Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I don't know what to do - hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I don't know what to do - hijackthis log

Unread postby Athlon51423 » May 17th, 2008, 4:10 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:17 PM, on 5/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Linda\Application Data\U3\00001675C6700CBB\LaunchPad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: (no name) - {C1F49C47-813A-479D-BDCF-4B9BF8B0B48E} - (no file)
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: ssqngaqo - ssqNGAqo.dll (file missing)
O21 - SSODL: mpfanvqg - {6AFCC47E-94C8-4A1E-B3D9-D0F49982299D} - C:\WINDOWS\mpfanvqg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7481 bytes






My computer is constantly attempting to send emails to addresses I don't know and all of the emails are rather adult. Symantec and zonealarm are blocking these emails but it shows hundreds of messages saying that it was block. Also, I had to remove something called Winspywareprotect.
Thanks for your help
Athlon51423
Active Member
 
Posts: 9
Joined: May 17th, 2008, 4:05 pm
Advertisement
Register to Remove

Re: I don't know what to do - hijackthis log

Unread postby dan12 » May 17th, 2008, 6:00 pm

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: I don't know what to do - hijackthis log

Unread postby dan12 » May 17th, 2008, 6:26 pm

DISABLE Spyware Doctor
It is a good program, but ... it may hinder the removal of some HijackThis entries. You can re-enable it after you're clean.
From within Spyware Doctor, click the "OnGuard" button on the left side.
Uncheck "Activate OnGuard".

We need to temporarily disable the Real-time Protection on Windows Defender as it may interfere with the HijackThis fixes we make.
  • Open Windows Defender
  • Click Tools => General Settings
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • Click Save
  • Close Windows Defender
After all of the fixes are complete it is very important that you enable Real-time Protection again.




Please disable the Ad-Aware 2007 Service as it may interfere with the fix.
  • On your desktop, click Start.
  • Choose Run.
  • Type services.msc in the open box and click OK or press Enter.
  • Scroll down the list of services and double-click Ad-Aware 2007 Service.
  • In the service properties window that opens, click the STOP button.
  • Under Startup Type, use the pull down menu and select Manual from the list of options.
  • Click OK and exit the Services Control Manager.
  • Reboot your machine for the changes to take effect.
Once your log is clean you can re-enable those settings.
___________________

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: I don't know what to do - hijackthis log

Unread postby Athlon51423 » May 17th, 2008, 8:43 pm

Combofix

ComboFix 08-05-15.3 - Linda 2008-05-17 20:34:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2881 [GMT -4:00]
Running from: C:\Documents and Settings\Linda\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\rekjhfxm.ini
C:\WINDOWS\system32\wEhhQqss.ini
C:\WINDOWS\system32\wEhhQqss.ini2
C:\WINDOWS\system32\wvqowmrl.ini
C:\WINDOWS\system32\wzghui.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_wzghui


((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-17 15:52 . 2008-05-17 15:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 23:54 . 2008-05-15 23:54 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-05-15 23:46 . 2008-05-15 23:46 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-15 23:46 . 2008-05-15 23:46 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-15 23:46 . 2008-05-15 23:46 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-15 23:46 . 2008-05-15 23:46 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-15 23:43 . 2008-05-15 23:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-15 23:36 . 2008-05-15 23:36 <DIR> d-------- C:\Program Files\Uniblue
2008-05-15 23:36 . 2008-05-15 23:36 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\Uniblue
2008-05-15 22:51 . 2008-05-15 23:52 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-15 22:50 . 2008-05-15 22:50 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-14 00:00 . 2008-05-14 00:00 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-13 11:43 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-13 11:43 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-13 11:43 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-13 11:43 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-13 11:43 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-13 11:43 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-13 11:43 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-13 11:43 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-12 21:15 . 2008-05-13 11:44 2,282 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-12 19:34 . 2008-05-12 19:34 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-12 19:06 . 2008-05-12 19:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-12 19:06 . 2008-05-15 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-12 19:05 . 2008-05-12 19:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 04:40 . 2008-05-12 04:40 93,004 --a------ C:\Documents and Settings\Theme1.thmx
2008-05-12 03:08 . 2008-05-13 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-12 03:08 . 2008-05-12 03:08 62,910 --a------ C:\Program Files\Uninstall.exe
2008-05-12 03:08 . 2008-05-12 03:08 0 --a------ C:\Program Files\uninstall.dat
2008-05-12 02:31 . 2008-05-12 02:56 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\TmpRecentIcons
2008-05-12 02:05 . 2008-05-12 02:05 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-12 01:03 . 2008-05-17 16:00 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-12 01:03 . 2008-05-12 01:03 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\PC Tools
2008-05-12 01:03 . 2008-05-17 20:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-12 01:03 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-12 01:03 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-12 01:03 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-12 01:03 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-12 00:59 . 2008-05-12 00:59 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-11 18:57 . 2008-05-11 18:57 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-11 18:28 . 2008-04-13 20:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-05-11 18:28 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-05-11 18:28 . 2008-04-13 20:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-05-10 20:52 . 2008-05-10 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-07 19:33 . 1998-03-05 11:25 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
2008-05-07 19:33 . 1998-03-05 11:34 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2008-05-07 19:32 . 2008-05-07 19:33 <DIR> d-------- C:\SIERRA
2008-05-07 19:32 . 2008-05-07 19:33 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-05-07 19:32 . 1995-03-02 00:42 320,880 --a------ C:\WINDOWS\system32\MFC250.DLL
2008-05-07 19:32 . 1995-01-13 14:10 146,976 --a------ C:\WINDOWS\system32\MFCOLEUI.DLL
2008-05-07 19:32 . 1995-01-13 14:10 125,344 --a------ C:\WINDOWS\system32\MFCO250.DLL
2008-05-07 19:32 . 1995-03-01 03:32 51,920 --a------ C:\WINDOWS\system32\MFCD250.DLL
2008-05-07 19:32 . 1995-01-13 14:10 11,072 --a------ C:\WINDOWS\system32\MFCN250.DLL
2008-05-07 00:34 . 2008-05-07 00:34 <DIR> d-------- C:\Documents and Settings\Linda\WINDOWS
2008-05-07 00:34 . 2008-05-07 19:35 833 --a------ C:\WINDOWS\SIERRA.INI
2008-05-06 09:37 . 2008-05-06 09:37 0 --a------ C:\WINDOWS\Path.idx
2008-05-02 05:52 . 2008-05-02 05:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-02 05:47 . 2008-05-15 22:55 <DIR> d-------- C:\Program Files\Google
2008-05-02 05:46 . 2008-05-02 05:46 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\AdobeUM
2008-05-02 05:44 . 2008-05-02 05:44 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-02 05:44 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-02 05:43 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-02 05:43 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-02 05:43 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-02 05:43 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-02 05:43 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-02 05:43 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-02 05:43 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-02 05:33 . 2008-05-02 05:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-02 05:33 . 2008-05-12 21:41 <DIR> d-------- C:\temp
2008-05-02 05:33 . 2008-05-02 05:43 <DIR> d-------- C:\Program Files\Hp
2008-05-02 03:02 . 2008-05-02 03:02 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-02 03:02 . 2008-05-02 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-01 15:32 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-01 15:32 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-01 15:32 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-01 15:32 . 2008-03-01 09:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-01 15:32 . 2008-03-01 09:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-01 15:32 . 2008-03-01 09:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-01 15:32 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-01 15:32 . 2008-03-01 09:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-01 15:32 . 2008-02-22 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-30 19:10 . 2008-05-14 00:00 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\U3
2008-04-30 19:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-30 19:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-30 19:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-30 19:06 . 2008-04-30 19:06 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-30 19:06 . 2008-04-30 16:07 <DIR> d-------- C:\Program Files\Realtek
2008-04-30 19:06 . 2008-03-07 11:57 106,624 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-04-30 19:06 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-30 19:06 . 2008-04-30 19:06 22,093 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-04-30 19:06 . 2004-08-13 14:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-04-30 19:05 . 2008-04-30 19:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-30 19:05 . 2008-04-30 19:05 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-30 19:05 . 2007-07-31 23:39 12,536 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-04-30 19:03 . 2008-04-30 19:05 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-30 19:03 . 2008-04-30 19:03 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-30 19:02 . 2008-04-30 19:02 <DIR> dr-h----- C:\MSOCache
2008-04-30 19:02 . 2008-05-17 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-30 18:58 . 2008-04-30 18:58 <DIR> d-------- C:\WINDOWS\system32\FinePointLib
2008-04-30 18:58 . 2008-04-30 17:35 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-30 18:58 . 2008-04-30 17:32 <DIR> d-------- C:\Program Files\Common Files\Verizon Online
2008-04-30 18:58 . 2008-04-30 17:35 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-04-30 18:58 . 2008-04-30 19:06 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-30 18:58 . 2005-01-13 19:56 287,808 --a------ C:\WINDOWS\system32\VerizonUninstaller.exe
2008-04-30 18:58 . 2005-01-19 23:07 128,064 --a------ C:\WINDOWS\system32\VZGUninstall.dll
2008-04-30 18:58 . 2003-05-29 23:05 49,210 --a------ C:\WINDOWS\system32\vzServices.dll
2008-04-30 18:38 . 2008-04-30 18:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-30 18:38 . 2008-04-30 18:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-30 18:38 . 2008-04-30 18:38 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-30 18:34 . 2008-04-30 19:05 <DIR> d-------- C:\Program Files\MSBuild
2008-04-30 18:32 . 2008-05-11 18:56 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-30 18:32 . 2008-04-30 18:32 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-30 18:31 . 2008-05-12 07:15 <DIR> d-------- C:\28b4251d539d3627a5
2008-04-30 18:31 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-30 18:25 . 2008-04-30 18:25 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-04-30 16:39 . 2008-04-30 16:39 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-30 16:39 . 2008-04-30 16:39 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-30 16:38 . 2008-04-30 16:38 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-30 16:38 . 2008-04-30 16:38 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\ATI
2008-04-30 16:22 . 2008-04-30 16:22 670 --a------ C:\WINDOWS\setup.iss
2008-04-30 16:21 . 2008-04-30 16:22 <DIR> d-------- C:\Program Files\ASUS
2008-04-30 16:21 . 2004-02-27 03:00 962,612 --a------ C:\WINDOWS\system32\mfc42d.dll
2008-04-30 16:21 . 2004-02-17 03:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-04-30 16:21 . 2006-01-10 04:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 00:37 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-12 23:12 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-05-12 23:12 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-04-30 21:50 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-30 21:50 --------- d-----w C:\Program Files\Verizon Online
2008-04-30 21:42 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-30 21:42 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-30 21:42 110,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-30 21:42 --------- d-----w C:\Program Files\Symantec
2008-04-30 21:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-30 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-30 21:35 --------- d-----w C:\Program Files\Motive
2008-04-30 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-04-30 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-04-30 21:22 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 00:12 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:45 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 18:39 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys
2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 15:35 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 13:01 1923352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2002-05-18 12:04 327680]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 05:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 15:35 90112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [2008-04-30 17:35:04 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"= {6AFCC47E-94C8-4A1E-B3D9-D0F49982299D} - C:\WINDOWS\mpfanvqg.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqngaqo]
ssqNGAqo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\autorun\command - E:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 20:38:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
.
**************************************************************************
.
Completion time: 2008-05-17 20:40:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 00:40:22

Pre-Run: 235,872,731,136 bytes free
Post-Run: 236,008,828,928 bytes free

327 --- E O F --- 2008-05-17 19:44:43






HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:28 PM, on 5/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: (no name) - {C1F49C47-813A-479D-BDCF-4B9BF8B0B48E} - (no file)
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: ssqngaqo - ssqNGAqo.dll (file missing)
O21 - SSODL: mpfanvqg - {6AFCC47E-94C8-4A1E-B3D9-D0F49982299D} - C:\WINDOWS\mpfanvqg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7183 bytes
Athlon51423
Active Member
 
Posts: 9
Joined: May 17th, 2008, 4:05 pm

Re: I don't know what to do - hijackthis log

Unread postby dan12 » May 18th, 2008, 7:11 am

1. Close any open browsers.

2. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
   File::
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\mpfanvqg.dll
C:\WINDOWS\system32\kr_done1de

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqngaqo]


DirLook::
C:\28b4251d539d3627a5


    


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt

Post the combo and malwarebytes report
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: I don't know what to do - hijackthis log

Unread postby Athlon51423 » May 18th, 2008, 9:49 am

ComboFix 08-05-15.3 - Linda 2008-05-18 9:23:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2816 [GMT -4:00]
Running from: C:\Documents and Settings\Linda\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Linda\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\mpfanvqg.dll
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\kr_done1de
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\kr_done1de
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-17 15:52 . 2008-05-17 15:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 23:54 . 2008-05-15 23:54 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-05-15 23:46 . 2008-05-15 23:46 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-15 23:46 . 2008-05-15 23:46 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-15 23:46 . 2008-05-15 23:46 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-15 23:46 . 2008-05-15 23:46 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-15 23:43 . 2008-05-15 23:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-15 23:36 . 2008-05-15 23:36 <DIR> d-------- C:\Program Files\Uniblue
2008-05-15 23:36 . 2008-05-15 23:36 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\Uniblue
2008-05-15 22:51 . 2008-05-18 09:19 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-15 22:50 . 2008-05-15 22:50 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-14 00:00 . 2008-05-14 00:00 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-12 19:34 . 2008-05-12 19:34 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-12 19:06 . 2008-05-12 19:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-12 19:06 . 2008-05-15 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-12 19:05 . 2008-05-12 19:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 04:40 . 2008-05-12 04:40 93,004 --a------ C:\Documents and Settings\Theme1.thmx
2008-05-12 03:08 . 2008-05-13 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-12 03:08 . 2008-05-12 03:08 62,910 --a------ C:\Program Files\Uninstall.exe
2008-05-12 03:08 . 2008-05-12 03:08 0 --a------ C:\Program Files\uninstall.dat
2008-05-12 02:31 . 2008-05-12 02:56 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\TmpRecentIcons
2008-05-12 02:05 . 2008-05-12 02:05 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-12 01:03 . 2008-05-17 16:00 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-12 01:03 . 2008-05-12 01:03 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\PC Tools
2008-05-12 01:03 . 2008-05-17 20:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-12 01:03 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-12 01:03 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-12 01:03 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-12 01:03 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-11 18:57 . 2008-05-11 18:57 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-11 18:28 . 2008-04-13 20:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-05-11 18:28 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-05-11 18:28 . 2008-04-13 20:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-05-10 20:52 . 2008-05-10 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-07 19:33 . 1998-03-05 11:25 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
2008-05-07 19:33 . 1998-03-05 11:34 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2008-05-07 19:32 . 2008-05-07 19:33 <DIR> d-------- C:\SIERRA
2008-05-07 19:32 . 2008-05-07 19:33 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-05-07 19:32 . 1995-03-02 00:42 320,880 --a------ C:\WINDOWS\system32\MFC250.DLL
2008-05-07 19:32 . 1995-01-13 14:10 146,976 --a------ C:\WINDOWS\system32\MFCOLEUI.DLL
2008-05-07 19:32 . 1995-01-13 14:10 125,344 --a------ C:\WINDOWS\system32\MFCO250.DLL
2008-05-07 19:32 . 1995-03-01 03:32 51,920 --a------ C:\WINDOWS\system32\MFCD250.DLL
2008-05-07 19:32 . 1995-01-13 14:10 11,072 --a------ C:\WINDOWS\system32\MFCN250.DLL
2008-05-07 00:34 . 2008-05-07 00:34 <DIR> d-------- C:\Documents and Settings\Linda\WINDOWS
2008-05-07 00:34 . 2008-05-07 19:35 833 --a------ C:\WINDOWS\SIERRA.INI
2008-05-06 09:37 . 2008-05-06 09:37 0 --a------ C:\WINDOWS\Path.idx
2008-05-02 05:52 . 2008-05-02 05:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-02 05:47 . 2008-05-15 22:55 <DIR> d-------- C:\Program Files\Google
2008-05-02 05:46 . 2008-05-02 05:46 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\AdobeUM
2008-05-02 05:44 . 2008-05-02 05:44 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-02 05:44 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-02 05:43 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-02 05:43 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-02 05:43 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-02 05:43 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-02 05:43 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-02 05:43 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-02 05:43 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-02 05:33 . 2008-05-02 05:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-02 05:33 . 2008-05-12 21:41 <DIR> d-------- C:\temp
2008-05-02 05:33 . 2008-05-02 05:43 <DIR> d-------- C:\Program Files\Hp
2008-05-02 03:02 . 2008-05-02 03:02 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-02 03:02 . 2008-05-02 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-01 15:32 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-01 15:32 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-01 15:32 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-01 15:32 . 2008-03-01 09:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-01 15:32 . 2008-03-01 09:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-01 15:32 . 2008-03-01 09:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-01 15:32 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-01 15:32 . 2008-03-01 09:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-01 15:32 . 2008-02-22 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-30 19:10 . 2008-05-14 00:00 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\U3
2008-04-30 19:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-30 19:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-30 19:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-30 19:06 . 2008-04-30 19:06 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-30 19:06 . 2008-04-30 16:07 <DIR> d-------- C:\Program Files\Realtek
2008-04-30 19:06 . 2008-03-07 11:57 106,624 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-04-30 19:06 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-30 19:06 . 2008-04-30 19:06 22,093 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-04-30 19:06 . 2004-08-13 14:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-04-30 19:05 . 2008-04-30 19:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-30 19:05 . 2008-04-30 19:05 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-30 19:05 . 2007-07-31 23:39 12,536 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-04-30 19:03 . 2008-04-30 19:05 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-30 19:03 . 2008-04-30 19:03 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-30 19:02 . 2008-04-30 19:02 <DIR> dr-h----- C:\MSOCache
2008-04-30 19:02 . 2008-05-17 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-30 18:58 . 2008-04-30 18:58 <DIR> d-------- C:\WINDOWS\system32\FinePointLib
2008-04-30 18:58 . 2008-04-30 17:35 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-30 18:58 . 2008-04-30 17:32 <DIR> d-------- C:\Program Files\Common Files\Verizon Online
2008-04-30 18:58 . 2008-04-30 17:35 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-04-30 18:58 . 2008-04-30 19:06 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-30 18:58 . 2005-01-13 19:56 287,808 --a------ C:\WINDOWS\system32\VerizonUninstaller.exe
2008-04-30 18:58 . 2005-01-19 23:07 128,064 --a------ C:\WINDOWS\system32\VZGUninstall.dll
2008-04-30 18:58 . 2003-05-29 23:05 49,210 --a------ C:\WINDOWS\system32\vzServices.dll
2008-04-30 18:38 . 2008-04-30 18:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-30 18:38 . 2008-04-30 18:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-30 18:38 . 2008-04-30 18:38 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-30 18:34 . 2008-04-30 19:05 <DIR> d-------- C:\Program Files\MSBuild
2008-04-30 18:32 . 2008-05-11 18:56 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-30 18:32 . 2008-04-30 18:32 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-30 18:31 . 2008-05-12 07:15 <DIR> d-------- C:\28b4251d539d3627a5
2008-04-30 18:31 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-30 18:25 . 2008-04-30 18:25 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-04-30 16:39 . 2008-04-30 16:39 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-30 16:39 . 2008-04-30 16:39 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-30 16:38 . 2008-04-30 16:38 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-30 16:38 . 2008-04-30 16:38 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\ATI
2008-04-30 16:22 . 2008-04-30 16:22 670 --a------ C:\WINDOWS\setup.iss
2008-04-30 16:21 . 2008-04-30 16:22 <DIR> d-------- C:\Program Files\ASUS
2008-04-30 16:21 . 2004-02-27 03:00 962,612 --a------ C:\WINDOWS\system32\mfc42d.dll
2008-04-30 16:21 . 2004-02-17 03:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-04-30 16:21 . 2006-01-10 04:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-04-30 16:21 . 2006-10-18 15:12 12,664 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-04-30 16:21 . 2006-10-19 06:11 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-04-30 16:21 . 2006-10-19 06:11 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-04-30 16:20 . 2008-04-30 16:20 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-30 16:20 . 2008-04-30 16:20 <DIR> d-------- C:\Program Files\AMD
2008-04-30 16:20 . 2008-04-30 16:20 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\InstallShield
2008-04-30 16:20 . 2006-07-02 01:39 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-04-30 16:20 . 2008-04-30 16:20 22,604 --a------ C:\WINDOWS\Ascd_log.ini
2008-04-30 16:10 . 2008-04-30 16:13 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-30 16:08 . 2008-04-30 18:28 <DIR> d-------- C:\WINDOWS\system32\RTCOM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 12:09 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-16 03:13 1,366,528 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-12 23:12 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-05-12 23:12 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-05-12 23:12 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-30 22:59 155,995 ----a-w C:\WINDOWS\java\Packages\973FLBHB.ZIP
2008-04-30 21:50 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-30 21:50 --------- d-----w C:\Program Files\Verizon Online
2008-04-30 21:42 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-30 21:42 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-30 21:42 48,768 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-30 21:42 110,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-30 21:42 --------- d-----w C:\Program Files\Symantec
2008-04-30 21:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-30 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-30 21:35 --------- d-----w C:\Program Files\Motive
2008-04-30 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-04-30 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-04-30 21:22 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:45 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\28b4251d539d3627a5 ----



((((((((((((((((((((((((((((( snapshot@2008-05-17_20.39.49.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 00:37:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-18 12:08:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-09-06 22:03:02 4,280,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-29 04:07:58 24,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
- 2008-05-17 19:44:38 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-05-18 03:40:32 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-17 19:44:39 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-18 03:40:32 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-17 19:44:39 159,504 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-18 03:40:32 159,504 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-05-17 19:44:39 184,080 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-18 03:40:32 184,080 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-05-17 19:44:39 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-18 03:40:32 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-17 19:44:39 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-18 03:40:32 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-17 19:44:39 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-18 03:40:32 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-17 19:44:39 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-18 03:40:32 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-17 19:44:39 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-18 03:40:32 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-17 19:44:39 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-18 03:40:32 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-17 19:44:39 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-18 03:40:32 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-17 19:44:38 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-18 03:40:32 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-05-18 00:37:31 13,403 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ATI\ACE\Manifest.Bin
+ 2008-05-18 12:08:44 13,403 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ATI\ACE\Manifest.Bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 15:35 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 13:01 1923352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2002-05-18 12:04 327680]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 05:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 15:35 90112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [2008-04-30 17:35:04 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\autorun\command - E:\LaunchU3.exe -a

*Newly Created Service* - catchme

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 09:25:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-18 9:26:04
ComboFix-quarantined-files.txt 2008-05-18 13:26:01
ComboFix2.txt 2008-05-18 00:40:29

Pre-Run: 235,976,368,128 bytes free
Post-Run: 235,947,540,480 bytes free

358 --- E O F --- 2008-05-18 03:40:34








Malwarebytes' Anti-Malware 1.12
Database version: 760

Scan type: Full Scan (C:\|)
Objects scanned: 78799
Time elapsed: 16 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.bnwx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\wzghui.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP1\A0000003.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP11\A0012061.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP11\A0012062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP13\A0015221.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP7\A0000110.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP8\A0005112.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP8\A0005113.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP8\A0005118.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
Athlon51423
Active Member
 
Posts: 9
Joined: May 17th, 2008, 4:05 pm

Re: I don't know what to do - hijackthis log

Unread postby dan12 » May 18th, 2008, 2:45 pm

Hi, could I see a further HJT log please, hope things are starting to improve!
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: I don't know what to do - hijackthis log

Unread postby Athlon51423 » May 18th, 2008, 7:33 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:01 PM, on 5/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: (no name) - {C1F49C47-813A-479D-BDCF-4B9BF8B0B48E} - (no file)
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6835 bytes
Athlon51423
Active Member
 
Posts: 9
Joined: May 17th, 2008, 4:05 pm

Re: I don't know what to do - hijackthis log

Unread postby dan12 » May 19th, 2008, 3:02 pm

Ok, your log is looking a lot better, It looks like you may have two firewalls on this machine as norton normally is bundled with a firewall and you have zone alarm, two firewalls will not play well to gether.
Can I suggest if you have the paid for norton to remove zone alarm via add and remove programs.

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
O3 - Toolbar: (no name) - {C1F49C47-813A-479D-BDCF-4B9BF8B0B48E} - (no file)
WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

post a fresh HJT log and let me know how things are.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: I don't know what to do - hijackthis log

Unread postby Athlon51423 » May 20th, 2008, 9:04 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:39 PM, on 5/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6629 bytes



The system is only running one firewall, zonealarm. The symantec is the antivirus only.
Athlon51423
Active Member
 
Posts: 9
Joined: May 17th, 2008, 4:05 pm

Re: I don't know what to do - hijackthis log

Unread postby Athlon51423 » May 20th, 2008, 10:13 pm

The system is running fine now. One issue (not sure if it is related) is that IE7 is not showing any graphics or pictures...Other than that its perfect
Athlon51423
Active Member
 
Posts: 9
Joined: May 17th, 2008, 4:05 pm

Re: I don't know what to do - hijackthis log

Unread postby dan12 » May 21st, 2008, 4:42 am

Go to internet properties, advanced tab and then reset all to defaults. Try that and see how it works and let us know.
Failing that a possible reinstall of Internet explorer 7
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: I don't know what to do - hijackthis log

Unread postby NonSuch » May 31st, 2008, 3:46 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware