Jump to content

blue723

Members
  • Posts

    10
  • Joined

  • Last visited

Everything posted by blue723

  1. Thank God i have a laptop!! I can't get anything to open on my desktop...From WORD files to Excel to ANY basic program!! I am unconnected myself from the internet and am only using my laptop now. PLEASE HELP!!! PLEASE!
  2. Additionally, I just received these messages upon re-start: Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience. 2nd One: DISCover Drop & Play System Executable has encountered a problem and needs to close. We are sorry for the inconvenience.
  3. Hello, I have been getting redirected to different sites automatically. I tried to initiate Malwarebytes, unfortunately it won't start. You guys saved me in the past, so I figured I have some type of infection again, and i hope you can help again. Please help me!!!!
  4. I'll do everything you suggested...thanks again. The computer does seem clear now, hopefully I don't get anything crazy like this again!!
  5. Hi Maurice, Here is the log from ESET ESETSmartInstaller@High as downloader log: all ok # version=6 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6048 # api_version=3.0.2 # EOSSerial=bcd31db66f7f36419114e9d24dac7469 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-08-19 03:42:41 # local_time=2009-08-18 11:42:41 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5121 37 100 88 494781516250000 # scanned=128181 # found=4 # cleaned=4 # scan_time=4306 D:\I386\APPS\APP17839\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C D:\I386\APPS\APP17839\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP300\A0066984.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP300\A0066985.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C So, what do i do now.....the comp seems ok.....but what about all of these programs and logs?? do i need them or should i delete??? Please let me know what you think i need to do....thanks again
  6. Hi Maurice, Unfortunately Kaspersky is not opening for me, what should i do? Here are the OTL and MBAM that you told me to run...... OTL All processes killed ========== FILES ========== c:\windows\system32\drivers\.sys moved successfully. File\Folder C:\recycler not found. File\Folder D:\recycler not found. File\Folder e:\recycler not found. File\Folder f:\recycler not found. File\Folder g:\recycler not found. File\Folder h:\recycler not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Compaq_Administrator ->Temp folder emptied: 4877 bytes ->Temporary Internet Files folder emptied: 1544335 bytes ->Java cache emptied: 22035830 bytes ->Google Chrome cache emptied: 361163340 bytes ->Apple Safari cache emptied: 263404 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\msdownld.tmp folder deleted successfully. %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 6871057 bytes Windows Temp folder emptied: 19096 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 373.83 mb OTL by OldTimer - Version 3.0.10.7 log created on 08182009_213040 Files\Folders moved on Reboot... Registry entries deleted on Reboot... MBAM Malwarebytes' Anti-Malware 1.40 Database version: 2651 Windows 5.1.2600 Service Pack 3 8/18/2009 9:48:46 PM mbam-log-2009-08-18 (21-48-46).txt Scan type: Quick Scan Objects scanned: 107890 Time elapsed: 5 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. Hi Maurice, I used the combofix software, and before getting to the log, this is the rootkit window.... Rootkit!! Combofix has detected the presence of rootkit activity and needs to reboot the machine. Kindly note down on paper, the name of each file. We may need it later. C:\Windows\system32\drivers\SKYNETttrsipxw.sys C:\Windows\system32\drivers\SKYNETwrqxoyoe.dll C:\Windows\system32\drivers\SKYNETxumlxyir.dat C:\Windows\system32\drivers\SKYNETwvogqdpo.dll C:\Windows\system32\drivers\SKYNETulkbibfh.dat Secondly, here is the Combofix log you needed: ComboFix 09-08-10.06 - Compaq_Administrator 08/18/2009 12:14.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.520 [GMT -4:00] Running from: c:\documents and settings\Compaq_Administrator\Desktop\Combo-Fix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Compaq_Administrator\Start Menu\Programs\AVI Codec Pack + c:\documents and settings\Compaq_Administrator\Start Menu\Programs\AVI Codec Pack +\Check For Updates.lnk c:\documents and settings\Compaq_Administrator\Start Menu\Programs\AVI Codec Pack +\Uninstall.lnk c:\program files\Altnet c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab c:\program files\AVI Codec Pack c:\program files\AVI Codec Pack\AC3\ac3filter.ax c:\program files\AVI Codec Pack\AC3\dialog_patch.exe c:\program files\AVI Codec Pack\LAYER-3\L3CODECP.ACM c:\program files\AVI Codec Pack\LAYER-3\RaMp3Cfg.exe c:\program files\AVI Codec Pack\uninstall.exe c:\recycler\S-1-5-21-527237240-179605362-725345543-500 c:\windows\Installer\2afed6.msp c:\windows\kb913800.exe c:\windows\system32\bszip.dll c:\windows\system32\Drivers\nupcqjdw.sys c:\windows\system32\Drivers\qmgudv.sys c:\windows\system32\drivers\SKYNETttrsipxw.sys c:\windows\system32\SKYNETulkbibfh.dat c:\windows\system32\SKYNETwrqxoyoe.dll c:\windows\system32\SKYNETwvogqdpo.dll c:\windows\system32\SKYNETxumlxyir.dat c:\windows\system32\uniq.tll D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SKYNETnoentmrr -------\Legacy_SKYNETnoentmrr ((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 ))))))))))))))))))))))))))))))) . 2009-08-16 22:50 . 2009-08-17 02:10 0 ----a-w- C:\backup.reg 2009-08-16 21:37 . 2009-08-16 21:37 34816 ----a-w- c:\windows\system32\drivers\.sys 2009-08-16 21:25 . 2009-08-16 21:25 -------- d-----w- c:\program files\ERUNT 2009-08-16 20:10 . 2009-08-16 20:10 -------- d-----w- c:\program files\Trend Micro 2009-08-16 20:03 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-16 20:03 . 2009-08-16 20:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-16 20:03 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-16 03:51 . 2009-08-16 03:52 -------- d-----w- C:\DVDVideoSoft 2009-08-16 02:52 . 2009-08-16 04:12 -------- d-----w- c:\program files\Total Video Converter 2009-08-16 01:43 . 2009-08-16 01:43 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Temp 2009-08-16 01:41 . 2009-08-16 01:41 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Deployment 2009-08-14 00:42 . 2009-08-14 00:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-08-13 14:42 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-10 04:06 . 2009-08-10 04:06 74404 ---ha-w- c:\windows\system32\mlfcache.dat 2009-08-10 03:58 . 2009-08-10 03:58 -------- d-----w- c:\program files\Safari 2009-08-10 03:52 . 2009-08-10 03:52 -------- d-----w- c:\program files\iPod 2009-08-10 03:52 . 2009-08-10 03:53 -------- d-----w- c:\program files\iTunes 2009-08-10 03:43 . 2009-08-10 03:43 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe 2009-08-09 16:57 . 2009-08-09 16:57 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-09 16:57 . 2009-08-09 16:57 -------- d-----w- c:\program files\Reference Assemblies 2009-08-09 16:56 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-09 16:56 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-09 16:56 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-09 16:56 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-09 16:56 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-09 16:56 . 2009-08-09 16:56 -------- d-----w- C:\9ca38af1aac035843874fb9365 2009-08-09 16:56 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-09 16:56 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-31 04:43 . 2009-07-31 04:43 1685856 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\MoveMediaPlayerWinSilent_071503000010.exe 2009-07-26 18:23 . 2009-07-26 18:23 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications 2009-07-22 02:20 . 2009-07-22 02:21 -------- dc-h--w- c:\windows\ie8 2009-07-22 02:20 . 2009-07-22 02:24 -------- d--h--w- c:\windows\msdownld.tmp 2009-07-22 02:11 . 2009-07-22 02:11 -------- d--h--r- c:\documents and settings\Compaq_Administrator\Application Data\SecuROM 2009-07-22 02:11 . 2009-07-22 02:11 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-07-21 19:11 . 2008-03-05 19:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll 2009-07-21 19:11 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2009-07-21 19:11 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2009-07-21 19:11 . 2007-04-04 22:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll 2009-07-21 19:10 . 2007-03-12 20:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll 2009-07-21 19:10 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-07-21 19:10 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2009-07-21 19:10 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-14 04:02 . 2006-02-14 19:37 -------- d-----w- c:\program files\WildTangent 2009-08-14 04:00 . 2006-02-14 19:10 -------- d-----w- c:\program files\GemMaster 2009-08-10 04:04 . 2007-01-16 05:20 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Apple Computer 2009-08-10 03:52 . 2009-06-25 19:59 -------- d-----w- c:\program files\Common Files\Apple 2009-08-09 17:40 . 2006-02-14 19:34 94136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-09 16:57 . 2007-09-21 03:53 -------- d-----w- c:\program files\MSBuild 2009-08-08 18:22 . 2008-03-12 02:41 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\U3 2009-08-05 09:01 . 2004-08-09 21:00 204800 ------w- c:\windows\system32\mswebdvd.dll 2009-07-31 04:44 . 2009-04-23 16:55 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks 2009-07-31 04:44 . 2009-05-09 20:28 127872 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\uninstall.exe 2009-07-31 04:44 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll 2009-07-17 19:01 . 2004-08-09 21:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-09 21:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-12 15:48 . 2009-07-12 15:48 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-03 17:09 . 2004-08-09 21:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-02 20:10 . 2006-02-14 19:47 -------- d-----w- c:\program files\Quicken 2009-07-02 18:44 . 2009-07-02 18:44 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\HP 2009-06-26 04:51 . 2009-06-25 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-25 20:08 . 2009-06-25 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-25 20:07 . 2007-01-16 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-06-25 20:06 . 2008-02-14 03:24 -------- d-----w- c:\program files\Bonjour 2009-06-25 20:05 . 2006-08-01 01:38 -------- d-----w- c:\program files\QuickTime 2009-06-25 20:00 . 2009-06-25 20:00 -------- d-----w- c:\program files\Apple Software Update 2009-06-25 08:25 . 2004-08-09 21:00 730112 ------w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-09 21:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-09 21:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-09 21:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2004-08-09 21:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-09 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2004-08-10 04:00 92928 ------w- c:\windows\system32\drivers\ksecdd.sys 2009-06-18 15:07 . 2009-06-18 15:07 390664 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\RealPlayer\Update\realplayer11gold.exe 2009-06-16 14:36 . 2004-08-09 21:00 81920 ------w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-09 21:00 119808 ------w- c:\windows\system32\t2embed.dll 2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe 2009-06-12 12:31 . 2004-08-09 21:00 80896 ------w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2004-08-10 04:00 76288 ------w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-09 21:00 84992 ------w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2004-08-09 21:00 2066432 ------w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2004-08-09 21:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 15:42 . 2009-06-25 20:00 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-05 15:42 . 2009-06-25 20:00 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-03 19:09 . 2004-08-09 21:00 1291264 ----a-w- c:\windows\system32\quartz.dll 2006-06-07 03:04 . 2006-06-07 03:04 22 --sha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720] "Google Update"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-16 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-11 1064960] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-11 61440] "DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-28 198160] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 136600] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-8-29 217088] hp psc 1000 series.lnk - c:\program files\HP\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456] hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-10-26 811008] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/12/2009 11:21 AM 203280] S2 crdlhpw;crdlhpw;c:\windows\system32\drivers\vqccsi.sys --> c:\windows\system32\drivers\vqccsi.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-07-20 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4239159537.job - c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56] 2009-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052595425-2314618747-4199647411-1008Core.job - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-16 01:42] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1052595425-2314618747-4199647411-1008UA.job - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-16 01:42] 2009-07-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-12 17:32] 2009-07-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-12 17:32] . - - - - ORPHANS REMOVED - - - - HKLM-Run-PCDrProfiler - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://att.net/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = 127.0.0.1;*.local uInternet Settings,ProxyServer = proxy.wayne.edu:8080 uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 Trusted Zone: trymedia.com DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-18 12:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1052595425-2314618747-4199647411-1008\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Param2"="" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1052595425-2314618747-4199647411-1008\Software\SecuROM\License information*] "datasecu"=hex:9e,55,32,b4,7f,d9,32,ca,45,70,cb,e2,38,f4,d8,dc,81,30,24,fd,ca, 35,ba,eb,c3,83,ff,61,a4,19,0f,c6,e6,17,20,95,5e,61,04,8e,44,42,25,af,9c,a8,\ "rkeysecu"=hex:7e,d5,2a,0a,ff,d3,f5,a4,83,8e,2a,10,60,d7,eb,39 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(816) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-08-18 12:24 ComboFix-quarantined-files.txt 2009-08-18 16:23 Pre-Run: 157,168,668,672 bytes free Post-Run: 157,132,963,840 bytes free Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=,1,2,3,4,5 277 --- E O F --- 2009-08-17 02:00 Thanks again for your time Maurice, let me know what to do next.........
  8. Hey Maurice, I wont be back at this computer until Tuesday the 18th, so i will post my reply then...Thanks Again!!
  9. Hi, Thanks for helping me with this problem, I did everything you told me to do, and here is the text from Root Repeal: ROOTREPEAL
  10. Hello, I have recently received the SKYNET trojan in which messages such as "DLL globalroot/systemroot/system32/SKYNETwvogqdpo.dll is not a valid Windows image" I receive this error message for nearly every process started, even during startup of the computer. Besides knowing that Malwarebytes has helped in the past, I am not quite sure what to do with this virus this time. Please Help!!! Below are the suggested HiJack This and Malwarebytes logs....Please let me know what I can do to resolve this problem. Malwarebytes Log Malwarebytes' Anti-Malware 1.40 Database version: 2636 Windows 5.1.2600 Service Pack 3 8/16/2009 4:14:23 PM mbam-log-2009-08-16 (16-14-23).txt Scan type: Quick Scan Objects scanned: 115980 Time elapsed: 9 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HiJack This Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:10:35 PM, on 8/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files\DISC\DiscGui.exe C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\DISC\DiscStreamHub.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ALCXMNTR.EXE C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.wayne.edu:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: Web-Based Email Tools - http://email03.secureserver.net/Download.CAB O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab O16 - DPF: Yahoo! Euchre - http://download2.games.yahoo.com/games/clients/y/et3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://proxy.lib.wayne.edu:2052/lib/wayne/...s/ebraryRdr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} (Pearson Accounting Player) - http://asp.mathxl.com/books/_Players/AccountingPlayer.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 15614 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.