Jump to content

RemarkablyDumb

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hiyas, been a long time since i had to post here, but ive been layin up recoverin from an accident an my main home/work computer seems to have picked somethin up fomr my dumb surfin around, i havent added any new software or anyhting aside from updating firfox a oucple times and Adobe flash. Im pretty sure its nothin too bad but could get worse so wanna nip it in the bud. I ofte keep Win Task Manager open these days cause im runnin an old XP machine and firefox can tax it a bit much so i keep en eye out on all the plugin containers being opened and how much memory theyre usin- smetimes they get upwards of 75% of my ram- then i gotta start closin tabs and such. So i keep an eye out on it, have known whats usually running on it for years now. I know snmp.exe can run sometimes - but was surprised to notice its running lately then i noticed also lsass.exe- and then finally i see ones called csrss.exe and smss.exe. when i tried to simply shuht down snmp.exe in Task Manager i got the windows message saying its a system critical function and could not be shut down. At this point now im tsting my memory to remember if thasts true or not, i dont htink it is for snmp or lsass, which i tried it both for. I didnt evne touch the csrss or smss. Then i decided to check MSCONFIG..exe and looked at the system configuratrion utility, and undert the tabs for both System.ini and Win.ini there was a new entry im 99.99% sure was never there before, at the top of both lists" ;msconfig.exe ; for 16-bit app support " I unchecked them both so that hopefully upoon boot next time it wont load, thatd be too easy of course. BUt i was gonna be hopeful (i unchecked it in Win.ini befopre last reboot and not even sure if it was in SYstem.ini back then, but it was when i checked this time - i havent rebooted again -but i did uncheck it again) And then i started to think about what to do. Ill prob start by releaseing and resetting Firefox, it cleans out all the java and crap from my system hopefully, i havent sene any new mysterious folders anywhere yet but who knwos what files got put where at this point (im thinking worst case scenario here) But this may be a known virus for all i know, ive been a bit out of touch this past year recuperating so im really still a bit out of it and could use a hand or pointer about like which free AV i should try runnin or somehtin. I havent tried anyhting yet because A) this system is pretyt old and doesnt have alot of room left for lotsa installs/uninstalls, its still running pretty darn smooht which is why i wanna take care of this before its a real problem. SO tryin to minimize what id install on it would be hugely appreciated and have tobe tkaen into consideraiton. I havent run a Hijack this yet so dont have a log. (i just lkooked again i dont even think i have it on the machine anymroe.oy lol) So yeah, take pity on an old hack and someone please recognize this and say Oh yeah thats not a problem t'all!! Yes i did try a search first, tried specific then less so. Couldnt find any applicable advice
  2. Yes Combo is still on the desktop, and i tried your exact instrucs. Do i have to turn off AVGuard in order to uninstall ComboFix..? I wouldnt have thought so, but every time i try to uninstall, i get the pop up saying AVG is running and to turn it off before continuing. Seemed to me Combo was trying to run a scan/turn on, but maybe i was wrong? I then use Task Manager to turn off the Combo and Nircmd progs. But now im wondering if maybe AVG needs to be off to uninstall Combo..? I wouldnt have bothered asking you again, but figured maybe this is something you forgot to mention and therefore will remember to mention in future instructions. So im trying to be helpful as well as get help hehe. Oh yeah, since im so chatty (hopefully not annoyingly so) I know you all have some ties to bleepingcomputer (i have no idea what ties, wasnt going to say "affiliated" cause i know these are 2 diff sites, but i know there are some sort of ties) and as ive been reading over there alot through all this, i noticed that they offer a "Malware Removal Training Program" which is a way of working towards helping other there. I was just wondering if MWB offers anything similar, or in conjunction with them. If not, i may end up giving it a shot there, but if i had a chpoice id prob prefer to do it here, since you all are the ones who actually helped me and are the actual home of MWB. Sorry if ive becom a pest~! Feel free to chastise me appropriately hehe. Shawn
  3. Sorry to keep buggin ya, i cant seem to get rid of ComboFix. I tried Run>ComboFix /Uninstall (and a few vareities of caps and such, as well as just copying/pasting what you typed) and all it did was start it. I tried a quick google search and came across this: http://www.bleepingcomputer.com/forums/topic291074.html where they mention downloading http://oldtimer.geekstogo.com/OTC.exe But before i ran it, i figured id ...well bug you again hehe. I hate DLing things im not certain of, plus they said it reset a few other things in Window which sounds, well not a big deal but still. (i DLd it, but havent installed it or anything) Also, should i get rid of GooredFix.exe and GMER.exe ? And if so, are these just standalones or is there a particular way of uninstaling them. HJT this i think ill leave, but as i recall if i want to uninstall it, theres a button in the prog itself to do just that. Sorry to keep harassing you, hopefully youre almost done with me!
  4. My current Facebook "headline": Shawn Bittner: "another virus defeated. Great big thanks to Meike at Malwarebytes for some extra help with the cleanup. Malwarebytes is def the place to go if you got puter questions/problems" (and no i dont mind you knowing my real name) I also posted a link to your blog, hope you dont mind, i think its worth reading for anyone i know. Was reading through your blog, has alot of grwat tips and hints, many of which i knew but still. Also very helpfull links. One thing i was wondering, and you may consider adding this to your blog. I was readin what you said about cleaning up unused files. The only one(s) im unsure of are all the files left over form a windows update, like for me when i (finally) installed SP3. I currently have 60 folders in my Windows directory starting with $UninstallKB (then a variety of numbers), as well as the first 3 $hf_mig$ , $MSI31Uninstall_KB89303v2$ and $NTServicePackUinstall$. I also have a folder in C: called accf63372416fb82625d2f130 (long folder name!) Inside this folder is a folder i386 which has 2,923 objects at 398 MBs. Now ive already backed up all these files on my HT server, just in case. But ive read a lot of conflicting things about deleting or keeping these. Altogether its over a gig of stuff and was wondering 2 things, first, obviously, do you think i should delete, or which ones to delete. Secondly, this is something you may want to mention on your blog, since nearly everyone updates windows at some point, and im sure 99% are like me, tempted but unsure if they should actually get rid of them. Im sure it would be a help to me, since this ol thing only has a 75 gig HD, and ive got about 29 free. But even more important i know this has jsut got to be an issue for people out there who are even less familiar with how theyre computer works. As for the boot issue, ill consider my options. I agree with somehting you mentioned in your blog, if it aint broke dont try to fix it. Im almost afraid to try booting to the"other "windows. Registry wouldnt include the changes you and i have made, so i dunno if thevirus will somehow manage to still be there. Who knows, i may try it sometime, or just let it be. Thanks again for all your help~! Shawn
  5. Way to go Meike~! Yup Regedit runs now, FF google works, no flickering on startup. Everything seems back to relative normalality. OK last thing ill bother you with, i mentioned how i got hung up in Safe mode and i had to use recovery console to change my bootconfig so i could get back to regular windows mode. Well 4 questions, should i leave recovery console installed? does it automatically uninstall when i uninstall Combofix? Should i uninstall Combofix (most threads here end with advisor saying to is why i asked that) And lastly and most importantly, when i changed my bootconfig, somehow instead of altering my primary boot, which is the whole windowsXPSP3 etc...etc. i just created a boot file called "1", so every time i start up, i get the option to turn on recovery consol, boot to "1" which is the default now, or boot to the old "windowsXP....etc". Should i go back to my orig and somehow delete "1" ? So far i dont see any downside to staying this way except the 5 seconds on bot up where it asks, but this is a pretty old computer and ive already mucked windows/registry up so much i try to keep the tampering to a minimum. I also dont want to go back to orig boot and bring problem back. If you do recommend getting rid of "1" just please let me know best way as well. Oh and let me know what else you want me to uninstall, Combo, GMER, MWB, Avira, HJT..i can prob leave them if you say so, but as i mentioned this machine is already quite full of manure. Oh and if you say to leave Avira, should i turn its startup on boot back on? (AVguard). Ive never actually found an Anti virus i liked completely, so in general i get rid of them when i dont need them. Yes, maybe bad idea..... And thanks again for all your help! Shawn PS: you were so helpful i may try to tackle the rootkit that ESET couldnt get rid of on my other puter (its only a HT computer, and it runs, just a few little probs that ESET couldnt fix)...and maybe for the first time in my life actually PAY FOR AN ANTI VIRUS~! I think MWB has earned it, and mostly (more like entirely) because of your support!
  6. C:DOCUME~1\DAD\LOCALS~1\Temp\xclrv.tmp 2yAPFDOFNF forgot to mention that in attempting to fix before i came here i did uninstall all my Java, and i deleted some of the java folders (there are alot of them!)
  7. Hi miekie, thanks for helping! I checked and fixed those 7 entries in HijackThis as requested. Here is a copy of the Combofix.txt file but there isnt anyhting there (??) i do know it did something, because like i said MWB started working after i ran it, maybe you meant a diff TXT file in that folder? There are a few and they all say...something (what im not sure honestly) heres what it says: ComboFix 10-03-13.03 - Dad 03/14/2010 3:52:23.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.734 [GMT -4:00] Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe * Created a new restore point . thats it (??) I dont know if it always creates a Qoobox, but it did for mine, and its got stuff in it. No text files tho, just a variety of stuff. I ran downloaded and ran GMER last night, i know im supposed to leave it while it runs, i thought i had waited till it was finished and then hit copy,opened notepad and pasted it in there, i saw that ...for about 2 seconds then the machine rebooted and its had some issues booting since. Sometimes i get hung up on the first blue Starting Windows screen (even today..so 3 times now, i wait for about 5 minutes, turn off machine and then turn back on and then it seems to boot) Im tempted to run GMER again, but illl wait to hear back from you. I also had trouble turning off AVG guard, i unchecked it in msconfig, but that didnt work until i also changed it to manual in services. This time it wasnt on at startup. But when it was, i couldnt turn it off, even using taskmanager. And theres no tray icon, lie ive read here, where you can right click and select to turn it off. So i agree whataver virus this is, i did something to it, but its still there, or at least the damage it did to my system is. I still cant run Regedit or command prompt, Anyhting i type in Google stil crashes firefox and im getting asked for cookies for sites ive been to plenty of times and havent asked in awhile. Also Firefox always starts up with the "Sorry your browser crash, can it report the problem" which was fine when FF did crash, but last times it didnt crash i turned it off, yet i still always get that message first as FF opens. Lookin forward to hearing back from ya!
  8. Heyas, long time lurker, first time caller... really hope someone can help me.. First symptom was in Firefox when i typed anything into Google search, it would crash. How odd right, when i try it on my old Netscape which i use for reading it doesnt crash when i type something in Google, but the recomendations it lists underneath as i type, if i select one, the input feild instead of filling in the recomendation changes to "undefined" Hrmm how odd. Other than that i didnt see anything happening. I did get a few redirects from Google on netscape first time, but if i try same link again, it worked fine. So first i think its an addon, i turn most off. I wasnt getting any other symptoms, so i couldnt even begin to figure out what my prob was. Then upon rebooting, i noticed that my desktop would load with icons, then icons would disappear for a moment, a little flicker, then theyd come back. So something seems to be running in backround. I go to run regedit, it wont load, neither would command prompt. I try to restart in Safe mode, and that just hung, and was real tricky to fix. Luckily i had previously installed windows recovery, so i got into there, changed my bootconfig and was able to get back to normal windows. Downloaded and installed Malwarebytes, at first it shut itself down, i ran Combofix, and then i was able to at least run malwarebytes. It did catch a few things, but didnt seem to fix the prob. I got Avira, ran that it also detected a few thigns, one thing i noticed, its not running registry scan-and for some odd reason i cant even see where to turn it on. Downloading HJT as i type this, will install and get a log up (i hadnt but decided not to as where to DL it, i just went and found it on CNET...figured they should be safe...hopefully..) ILl post this in a few after i install and run it so i can post up the log) Normally im pretty good at diagnosing and disinfecting myself, but this ones got my ego in check. Any help greatly appreciated, as seems like its a rootkit and im pretty darn stuck. Heres the malwarebyte log: Malwarebytes' Anti-Malware 1.44 Database version: 3865 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/14/2010 6:20:52 AM mbam-log-2010-03-14 (06-20-52).txt Scan type: Full Scan (C:\|) Objects scanned: 245819 Time elapsed: 1 hour(s), 34 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\CONFIG\33055138.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully. I would post the Avira log, but its HUGE (i already tried actually and it was so big that i couldnt even just delete parts of it, i had to hit BACK on browser and start again) So can someone tell me what portiong of the Avira log they want, prob same time as tell me where they want and what they want from HJT and ill be only too happy to oblige. For fun, here is just the top and bottom..or what i think may help a bit: Avira AntiVir Personal Report file date: Sunday, March 14, 2010 17:38 Scanning for 1853771 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : Dad Computer name : RACERX Version information: BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 15:26:33 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 14:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 15:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 14:58:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 11:35:52 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 21:24:10 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:24:23 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:24:27 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 21:24:33 VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 21:24:33 VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 21:24:34 VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 21:24:34 VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 21:24:34 VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 21:24:34 VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 21:24:34 VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 21:24:34 VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 21:24:34 VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 21:24:35 VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 21:24:36 VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 21:24:37 VBASE016.VDF : 7.10.5.45 2048 Bytes 3/11/2010 21:24:37 VBASE017.VDF : 7.10.5.46 2048 Bytes 3/11/2010 21:24:37 VBASE018.VDF : 7.10.5.47 2048 Bytes 3/11/2010 21:24:37 VBASE019.VDF : 7.10.5.48 2048 Bytes 3/11/2010 21:24:38 VBASE020.VDF : 7.10.5.49 2048 Bytes 3/11/2010 21:24:38 VBASE021.VDF : 7.10.5.50 2048 Bytes 3/11/2010 21:24:38 VBASE022.VDF : 7.10.5.51 2048 Bytes 3/11/2010 21:24:38 VBASE023.VDF : 7.10.5.52 2048 Bytes 3/11/2010 21:24:38 VBASE024.VDF : 7.10.5.53 2048 Bytes 3/11/2010 21:24:38 VBASE025.VDF : 7.10.5.54 2048 Bytes 3/11/2010 21:24:38 VBASE026.VDF : 7.10.5.55 2048 Bytes 3/11/2010 21:24:39 VBASE027.VDF : 7.10.5.56 2048 Bytes 3/11/2010 21:24:39 VBASE028.VDF : 7.10.5.57 2048 Bytes 3/11/2010 21:24:39 VBASE029.VDF : 7.10.5.58 2048 Bytes 3/11/2010 21:24:39 VBASE030.VDF : 7.10.5.59 2048 Bytes 3/11/2010 21:24:39 VBASE031.VDF : 7.10.5.67 139776 Bytes 3/14/2010 21:24:40 Engineversion : 8.2.1.180 AEVDF.DLL : 8.1.1.3 106868 Bytes 3/14/2010 21:24:57 AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 3/14/2010 21:24:56 AESCN.DLL : 8.1.5.0 127347 Bytes 3/14/2010 21:24:54 AESBX.DLL : 8.1.2.0 254323 Bytes 3/14/2010 21:24:58 AERDL.DLL : 8.1.4.2 479602 Bytes 3/14/2010 21:24:53 AEPACK.DLL : 8.2.1.0 426356 Bytes 3/14/2010 21:24:52 AEOFFICE.DLL : 8.1.0.39 196987 Bytes 3/14/2010 21:24:50 AEHEUR.DLL : 8.1.1.7 2326902 Bytes 3/14/2010 21:24:49 AEHELP.DLL : 8.1.10.1 237942 Bytes 3/14/2010 21:24:44 AEGEN.DLL : 8.1.2.0 373107 Bytes 3/14/2010 21:24:43 AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 11:38:26 AECORE.DLL : 8.1.12.2 188790 Bytes 3/14/2010 21:24:41 AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 11:38:20 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59 AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 19:14:02 AVREP.DLL : 8.0.0.7 159784 Bytes 3/14/2010 21:24:59 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 14:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 19:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 14:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 19:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 14:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 19:39:58 RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 16:25:47 Configuration settings for the scan: Jobname.............................: Rootkit search Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\rootkit.avp Logging.............................: high Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Process scan........................: off Scan registry.......................: off Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: high Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Expanded search settings............: 0x00300922 Start of the scan: Sunday, March 14, 2010 17:38 Starting search for hidden objects. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\midi9 [iNFO] The registry entry is invisible. '447788' objects were checked, '1' hidden objects were found. Starting the file scan: Begin scan in 'C:' C:\ ......enourmous list.... Beginning disinfection: C:\327882R2FWJFW\ nircmd.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.3 application [NOTE] The file was moved to '4c0f779c.qua'! C:\MP3's\11806incoming\Buckcherry\ Buckcherry - Dead Again.wma [DETECTION] Is the TR/Dldr.Age.1171323 Trojan [NOTE] The file was moved to '4c0077a8.qua'! C:\MP3's\11806incoming\Buckcherry\ Buckcherry - Dirty Mind(1).wma [DETECTION] Is the TR/Dldr.Age.1171323 Trojan [NOTE] The file was moved to '48098c91.qua'! C:\MP3's\9-10-08 Incoming\ here we go again demi lovato.wma [DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan [NOTE] The file was moved to '4c0f7798.qua'! C:\MP3's\9-10-08 Incoming\ i want you to me ksm.wma [DETECTION] Is the TR/Dldr.WMA.Wimad.X Trojan [NOTE] The file was moved to '4c147754.qua'! C:\MP3's\Incomplete\ T-6472385-ksm-i want you to want me.mp3 [DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan [NOTE] The file was moved to '4bd37761.qua'! End of the scan: Sunday, March 14, 2010 19:54 Used time: 1:48:06 Hour(s) The scan has been done completely. 11306 Scanned directories 253922 Files were scanned 6 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 6 Files were moved to quarantine 0 Files were renamed 30 Files cannot be scanned 253886 Files not concerned 6947 Archives were scanned 31 Warnings 34 Notes 447788 Objects were scanned with rootkit scan 1 Hidden objects were found HiJack This log...my first time so if you want something diff or for me to use another function on it, let me know (this seems like a very short log compared to others ive read) Im tempted to explore it, but will resist the urge.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:51:25 AM, on 3/15/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\DAD\Application Data\Mozilla\Profiles\default\l4fizvyp.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\DAD\Application Data\Mozilla\Profiles\default\l4fizvyp.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Program Files\MP3 Player Utilities 5.07\AMVConverter\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: *.avsystemcare.com (HKLM) O15 - Trusted Zone: *.imageservr.com (HKLM) O15 - Trusted Zone: *.onerateld.com (HKLM) O15 - Trusted Zone: *.safetydownload.com (HKLM) O15 - Trusted Zone: *.storageguardsoft.com (HKLM) O15 - Trusted Zone: *.trustedantivirus.com (HKLM) O15 - Trusted Zone: *.virusschlacht.com (HKLM) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1264638197609 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) - O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) - O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Network Client - Unknown owner - C:\WINDOWS\system32\netcom.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 5182 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.