![]() |
|
|||||||
| [Pending] HJT Logs - Scan logs posted in the Security & Safety forums; Attached is the SUPERAntiSpyware Scan Log and HijackThis Scan log.... |
|
|
|
#1 |
|
Bronze Member
![]() Join Date: Apr 2008
Posts: 6 PC Experience: Some Experience
|
Attached is the SUPERAntiSpyware Scan Log and HijackThis Scan log.
|
|
|
|
| Advertisement - Register to Remove | |
|
|
|
#2 |
|
Senior Security Analyst
![]() Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,867 PC Experience: Elite PC Guru
|
Please copy and paste your logs...thanks
Please download SDFix from here and save it to your desktop Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Please copy and paste that log in your next reply. ================================= Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer. Please visit this webpage for download links, and instructions for running ComboFix When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require. Caution: Never run and remove files with Combofix unless supervised by a security analyst. NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
__________________
My real name is Eddy
|
|
|
|
|
|
#3 |
|
Bronze Member
![]() Join Date: Apr 2008
Posts: 6 PC Experience: Some Experience
|
SDFix report
Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-13 14:14:05 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog\Application\ESENT] "EventMessageFile"=str(2):"c:\windows\system32\ESE NT.dll" "CategoryMessageFile"=str(2):"c:\windows\system32\ ESENT.dll" scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Prog ram Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled: AOLTsMon" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Prog ram Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled: AOLTopSpeed" "C:\\Program Files\\Common Files\\AOL\\1124420374\\EE\\AOLServiceHost.exe"="C :\\Program Files\\Common Files\\AOL\\1124420374\\EE\\AOLServiceHost.exe:*:E nabled:AOL" "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\ \Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Ena bled:AOL" "F:\\PictureOrganiser.exe"="F:\\PictureOrganiser.e xe:*:Enabled:PictureOrganiser" "E:\\PictureOrganiser.exe"="E:\\PictureOrganiser.e xe:*:Enabled:PictureOrganiser" "C:\\Program Files\\Picture Organiser\\PictureOrganiser.exe"="C:\\Program Files\\Picture Organiser\\PictureOrganiser.exe:*:Enabled:PictureO rganiser" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:* isabled:backWeb-8876480"[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" Remaining Files : Files with Hidden Attributes : Sun 13 Apr 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe" Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Mon 26 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 28 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Fri 5 Sep 2003 1,176,917 ...H. --- "C:\Program Files\Simple Star\My Mix\data\My Mix.exe" Wed 17 Nov 2004 67,944 ...H. --- "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\PhotoShow Deluxe.exe" Sun 1 Jul 2007 2,150 A.SH. --- "C:\Documents and Settings\Owner\Application Data\Roxio\Dragon\DiscInfoCache\TSSTcorp_CD_DVDW_T S-H552B_GA04_300_DICV018_DRGV20100BC.TMP" Finished! |
|
|
|
|
|
#4 |
|
Senior Security Analyst
![]() Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,867 PC Experience: Elite PC Guru
|
And the Combofix..????
__________________
My real name is Eddy
|
|
|
|
|
|
#5 |
|
Bronze Member
![]() Join Date: Apr 2008
Posts: 6 PC Experience: Some Experience
|
My problem is when I go online and if Spyware doctor notification does not block malicious actions, I would get pop-up websites noting it was an Ad by FBrowsing Advisor. This is rarely the case because Spyware doctor will pop up a notification saying it has blocked the malicious action. In general sometimes a page is slow to load. A few times McAfee notifications would say I have some sort of worm or trojan. Please help...Thank You!
Here is my Combofix log report: ComboFix 08-04-13.3 - Owner 2008-04-14 18:35:26.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.250 [GMT -4:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\PlayMP3z C:\Program Files\PlayMP3z\PlayMP3.exe C:\Program Files\PlayMP3z\uninstall.exe C:\WINDOWS\system32\cfx32.ocx C:\WINDOWS\system32\regsvr32.dll C:\WINDOWS\winhelp.ini . ((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))) . 2008-04-13 14:04 . 2008-04-13 14:04 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-12 23:26 . 2008-04-13 14:29 <DIR> d-------- C:\SDFix 2008-04-12 19:41 . 2008-04-12 19:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft 2008-04-12 19:40 . 2008-04-12 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-12 19:40 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-04-12 15:58 . 2008-04-12 15:58 2 --a------ C:\WINDOWS\msoffice.ini 2008-04-12 13:46 . 2008-04-12 13:46 <DIR> d-------- C:\Program Files\CCleaner 2008-04-12 12:53 . 2008-04-12 21:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-12 11:59 . 2008-04-12 16:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-04-12 11:59 . 2008-04-12 11:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com 2008-04-12 11:59 . 2008-04-12 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-31 21:44 . 2008-03-31 21:44 <DIR> d-------- C:\Program Files\Windows Defender 2008-03-28 13:45 . 2008-03-28 13:46 214 --a------ C:\WINDOWS\wininit.ini 2008-03-28 13:14 . 2008-03-28 13:14 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-28 13:14 . 2008-03-28 13:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-28 12:50 . 2008-04-14 07:07 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-03-28 12:50 . 2008-03-28 12:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools 2008-03-28 12:50 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-28 12:50 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-28 12:50 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-03-28 12:50 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-03-27 23:28 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-03-27 22:05 . 2002-09-20 16:51 23,888 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys 2008-03-27 18:46 . 2008-04-12 23:11 <DIR> d-------- C:\Program Files\FBrowsingAdvisor 2008-03-27 18:46 . 2008-03-27 18:46 <DIR> d-------- C:\Program Files\FBrowserAdvisor 2008-03-17 20:04 . 2008-03-26 18:34 <DIR> d-------- C:\Program Files\QLU 2008-03-17 20:04 . 2008-03-26 18:34 <DIR> d-------- C:\Program Files\Drug Guide 10E 2008-03-15 17:02 . 2008-03-15 17:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Move Networks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-04-14 22:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-14 22:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire 2008-04-14 22:14 --------- d-----w C:\Program Files\Lx_cats 2008-04-14 21:13 --------- d-----w C:\Program Files\Norton Security Scan 2008-04-14 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-04-13 22:21 11,340 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat 2008-04-13 17:48 --------- d-----w C:\Program Files\Picasa2 2008-04-12 20:13 --------- d-----w C:\Program Files\Pure Networks 2008-04-12 20:13 --------- d-----w C:\Program Files\Image Broadway 2008-04-12 20:09 --------- d-----w C:\Program Files\Britannica 2005 2008-04-12 20:06 --------- d-----w C:\Program Files\QuickTime 2008-04-12 20:01 --------- d-----w C:\Program Files\iTunes 2008-04-12 19:59 --------- d-----w C:\Program Files\Common Files\AOL 2008-04-12 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-04-12 19:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL 2008-04-12 15:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-01 02:00 --------- d-----w C:\Program Files\BrowsingAdvisor 2008-03-31 17:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-28 02:50 --------- d-----w C:\Program Files\MasterCook 7 2008-03-27 15:00 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-25 23:15 --------- d-----w C:\Program Files\MSECache 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-18 00:04 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-03-15 20:40 --------- d-----w C:\Program Files\LimeWire 2008-03-09 20:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-09 20:18 --------- d-----w C:\Program Files\VTech 2008-03-09 20:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-21 03:56 --------- d-----w C:\Program Files\Viewpoint 2008-02-21 03:56 --------- d-----w C:\Documents and Settings\LocalService\Application Data\ScamBlocker 2008-02-21 03:56 --------- d-----w C:\Documents and Settings\LocalService\Application Data\EarthLink 2008-02-21 03:55 --------- d-----w C:\Program Files\Common Files\Viewpoint 2008-02-21 03:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-02-20 20:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\iLike 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-15 00:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Individual Software 2008-02-13 19:58 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe 2004-10-12 00:46 205,312 ----a-w C:\Program Files\ltefx13n.dll 2004-01-19 19:31 153,600 ----a-w C:\Program Files\ltfil13n.DLL 2004-01-19 18:31 27,648 ----a-w C:\Program Files\lfiff13n.dll 2004-01-19 18:31 20,480 ----a-w C:\Program Files\lfCUT13n.dll 2004-01-19 17:31 453,120 ----a-w C:\Program Files\ltkrn13n.dll 2004-01-19 17:12 89,600 ----a-w C:\Program Files\Lfcgm13n.dll 2004-01-19 16:49 278,016 ----a-w C:\Program Files\LFJ2K13n.dll 2004-01-19 16:49 180,736 ----a-w C:\Program Files\Lfpng13n.dll 2004-01-19 16:47 76,800 ----a-w C:\Program Files\Lfwmf13n.dll 2004-01-19 16:47 509,440 ----a-w C:\Program Files\LFCMW13n.dll 2004-01-19 16:45 420,352 ----a-w C:\Program Files\LFCMP13n.DLL 2004-01-19 16:44 143,872 ----a-w C:\Program Files\lftif13n.dll 2004-01-19 16:36 65,536 ----a-w C:\Program Files\Lfpct13n.dll 2004-01-19 16:36 56,832 ----a-w C:\Program Files\lfpsd13n.dll 2004-01-19 16:36 26,624 ----a-w C:\Program Files\lfpcx13n.dll 2004-01-19 16:36 19,968 ----a-w C:\Program Files\lfpcd13n.dll 2004-01-19 16:36 18,944 ----a-w C:\Program Files\lfmsp13n.dll 2004-01-19 16:35 20,992 ----a-w C:\Program Files\lfimg13n.dll 2004-01-19 16:35 18,944 ----a-w C:\Program Files\lfmac13n.dll 2004-01-19 16:34 31,744 ----a-w C:\Program Files\lfclp13n.dll 2004-01-19 16:34 30,208 ----a-w C:\Program Files\lfbmp13n.dll 2004-01-19 16:33 444,928 ----a-w C:\Program Files\ltimg13n.dll 2004-01-19 16:32 265,216 ----a-w C:\Program Files\LTDIS13n.dll 2000-05-02 09:17 212,480 ----a-w C:\Program Files\PCDLIB32.DLL 1999-11-19 04:00 284,032 ----a-w C:\Program Files\XceedZip.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras \mssysmgr.exe" [2004-12-08 00:03 163840] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 22:36 1207080] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-01-30 14:30 68856] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-02-13 15:58 16384] "71900Tray"="C:\Program Files\VTech\Whiz Kid\System\WhizKidTray.exe" [2007-05-11 16:56 2170880] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360] "iLike"="C:\Program Files\iLike\1.1.27\ilikesidebar.exe" [ ] "iClean"="C:\Program Files\Aladdin Systems\iClean\iClean.exe" [2002-06-24 07:53 212992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 14:50 155648] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 18:04 135168] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 18:55 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 18:51 118784] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 23:24 32768] "CHotkey"="zHotkey.exe" [2005-05-03 17:02 543232 C:\WINDOWS\zHotkey.exe] "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 20:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [2003-11-10 21:23 369664] "SoundMan"="SOUNDMAN.EXE" [2004-10-21 18:20 77824 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2004-10-21 21:44 2744832 C:\WINDOWS\ALCWZRD.EXE] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent .exe" [2005-09-22 19:29 303104] "MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpda te.exe" [2006-01-11 13:05 212992] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdl r.exe" [2005-07-08 19:18 151552] "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 13:49 163840] "LXCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\LXCDtime.dll" [2005-07-11 12:35 69632] "lxcdmon.exe"="C:\Program Files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 13:16 200704] "EzPrint"="C:\Program Files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 07:51 94208] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 05:36 299008] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCh eck.exe" [2003-12-04 13:34 406016] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-17 17:34 185896] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048] "_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\masale rt.exe" [2006-01-06 16:14 327680] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 23:02 53248] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-30 14:31 29744] "Logitech Utility"="LOGI_MWX.EXE" [2003-11-07 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "qlu"="C:\Program Files\QLU\qlu.exe" [2006-04-25 13:06 479232] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "NI.UGA6P_0001_N122M2802"="C:\Documents and Settings\Owner\Desktop\install_en.exe" [ ] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "HostManager"="C:\Program Files\Common Files\AOL\1124420374\EE\AOLHostManager.exe" [ ] "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOL SP Scheduler.exe" [ ] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-10 14:08:24 147456] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-08-18 22:55:20 1742384] Creating Keepsakes Scrapbook Designer Event Reminder.lnk - C:\Program Files\Scrapbook Designer\scrapremind.exe [2004-03-05 15:40:22 339968] Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2005-11-10 18:23:43 282624] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-30 14:30:17 125624] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 05:10:26 282624] KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-02-13 15:58:37 169472] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler] "{d70e9b0f-aabc-4066-8176-c6de84d92fa1}"= C:\WINDOWS\system32\kknwg.dll [ ] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [ ] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~ 1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Picture Organiser\\PictureOrganiser.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support R2 EarthLinkMonitor;EarthLink Monitor Service;"C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe" [2005-01-26 12:47] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2N DIS5.sys [2004-11-01 15:16] S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-30 14:31] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5e197751-197b-11da-9f5a-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 . Contents of the 'Scheduled Tasks' folder "2008-03-25 17:25:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-01 18:34:09 C:\WINDOWS\Tasks\EasyShare Registration Task.job" - C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUS E~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registr ation_7.2.20.2.sxt _RegistrationOffer@16 "2008-04-12 01:00:00 C:\WINDOWS\Tasks\mcafee antispyware.job" - c:\progra~1\mcafee\MCAFEE~1\MASCon.exe "2008-04-14 22:15:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-04-11 19:00:24 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************** ************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-14 18:38:33 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\EarthLink TotalAccess\Accelerator\prplsf.dll PROCESS: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\system32\sensapi.dll -> ?:\WINDOWS\system32\sensapi.dll -> ?:\WINDOWS\system32\SXS.DLL . Completion time: 2008-04-14 18:39:56 ComboFix-quarantined-files.txt 2008-04-14 22:39:48 Pre-Run: 219,620,311,040 bytes free Post-Run: 219,608,018,944 bytes free . 2008-04-12 00:09:24 --- E O F --- Here is my HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:42:53 PM, on 4/14/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe C:\WINDOWS\zHotkey.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Lexmark 6300 Series\lxcdmon.exe C:\Program Files\Lexmark 6300 Series\ezprint.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\progra~1\mcafee\MCAFEE~1\masalert.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr. exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\VTech\Whiz Kid\System\WhizKidTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Aladdin Systems\iClean\iClean.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\lxcdcoms.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Drug Guide 10E\xserver.exe C:\Program Files\McAfee.com\Agent\mcagent.exe c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Owner\Desktop\Unused Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = EarthLink® - Page Not Found R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;localhost R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtim e.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE O4 - HKLM\..\Run: [qlu] C:\Program Files\QLU\qlu.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2802] "C:\Documents and Settings\Owner\Desktop\install_en.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124420374\EE\AOLHostManager.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr. exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [71900Tray] C:\Program Files\VTech\Whiz Kid\System\WhizKidTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate O4 - HKCU\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Creating Keepsakes Scrapbook Designer Event Reminder.lnk = C:\Program Files\Scrapbook Designer\scrapremind.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: bimaculate - {d70e9b0f-aabc-4066-8176-c6de84d92fa1} - C:\WINDOWS\system32\kknwg.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14914 bytes |
|
|
|
|
|
#6 |
|
Senior Security Analyst
![]() Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,867 PC Experience: Elite PC Guru
|
Looks as if this C:\Program Files\PlayMP3z was the problem.It should fix your popup now its gone..
__________________
My real name is Eddy
|
|
|
|
|
|
#7 |
|
Bronze Member
![]() Join Date: Apr 2008
Posts: 6 PC Experience: Some Experience
|
Unfortunately, I still have the problem of pop-up ads from FBrowsing Advisor. I scanned my computer using spyware doctor and my threats were: Adware.PlayMP3z [44 infections], Adware.Mirar [6 infections], Trojan.Generic [1 infection]...
|
|
|
|
![]() |
| Bookmarks |
| Tags |
| logs, Pending:, scan |
Similar discussions...
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Pending: run scan log | dardar07 | [Pending] HJT Logs | 16 | 08-15-2009 07:58 AM |
| Hijackthis scan logs - please proof!/Moved from HJT Logs | huminator | [Pending] HJT Logs | 9 | 04-03-2009 06:08 PM |
| Yet another one to scan please | Slytod | [Fixed] Hijackthis! Logs | 3 | 07-13-2008 12:39 AM |
| Fixed: HiJack This and report scan logs | hkohb2 | [Fixed] Hijackthis! Logs | 1 | 03-08-2008 10:08 PM |
| [Fixed] Scan after Scan after Scan - I'm still not clean :/ | NeedingHelpHere | [Fixed] Hijackthis! Logs | 63 | 07-02-2006 12:23 AM |
| Thread Tools | |
| Display Modes | |
|
|














isabled:backWeb-8876480"














Linear Mode

