Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need my computer checked out!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need my computer checked out!!!

Unread postby streetcar23 » November 5th, 2008, 4:36 am

I was told that i may need my computer checked out after removing a trojan. here is my HJT report....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:19 AM, on 11/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: (no name) - {44EDF944-60DB-6E03-F24D-69E34A9CFDED} - (no file)
O2 - BHO: (no name) - {65FD665E-EB6A-5F93-D757-64557BAE7A12} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [Omnipage] "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2811] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2811NetInstaller.exe" -nag
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Registry Defender] "C:\Program Files\Registry Defender Trial\RegClean.exe"
O4 - HKCU\..\Run: [Azbdpkcf] C:\WINDOWS\system32\gjcht.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKLM\..\Policies\Explorer\Run: [y70Bc0du6M] C:\Documents and Settings\All Users\Application Data\fidajwxi\xwpavmjs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xdm080YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/573/online.chm::/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-111555555555} - ms-its:mhtml:file://C:\document.mhtml!http://www.ultra-galleries.com/counter/images/load.chm::/init.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} - http://www.amiuptodate.com/vsc/bin/1,0, ... Portal.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O21 - SSODL: E404Helper - {19404988-e736-4140-b19b-f37b32a14ffe} - (no file)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Error Reporting Service ERSvcRpcLocator (ERSvcRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Human Interface Device Access HidServMcNASvc (HidServMcNASvc) - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Services mcmscsvcAOLService (mcmscsvcAOLService) - Unknown owner - C:\WINDOWS\
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Network Agent McNASvcRasMan (McNASvcRasMan) - Unknown owner - C:\WINDOWS\
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Real-time Scanner McShieldmcmscsvc (McShieldmcmscsvc) - Unknown owner - C:\WINDOWS\
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Portable Media Serial Number Service WmdmPmSNWmiApSrv (WmdmPmSNWmiApSrv) - Unknown owner - C:\WINDOWS\

--
End of file - 10246 bytes
streetcar23
Active Member
 
Posts: 6
Joined: November 5th, 2008, 4:25 am
Advertisement
Register to Remove

Re: Need my computer checked out!!!

Unread postby Katana » November 8th, 2008, 6:39 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly Image

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------




Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Need my computer checked out!!!

Unread postby streetcar23 » November 8th, 2008, 6:06 pm

ok i ran the rsit but an error message came up and said it could not find the log.txt , the info.txt is available though. should i post the info.txt or should i rerun the rsit??
streetcar23
Active Member
 
Posts: 6
Joined: November 5th, 2008, 4:25 am

Re: Need my computer checked out!!!

Unread postby Katana » November 8th, 2008, 7:05 pm

Please post the info.txt, and then try running it again.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Need my computer checked out!!!

Unread postby streetcar23 » November 8th, 2008, 7:15 pm

info.txt logfile of random's system information tool 1.04 2008-11-08 17:00:50

======Uninstall list======

-->"C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe® Photoshop® Album Starter Edition 3.0.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Agere Systems AC'97 Modem-->agrsmdel
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Authentium AntiVirus SDK - 2-->MsiExec.exe /I{2E753BE0-7F6F-4C31-AA84-E7F9CCDE3CA9}
Authentium Web Install Helper-->RunDll32 setupapi.dll,InstallHinfSection RemoveFiles 9 AuthUninstall.inf
Canon CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9
CanoScan LiDE20,30 Manual-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}\setup.exe" -l0x9
DVD Creation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF005ABC-1422-4BEC-91C4-DD5935E56AAA}\setup.exe"
DVD X Copy GOLD v2.5.0 (remove only)-->C:\Program Files\321Studios\DVDXCopy GOLD\Uninst.exe
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo Imaging Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java 2 Runtime Environment Standard Edition v1.3.1_18-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68249B78-B714-11D7-88E8-0050DA21757E}\Setup.exe" -uninst
Linksys EasyLink Advisor 1.5 (1010)-->rundll32 C:\PROGRA~1\LINKSY~2\AUInst.dll,ExUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Media-Motor-->C:\WINDOWS\unstall.exe
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Standard for Students and Teachers-->MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Music Visualizer Library 1.4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\setup.exe" -l0x9
Network Smart Capture-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30642CE1-217B-40C0-92E2-6BF849599D9E}\setup.exe" -l0x9
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvsy.inf
OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
OpenMG Limited Patch 3.2-03-02-21-08-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-21-08\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-02-25-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-25-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F33B80-6244-4A70-A233-0DA13B640364}\Setup.exe" -l0x9 UNINSTALL
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
SoundClick Designer Studio-->MsiExec.exe /I{22A657E8-83CC-11D5-A9E1-0050DA0F190F}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
VAIO DeepSea Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3147661C-2807-49EC-B971-3B0F23D95018}\setup.exe"
VAIO Help and Support-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Platform 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF0DD6E9-F673-4466-8353-70B50A506FD9}\setup.exe"
VAIO Media Redistribution 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Media Setup 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CCAC48E4-4B4D-43CB-ABB5-E817E39873B3}\setup.exe" -l0x9
VAIO Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Support-->"c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
VAIO Survey Standalone-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}\setup.exe"
VERITAS RecordNow Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
VERITAS RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
streetcar23
Active Member
 
Posts: 6
Joined: November 5th, 2008, 4:25 am

Re: Need my computer checked out!!!

Unread postby streetcar23 » November 8th, 2008, 7:19 pm

i ran it again, i think mcaffee is caturing it. the mcaffee thing pops up in the corner and says a trojan has been removed.
streetcar23
Active Member
 
Posts: 6
Joined: November 5th, 2008, 4:25 am

Re: Need my computer checked out!!!

Unread postby Katana » November 9th, 2008, 5:47 am

Information


Registry Cleaners

Re. Registry Defender

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

----------------------------------------------------------- -----------------------------------------------------------

Step 1


Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------- -----------------------------------------------------------
Step 2


Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: (no name) - {44EDF944-60DB-6E03-F24D-69E34A9CFDED} - (no file)
O2 - BHO: (no name) - {65FD665E-EB6A-5F93-D757-64557BAE7A12} - (no file)
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)

O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2811] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2811NetInstaller.exe" -nag
O4 - HKCU\..\Run: [Azbdpkcf] C:\WINDOWS\system32\gjcht.exe
O4 - HKLM\..\Policies\Explorer\Run: [y70Bc0du6M] C:\Documents and Settings\All Users\Application Data\fidajwxi\xwpavmjs.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xdm080YYUS
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/573/online.chm::/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-111555555555} - ms-its:mhtml:file://C:\document.mhtml!http://www.ultra-galleries.com/counter/images/load.chm::/init.exe
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O21 - SSODL: E404Helper - {19404988-e736-4140-b19b-f37b32a14ffe} - (no file)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis


----------------------------------------------------------- -----------------------------------------------------------
Step 3


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
----------------------------------------------------------- -----------------------------------------------------------
Step 4

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • MalwareBytes Log
  • ComboFix Log
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Need my computer checked out!!!

Unread postby streetcar23 » November 12th, 2008, 3:29 am

ComboFix 08-11-11.01 - Shanon Kreicar 2008-11-12 2:13:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.230 [GMT -5:00]
Running from: c:\documents and settings\Shanon Kreicar\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Shanon Kreicar\Application Data\CURITY~1
c:\documents and settings\Shanon Kreicar\Application Data\PPPATC~1
c:\documents and settings\Shanon Kreicar\Application Data\SCURIT~1
c:\windows\IE4 Error Log.txt
c:\windows\system32\fnts~1
c:\windows\system32\icroso~1
c:\windows\system32\MSINET.oca
c:\windows\system32\wnstsisv.exe
c:\windows\system32\ymbols~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF


((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-08 17:00 . 2008-11-11 03:36 <DIR> d-------- C:\rsit
2008-11-05 03:29 . 2008-11-05 03:29 <DIR> d-------- c:\program files\Trend Micro
2008-11-02 19:24 . 2008-11-07 01:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-02 19:24 . 2008-11-02 19:24 <DIR> d-------- c:\documents and settings\Shanon Kreicar\Application Data\Malwarebytes
2008-11-02 19:24 . 2008-11-02 19:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-02 19:24 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-02 19:24 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-02 03:48 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-01 04:14 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-01 04:14 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 01:55 --------- d-----w c:\program files\loanntf
2008-11-01 08:16 --------- d-----w c:\documents and settings\Shanon Kreicar\Application Data\AdobeUM
2008-11-01 08:16 --------- d-----w c:\documents and settings\Shanon Kreicar\Application Data\AdobeAUM
2008-11-01 08:16 --------- d-----w c:\documents and settings\Shanon Kreicar\Application Data\ACD Systems
2008-11-01 08:16 --------- d-----w c:\documents and settings\Shanon Kreicar\Application Data\acccore
2008-11-01 00:24 --------- d-----w c:\program files\McAfee
2008-10-03 07:53 --------- d-----w c:\program files\Microsoft Works
2008-10-03 07:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-27 07:16 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-09-26 07:15 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-09-26 07:15 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-09-24 07:59 --------- d-----w c:\documents and settings\All Users\Application Data\fidajwxi
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2006-08-28 19:11 35,608 -c--a-w c:\documents and settings\Shanon Kreicar\Application Data\GDIPFONTCACHEV1.DAT
2001-04-04 17:54 140,505 -c--a-w c:\program files\xlTOC10.CHM
2002-08-29 12:00 94,784 -csh--w c:\windows\twain.dll
2008-04-14 00:11 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2008-04-14 00:12 57,344 --sh--w c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343,040 --sha-w c:\windows\system32\msvcrt.dll
2008-04-14 00:12 551,936 --sh--w c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84,992 --sh--w c:\windows\system32\olepro32.dll
2008-04-14 00:12 11,776 --sh--w c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 389120]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-09 45056]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-05 282624]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 c:\windows\AGRSMMSG.exe]
"nwiz"="nwiz.exe" [2003-03-03 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winan15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winar41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winga72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winir70.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr43.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqx31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
D0CE0C16B1 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-03-03 21:44 4595712 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=2 (0x2)
"NVSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 Winan15;Winan15;c:\windows\system32\Drivers\Winan15.sys [ ]
S0 Winar41;Winar41;c:\windows\system32\Drivers\Winar41.sys [ ]
S0 Winga72;Winga72;c:\windows\system32\Drivers\Winga72.sys [ ]
S0 Winir70;Winir70;c:\windows\system32\Drivers\Winir70.sys [ ]
S0 Winmr43;Winmr43;c:\windows\system32\Drivers\Winmr43.sys [ ]
S0 Winqx31;Winqx31;c:\windows\system32\Drivers\Winqx31.sys [ ]
S3 ldiskl;ldiskl;c:\docume~1\SHANON~1\LOCALS~1\Temp\ldiskl.sys [ ]
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\DRIVERS\rt2500usb.sys [2004-05-07 79616]
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2003-08-18 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe
HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
HKCU-Run-Registry Defender - c:\program files\Registry Defender Trial\RegClean.exe
HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MSConfigStartUp-AOL Fast Start - c:\program files\America Online 9.0b\AOL.EXE
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.EXE
MSConfigStartUp-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\cdaEngine0400.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.cox.net/
R0 -: HKLM-Main,Search Bar = hxxp://red.clientapps.yahoo.com/customi ... earch.html
R1 -: HKCU-Internet Settings,ProxyOverride = localhost
O8 -: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 02:18:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\sqlite_cTd4Y9SkkxhBURF 0 bytes
c:\windows\TEMP\WGANotify.settings 409 bytes

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvcRpcLocator]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServMcNASvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mcmscsvcAOLService]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McNASvcRasMan]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McShieldmcmscsvc]
"ImagePath"="ð%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNWmiApSrv]
"ImagePath"="ð%€|x\01\09 srv"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-11-12 2:25:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 07:25:03

Pre-Run: 2,161,762,304 bytes free
Post-Run: 3,005,390,848 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

213 --- E O F --- 2008-11-02 08:50:23

Malwarebytes' Anti-Malware 1.30
Database version: 1358
Windows 5.1.2600 Service Pack 3

11/2/2008 8:52:56 PM
mbam-log-2008-11-02 (20-52-56).txt

Scan type: Quick Scan
Objects scanned: 78388
Time elapsed: 1 hour(s), 23 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0CE33E7B-B3DB-274A-6FBC-0246C2FE2E57} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Spyware.Sinowal) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\procsmartadm (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wixpo (Rogue.PersonalDefender2009) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\loanntf\ProcSmartAdm.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_RON.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shanon Kreicar\Application Data\Google\mupd1_2_1931888.exe (Rogue.PersonalDefender2009) -> Delete on reboot.

Things seem to be running fine now, thanks for your help!!!!
streetcar23
Active Member
 
Posts: 6
Joined: November 5th, 2008, 4:25 am

Re: Need my computer checked out!!!

Unread postby Katana » November 12th, 2008, 5:51 am

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Need my computer checked out!!!

Unread postby NonSuch » November 18th, 2008, 8:41 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware