Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Once again i need your help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Once again i need your help

Unread postby benderbuddie » November 23rd, 2007, 8:31 am

Here is the Combofix.exe log. And a happy belated thanksgiving!

ComboFix 07-11-19.3 - Thomas Bender 2007-11-22 23:40:16.10 - NTFSx86
Running from: C:\Documents and Settings\Thomas Bender\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.

2007-11-22 23:39 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2007-11-22 23:33 <DIR> d-------- C:\Documents and Settings\Thomas Bender\Application Data\Grisoft
2007-11-22 23:33 <DIR> d-------- C:\Documents and Settings\Thomas Bender\Application Data\Comodo
2007-11-22 13:35 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
2007-11-19 09:19 <DIR> d-------- C:\Documents and Settings\Dan Bender\Application Data\Grisoft
2007-11-19 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 09:18 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-11-18 21:37 <DIR> d-------- C:\Documents and Settings\Dan Bender\Application Data\MSN6
2007-11-11 03:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-10 20:50 1,197,294 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
2007-11-10 20:50 764,868 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
2007-11-10 20:50 217,118 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
2007-11-10 20:49 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-10 20:46 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-11-10 20:46 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-11-10 15:47 <DIR> d-------- C:\Documents and Settings\Dan Bender\Application Data\Ruckus Network
2007-11-10 15:40 <DIR> d-------- C:\Program Files\Bonjour
2007-11-10 15:39 <DIR> d-------- C:\Program Files\Ruckus Player
2007-11-09 20:17 139,536 --a------ C:\WINDOWS\SYSTEM32\javaee.dll
2007-11-09 20:17 53,520 --a------ C:\WINDOWS\setdebug.exe
2007-11-09 03:05 128,896 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmgr.sys
2007-11-09 03:05 30,208 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmc.exe
2007-11-09 03:05 16,896 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltlib.dll
2007-11-09 03:03 129,316 --a------ C:\WINDOWS\SYSTEM32\TZLog.log
2007-11-08 10:00 <DIR> d-------- C:\Program Files\iTunes
2007-11-08 09:56 <DIR> d-------- C:\Program Files\QuickTime
2007-11-08 07:20 584,192 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2007-11-07 20:16 <DIR> d-------- C:\Documents and Settings\Dan Bender\Application Data\Comodo
2007-11-07 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-07 20:12 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-07 20:11 <DIR> d-------- C:\Program Files\Comodo
2007-11-07 20:07 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-11-07 20:07 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2007-11-07 20:06 34,136 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll.mui
2007-11-07 20:06 25,944 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl.mui
2007-11-07 20:06 25,944 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll.mui
2007-11-07 20:06 20,312 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll.mui
2007-11-07 00:21 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-11-05 08:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-01 16:46 7,168 --a------ C:\WINDOWS\SYSTEM32\windows
2007-10-24 13:14 <DIR> d-------- C:\Documents and Settings\Dan Bender\Application Data\TrojanHunter
2007-10-24 08:45 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-10-23 18:38 694,201 ---hs---- C:\WINDOWS\SYSTEM32\iabpiorb.ini
2007-10-23 12:02 143 --a------ C:\WINDOWS\SYSTEM32\mcrh.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 15:59 --------- d-----w C:\Program Files\Picasa
2007-11-17 01:20 --------- d-----w C:\Program Files\WildTangent
2007-11-10 01:00 --------- d-----w C:\Documents and Settings\Dan Bender\Application Data\Apple Computer
2007-11-08 15:00 --------- d-----w C:\Program Files\iPod
2007-11-06 23:47 165,392 ----a-w C:\Documents and Settings\Dan Bender\Application Data\GDIPFONTCACHEV1.DAT
2007-11-06 19:44 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-06 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-05 17:38 --------- d-----w C:\Program Files\Pure Networks
2007-11-05 17:28 --------- d-----w C:\Documents and Settings\Dan Bender\Application Data\AOL
2007-10-22 18:25 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-22 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-22 13:34 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-10-22 01:53 164 ----a-w C:\install.dat
2007-10-21 22:53 --------- d-----w C:\Program Files\Webroot
2007-10-21 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-21 22:50 --------- d-----w C:\Documents and Settings\Dan Bender\Application Data\Webroot
2007-10-21 18:51 --------- d-----w C:\Documents and Settings\Dan Bender\Application Data\Error Safe Free
2007-10-20 23:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-17 15:01 --------- d-----w C:\Program Files\RegCure
2007-10-17 02:53 --------- d-----w C:\Documents and Settings\Dan Bender\Application Data\Talkback
2007-10-16 16:38 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2007-10-15 18:21 --------- d-----w C:\Program Files\Java
2007-10-09 03:29 --------- d-----w C:\Documents and Settings\Dan Bender\Application Data\AdobeUM
2007-10-09 03:28 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-01 20:40 1,526,072 ----a-w C:\WINDOWS\WRSetup.dll
2007-10-01 20:24 23,864 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-01 20:24 21,816 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-01 20:24 20,280 ----a-w C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-10-01 20:24 163,640 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2007-03-11 23:57 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2003-12-04 23:24 812 ----a-w C:\Program Files\INSTALL.LOG
2005-03-15 03:42 475 --sh--w C:\WINDOWS\SYSTEM32\wbpu.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"cw04RVb2U"="shrpmsg.exe" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-05-25 12:51]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 19:22]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44]
"pdfFactory Dispatcher v1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe" [2002-10-30 16:59]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-02-11 17:10]
"LifeScape Media Detector"="C:\Program Files\Picasa\PicasaMediaDetector.exe" [2004-04-11 17:51]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-11 19:33]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"HostManager"="C:\Program Files\Common Files\AOL\1100820089\ee\AOLSoftware.exe" [2006-09-25 19:52]
"nwiz"="nwiz.exe" [2003-10-06 14:16 C:\WINDOWS\SYSTEM32\nwiz.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 18:36]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-17 14:48]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 15:40]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\SYSTEM32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 22:59]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-12-17 02:44:07]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 18:06:54]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-12-27 17:47:22]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2003-12-24 15:46:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
S3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\System32\drivers\NMSCFG.SYS
S3 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys

*Newly Created Service* - HIDSERV
.
Contents of the 'Scheduled Tasks' folder
"2007-11-19 23:48:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-23 04:33:28 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-08 11:37:17 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-22 21:13:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 23:43:25
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-22 23:45:13
C:\ComboFix2.txt ... 2007-11-16 21:13
C:\ComboFix3.txt ... 2007-11-16 21:06
.
--- E O F ---
benderbuddie
Regular Member
 
Posts: 17
Joined: October 23rd, 2007, 3:22 pm
Location: Ohio
Advertisement
Register to Remove

Re: Once again i need your help

Unread postby askey127 » November 23rd, 2007, 11:54 am

benderbuddie,
Thanks. Happy Holiday to you also, if you are in a location that celebrates it.
I would suggest you Uninstall WildTangent.
Then:
-----------------------------------------------------------
Disable WinXP System Restore
Disable your System Restore to remove malware files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing them. The only way to erase these files is to temporarily disable System Restore. You will lose all previous Restore points, including those likely to be infected, and a new Restore Point will be established..
- Right-click My Computer, and then click Properties.
- On the System Restore tab, put a Check mark in the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
If you are not prompted to reboot, do it on your own.
-----------------------------------------------------------
After the Reboot,
Enable WinXP System Restore
- Right-click My Computer, and then click Properties.
- On the System Restore tab, Clear the Check mark beside the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
The Disable/Re-enable System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.
-----------------------------------------------------------
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the Combofix and the /u
    • Image
  • When shown the disclaimer, Select "2"
The above procedure will :
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.
-----------------------------------------------------------
Let's check once more:
Post a New HiJackThis Log
Reboot your computer. Start HijackThis (reveal.exe).
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Once again i need your help

Unread postby benderbuddie » November 30th, 2007, 12:20 am

that uninstalled combofix.exe and here is the hijackthis . . sorry it took so long but i have been extremely busy at school and havent taken the time to fix my computer


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:01 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1100820089\ee\AOLSoftware.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LifeScape Media Detector] "C:\Program Files\Picasa\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1100820089\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} - http://205.159.125.199/central/02030106 ... ontent.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://81.216.10.59/cult.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testge ... nstall.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/commo ... snoopy.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 4483939453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4483929515
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/softwar ... launch.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/Pe ... lAsst2.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/ ... Client.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {ECF5F2BD-C78B-4C6F-91BB-2A311FCCA4C7} - http://www.shockwave.com/content/combat ... online.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11326 bytes
benderbuddie
Regular Member
 
Posts: 17
Joined: October 23rd, 2007, 3:22 pm
Location: Ohio

Re: Once again i need your help

Unread postby askey127 » November 30th, 2007, 6:52 pm

benderbuddie,
Looks OK.
If you are good with the performance of your PC, I think it's good as well.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Once again i need your help

Unread postby askey127 » December 23rd, 2007, 7:37 am

Glad we could be of assistance. This topic is now closed. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
Please do not contact us to reopen this topic if you are not the topic starter.
A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

You can help support this site from this link : Donations For Malware Removal
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 116 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware