default user')
O4 - S-1-5-21-583907252-688789844-1060284298-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/c ... dot2_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12785 bytes
Last edited by JLHJR on March 19th, 2008, 5:47 pm, edited 1 time in total.
JLHJR
Active Member
 
Posts: 9
Joined: March 10th, 2008, 3:59 pm

Re: I believe my computer is infected with malware

Unread postby JLHJR » March 19th, 2008, 5:39 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:22 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\SYSTEM32\ZONELABS\avsys\ScanningProcess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [2wSysTray] "C:\Program Files\2Wire\2PortalMon.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [rcnaip] c:\windows\system32\rcnaip.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\YAHOO!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User '?')
O4 - HKUS\S-1-5-21-583907252-688789844-1060284298-1004\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-583907252-688789844-1060284298-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-583907252-688789844-1060284298-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User 'Default user')
O4 - S-1-5-21-583907252-688789844-1060284298-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/c ... dot2_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12785 bytes
JLHJR
Active Member
 
Posts: 9
Joined: March 10th, 2008, 3:59 pm

Re: I believe my computer is infected with malware

Unread postby Shaba » March 20th, 2008, 4:55 am

Hi

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

After that, please post back a fresh HijackThis log :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I believe my computer is infected with malware

Unread postby JLHJR » March 20th, 2008, 11:57 am

Hi

I'm running ZoneAlarm Security Suite with firewall, anti-virus and anti-spyware
JLHJR
Active Member
 
Posts: 9
Joined: March 10th, 2008, 3:59 pm

Re: I believe my computer is infected with malware

Unread postby Shaba » March 20th, 2008, 1:01 pm

Hi

Thanks for letting me know.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)
    Image
  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)
    Image
  • Now click on the Save as Text button
  • Savethe file to your desktop.
  • Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only! Keep ALL other programs closed during the scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I believe my computer is infected with malware

Unread postby JLHJR » March 20th, 2008, 9:00 pm

Hello
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 20, 2008 7:55:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/03/2008
Kaspersky Anti-Virus database records: 647414
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 73760
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 02:44:36

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\TEMP\2wswlog\2PortalMon_Debug.txt Object is locked skipped
C:\WINDOWS\TEMP\ZLT065f3.TMP Object is locked skipped
C:\WINDOWS\TEMP\ZLT0661d.TMP Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\SchedLog.Txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\Z1J1B4.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\log\log.txt Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\Program Files\SBC Self Support Tool\log\mpbtn.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\SmartBridge.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\AlertFilter.log Object is locked skipped
C:\Documents and Settings\Jesse L High\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jesse L High\Local Settings\Temp\~DF28E.tmp Object is locked skipped
C:\Documents and Settings\Jesse L High\Local Settings\Temp\~DFF8AC.tmp Object is locked skipped
C:\Documents and Settings\Jesse L High\Local Settings\Temp\~DFF940.tmp Object is locked skipped
C:\Documents and Settings\Jesse L High\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jesse L High\Local Settings\History\History.IE5\MSHist012008032020080321\index.dat Object is locked skipped
C:\Documents and Settings\Jesse L High\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jesse L High\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jesse L High\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jesse L High\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jesse L High\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jesse L High\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jesse L High\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jesse L High\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jesse L High\Application Data\Webroot\Spy Sweeper\Logs\080320104242.ses Object is locked skipped
C:\Documents and Settings\Jesse L High\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB1B802D1-6297-4532-852D-78A8EB26D8C9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC2D95FEE-23B3-416C-AC3D-A5087EC6D7C8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS81FD3541-C551-42D9-90FD-D8A160A51AC3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEC979B79-1791-4695-B7CB-A1E7E29D8285.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBC027FF7-4353-48C7-9105-7FA960D4009F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS51B67B26-B010-42A8-9853-CAA254C86274.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4E752315-5D70-4797-AE44-6F8B6F34B5A9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS90A14FEB-7454-414B-B41D-45E2B0E451DE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS17C9EF15-FA87-4162-A9E6-D955EB7C91BA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE2D62447-881C-44CE-889B-EC740320D4DA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB7B470EE-CB36-4AFC-ADA6-495DE790FAD7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD407A0B6-827C-4679-8349-555A8EF46B8C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS707B49BD-2AA0-472E-862E-7EC42677FD51.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA99C7457-6DA3-431B-B3C3-704BF911C8F9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS419E5FCC-482E-4802-AA29-EEC502D45779.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS430299CE-7B17-4E1D-B2AA-70A85206A5C8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2D790E15-B16E-490C-9F4B-BD90638A1230.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBDBA9B42-B24B-4756-9C66-15CCBF0639F0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB59A4027-A011-4C06-9C29-AC04DB8E878C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3A81C031-FB86-49DB-98A4-55BB29775098.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE33877D0-F494-4D14-B405-5B57ACD4CD78.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9AE213A4-CEB0-47B6-802A-B0B720B1AA7F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDB3F152C-A84A-4380-968A-EC30526436BA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5AC292C0-8D72-46C1-9FC1-BF83344E5BBA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCEC21384-61C3-47E0-884B-883DD5E53AAE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS32BB0B5A-1C01-428A-B7F1-72F34F34EE3F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5C202EBB-5693-4540-A1F4-BEE6F87EE83D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAA211E25-0140-498B-B948-F27824D39E01.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4FFA450A-7E4E-42DA-BCA7-3E26A96DFA75.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4DCE536E-4306-4285-A80A-7FEBCC093CF4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3F645B5E-993E-4FF0-ABE8-01D72114D8BF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS364D85D5-1C54-458E-840F-3CDA051FBEEE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2AC7A451-2701-4523-8C55-2D348095D495.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA2630FBE-C77F-48F6-A30A-38BCA27EE162.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6DB44008-B58B-47EE-BA43-EB407A58BB01.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS893BAA4E-4D15-4C22-A3F0-D4EF0BDB1491.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS59207E55-B081-4673-82F5-26080B9DB112.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB54DE406-F6A4-4BF6-8F36-6099AF17DC08.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8EDE202E-2EB5-444A-B2A0-AF3EEF0AD5AE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEDE13EC4-FB0A-42CA-B126-8C79FFBDA5C0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS64C7B19C-B0EC-47AC-8259-8ACA09580A91.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS47BA4AFF-92EB-42B5-9202-D5A67BB33CC9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS95CD5C19-A80D-4D46-8203-EA4BE9B4C7EE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE98A7FBF-93ED-45A4-BFF0-DB49AA4FCB2E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS26FA8C4B-1701-4ABD-B1F5-F21E0E4B199A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4AF30BB3-5EB6-46D5-85A6-5D90F1653157.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5328432C-A4CE-4B0F-80B1-E00126F4620C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDFA815AD-0C3C-4433-821F-F61EDAE3E1C6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD5BB1413-082A-4419-B163-AAC97782040F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS180CA72E-B36F-41FA-BDC7-84C9A2085580.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS90A742FE-09BC-43B9-AA78-D98B03B636BB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4AEC39CC-2A3A-400B-BE37-A8ACF3593A1A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4BDDA89F-1958-4510-A4EE-6E3B17311D4D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4B47EC21-56C3-4CA4-9FDE-DB570DC38E16.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE3474FAE-5CB8-4827-905E-9AE96C9F0D87.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC3DDE8D9-4EC1-4255-B6E6-1DD89213ECE6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS54B20A80-51AE-422F-AC9F-1E4FA60B74A2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS16368C51-6956-47DD-9225-F7D2EF4A0E16.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS65D3AA46-2FF7-48BB-B461-E823300D8E26.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS800EE167-EC8D-4D39-B7B5-A622EC6581CC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5033521D-CFA1-41F8-B60F-6D6482723E8D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS153E98A3-0CDF-4CD5-965A-0CB2ADC98220.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9C1A2564-EE74-4496-9995-5E68A3D03A58.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2BF01327-E72D-415D-878D-B448B19D3158.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA1FF7F24-B7C2-4A91-9D28-FC2A7418C1CC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC051C70D-B58C-4150-8FA6-7222E4AD681D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2F222E32-A1D7-418A-AA7C-66634330955E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6C468D51-4EF8-48BF-817B-D3B3484E58E6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCE78639F-FD2E-4F30-8779-43E3C6B303A9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8C84E836-CB31-4945-B40C-D4B57382C123.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2A4C10F2-7685-4342-8BD2-BA5E40E120C9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS96A8A682-65B2-4A65-9BAA-7DB332AE2A83.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0FBEE8D9-1BB4-4508-9D6E-9B75EB323DBB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEBB13870-5C98-4EBE-9B57-B4E41DCC7898.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS442AD5C8-8F15-460E-8C76-26D904DC3EA1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS98642294-CF59-4AE2-ADC9-37D5333ED401.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1CDF719B-D706-47E4-B12D-8542AE9004E7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4D7183C7-8710-4E8C-9F80-5066DE4C966D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDF5178F7-28A9-48A9-8530-79F01EB58BE2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5639BBB4-0DE0-406D-815E-9474207C8871.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5D1087D6-D443-4655-9254-7295C180EE69.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB8394CE1-6DB1-4497-A9DD-3B1F121BF3E3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8051DF3D-71C4-4EB2-BDD1-8C12724194DF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS852A82FB-54E3-4F3F-9F75-430E61641738.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE9EBFD71-460A-4371-BE67-799A8F72665A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF066D791-935E-4FDC-B287-3D1E45EFDBC5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS505ABB1D-4B38-4172-BDD3-224C3AC509B7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS50C1FA0D-E43C-423F-BDCC-DBCBA790DC83.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS74D28BAF-553A-44C5-9503-3D8856EAB21E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{0088C4E6-5A1D-41AC-80F3-7B5BE382B524}\RP10\change.log Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:02 PM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\YAHOO!\YOP\yop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\WINDOWS\SYSTEM32\ZONELABS\avsys\ScanningProcess.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Microsoft Works\WkDetect.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [2wSysTray] "C:\Program Files\2Wire\2PortalMon.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [rcnaip] c:\windows\system32\rcnaip.exe
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\YAHOO!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User '?')
O4 - HKUS\S-1-5-21-583907252-688789844-1060284298-1004\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-583907252-688789844-1060284298-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-583907252-688789844-1060284298-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPM7] "C:\Program Files\Steganos Password Manager 7\spm7.exe" -firstboot (User 'Default user')
O4 - S-1-5-21-583907252-688789844-1060284298-1004 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/c ... dot2_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12968 bytes
JLHJR
Active Member
 
Posts: 9
Joined: March 10th, 2008, 3:59 pm

Re: I believe my computer is infected with malware

Unread postby Shaba » March 21st, 2008, 7:55 am

Hi

Fix this with HijackThis (open HijackThis, click do a system scan only and checkmark it. Close all windows including browser and press fix checked):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 63 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware