Jump to content

SLIPPY1175

Honorary Members
 View Profile  See their activity

  • Posts

    45

  • Joined

  • Last visited

 Content Type 

Everything posted by SLIPPY1175

  1. SLIPPY1175
    well i had to install skype today and uninstall aim 6 then reinstall it (my dad needed to for his job) i also uninstalled aol messenger and when u say: "Yeah you should be worried.." what should i be worried about, im really scared if there is something more to my problem also, how would i get reinfected with limewire because i only download very small file sizes from it i really would prefer keeping limewire pro but is it a must to delete it?
  2. SLIPPY1175
    MBAM scan, it found some stuff??? Malwarebytes' Anti-Malware 1.28 Database version: 1182 Windows 5.1.2600 Service Pack 2 9/20/2008 4:58:23 PM mbam-log-2008-09-20 (16-58-23).txt Scan type: Quick Scan Objects scanned: 57527 Time elapsed: 14 minute(s), 14 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: C:\Program Files\IEInspector\HTTPAnalyzerFullV2\InjectWinSockServiceV2.exe (PuP.MadCode) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\httpanalyzer dllinjectservice (PuP.MadCode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\httpanalyzer dllinjectservice (PuP.MadCode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\httpanalyzer dllinjectservice (PuP.MadCode) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\IEInspector\HTTPAnalyzerFullV2\InjectWinSockServiceV2.exe (PuP.MadCode) -> Quarantined and deleted successfully. C:\Documents and Settings\Habte Mesfin\Local Settings\Temp\.tt45.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully. Hijack This: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:59:32 PM, on 9/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Zone Labs\Integrity Client\iclient.exe C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\NETGEAR GA311 Adapter\GA311.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O1 - Hosts: 138.1.148.133 hmesfinsun.us.oracle.com hmesfinsun O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\suspatch.exe /S /CHECK O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKCU\..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe (User '?') O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL O9 - Extra 'Tools' menuitem: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26291336b09b14...ip/RdxIE601.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://hmesfinsun.us.oracle.com:8001/jinitiator/oajinit.exe O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - http://bde-linux3.us.oracle.com:8000/jinitiator/oajinit.exe O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://fusion12.us.oracle.com:8000/jinitiator/oajinit.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\oracle\product\10g\bin\nmesrvc.exe O23 - Service: OracleJobSchedulerORCL - Unknown owner - c:\oracle\product\10g\Bin\extjob.exe O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10g\bin\isqlplussvc.exe O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10g\BIN\TNSLSNR.exe O23 - Service: OracleServiceORCL - Oracle Corporation - c:\oracle\product\10g\bin\ORACLE.EXE O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10097 bytes should i be worried about this: O4 - HKCU\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe i cant find that file or folder anywhere
  3. SLIPPY1175
    ok thanks,, and if it helps everything is running fine, that includes no problems opening firefox or itunes, my internet runs fine and i cant seem to find a problem with the computer, anyways, thank you very much
  4. SLIPPY1175
    Mbam Scan: Malwarebytes' Anti-Malware 1.28 Database version: 1166 Windows 5.1.2600 Service Pack 2 9/17/2008 3:33:38 PM mbam-log-2008-09-17 (15-33-38).txt Scan type: Quick Scan Objects scanned: 57181 Time elapsed: 14 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Hijack This: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:37:55 PM, on 9/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\IEInspector\HTTPAnalyzerFullV2\InjectWinSockServiceV2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\Integrity Client\iclient.exe C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\NETGEAR GA311 Adapter\GA311.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O1 - Hosts: 138.1.148.133 hmesfinsun.us.oracle.com hmesfinsun O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe" O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\suspatch.exe /S /CHECK O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKCU\..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe (User '?') O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL O9 - Extra 'Tools' menuitem: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26291336b09b14...ip/RdxIE601.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://hmesfinsun.us.oracle.com:8001/jinitiator/oajinit.exe O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - http://bde-linux3.us.oracle.com:8000/jinitiator/oajinit.exe O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://fusion12.us.oracle.com:8000/jinitiator/oajinit.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HttpAnalyzer CodeHook service (HttpAnalyzer DllInjectService) - Unknown owner - C:\Program Files\IEInspector\HTTPAnalyzerFullV2\InjectWinSockServiceV2.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\oracle\product\10g\bin\nmesrvc.exe O23 - Service: OracleJobSchedulerORCL - Unknown owner - c:\oracle\product\10g\Bin\extjob.exe O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10g\bin\isqlplussvc.exe O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10g\BIN\TNSLSNR.exe O23 - Service: OracleServiceORCL - Oracle Corporation - c:\oracle\product\10g\bin\ORACLE.EXE O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10428 bytes the file is attached and again thanks for your help i will be on tomorrow or later today to seek a reply InjectWinSockServiceV2.zip InjectWinSockServiceV2.zip
  5. SLIPPY1175
    when i uploaded that file it says finish but it doesn't tell me if its malware or not? also it wont let me attach the file, it says "you are not permitted to upload that kind of file" anyways here is what it said: File InjectWinSockServiceV2.exe received on 09.14.2008 00:53:04 (CET) Current status: Finished Result: 1/36 (2.78%) Antivirus Version Last Update Result AhnLab V32008.9.13.0 2008.09.12 - AntiVir 7.8.1.28 2008.09.12 - Authentium 5.1.0.4 2008.09.13 - Avast 4.8.1195.0 2008.09.13 - AVG 8.0.0.161 2008.09.13 - BitDefender 7.2 2008.09.14 - CAT-QuickHeal 9.50 2008.09.13 - ClamAV 0.93.1 2008.09.13 - DrWeb 4.44.0.09170 2008.09.14 - eSafe 7.0.17.0 2008.09.11 - eTrust-Vet 31.6.6087 2008.09.12 - Ewido 4.0 2008.09.13 - F-Prot 4.4.4.56 2008.09.12 - F-Secure 8.0.14332.0 2008.09.13 - Fortinet 3.113.0.0 2008.09.13 - GData 19 2008.09.13 - Ikarus T3.1.1.34.0 2008.09.13 - K7AntiVirus 7.10.454 2008.09.13 - Kaspersky 7.0.0.125 2008.09.14 - McAfee 5383 2008.09.12 - Microsoft 1.3903 2008.09.14 - NOD32v2 3440 2008.09.13 - Norman 5.80.02 2008.09.12 - Panda 9.0.0.4 2008.09.13 - PCTools 4.4.2.0 2008.09.13 - Prevx1 V2 2008.09.14 - Rising 20.61.42.00 2008.09.12 - Sophos 4.33.0 2008.09.13 Sus/Madcode-A Sunbelt 3.1.1633.1 2008.09.13 - Symantec 10 2008.09.13 - TheHacker 6.3.0.9.082 2008.09.14 - TrendMicro 8.700.0.1004 2008.09.12 - VBA32 3.12.8.5 2008.09.13 - ViRobot 2008.9.12.1375 2008.09.12 - VirusBuster 4.5.11.0 2008.09.13 - Webwasher- Gateway6.6.2 2008.09.13 - Also, when i look in the folder their isn't a file called InjectWinSockServiceV2.exe, there is only a file called InjectWinSockServiceV2, there is no .exe at the end and all i know about it is that its an application so what should i do??
  6. SLIPPY1175
    i dont have a clue what that is??? internet explorer inspector maybe? what should i do with it, if i delete it will it mess up the computer?
  7. SLIPPY1175
    just an update my computer is running fine and the only problem i can notice is that when i double click on an application like itunes or firefox it takes a little bit longer then usual to open but another than that its fine ill be back on tomorrow to check for replies
  8. SLIPPY1175
    Ok, i will download foxit later on ,i never use pdf files anyways so ill do that later anyways here are my new logs after fixing the selected files with hijackthis MBAM: Malwarebytes' Anti-Malware 1.26 Database version: 1120 Windows 5.1.2600 Service Pack 2 9/6/2008 8:44:02 PM mbam-log-2008-09-06 (20-44-02).txt Scan type: Quick Scan Objects scanned: 55685 Time elapsed: 12 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Hijack This: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:44:50 PM, on 9/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\Integrity Client\iclient.exe C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NETGEAR GA311 Adapter\GA311.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\IEInspector\HTTPAnalyzerFullV2\InjectWinSockServiceV2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O1 - Hosts: 138.1.148.133 hmesfinsun.us.oracle.com hmesfinsun O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe" O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\suspatch.exe /S /CHECK O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKCU\..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe (User '?') O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL O9 - Extra 'Tools' menuitem: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26291336b09b14...ip/RdxIE601.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://hmesfinsun.us.oracle.com:8001/jinitiator/oajinit.exe O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - http://bde-linux3.us.oracle.com:8000/jinitiator/oajinit.exe O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://fusion12.us.oracle.com:8000/jinitiator/oajinit.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HttpAnalyzer CodeHook service (HttpAnalyzer DllInjectService) - Unknown owner - C:\Program Files\IEInspector\HTTPAnalyzerFullV2\InjectWinSockServiceV2.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\oracle\product\10g\bin\nmesrvc.exe O23 - Service: OracleJobSchedulerORCL - Unknown owner - c:\oracle\product\10g\Bin\extjob.exe O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10g\bin\isqlplussvc.exe O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10g\BIN\TNSLSNR.exe O23 - Service: OracleServiceORCL - Oracle Corporation - c:\oracle\product\10g\bin\ORACLE.EXE O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10394 bytes
  9. SLIPPY1175
    I found the Smart Antivirus 09 folder and deleted it but not the 08 one Good News: for some reason antivirus doesn't pop up anymore when i log in and the process is gone the only problem i can find is it takes a little longer to start up Mozilla Firefox then usual My internet Explorer is broken, whenever i click on it it automatically takes me to SmartAntiVirus2009 buy.com so really my computer is fine but i still want to see if there are any more problems so even though i didnt find the folder you told me to find but i am still posting new scans: New MBAM: Malwarebytes' Anti-Malware 1.26 Database version: 1118 Windows 5.1.2600 Service Pack 2 9/5/2008 4:06:12 PM mbam-log-2008-09-05 (16-06-12).txt Scan type: Quick Scan Objects scanned: 33362 Time elapsed: 3 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\smart antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smart antivirus-2009.exe (Rogue.SmartAntivirus) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://smart-antivirus2009buy.com/buy.php?aff=1005) Good: (http://www.google.com/) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) New HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:12:43 PM, on 9/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\Integrity Client\iclient.exe C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NETGEAR GA311 Adapter\GA311.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\IEInspector\HTTPAnalyzerFullV2\InjectWinSockServiceV2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O1 - Hosts: 138.1.148.133 hmesfinsun.us.oracle.com hmesfinsun O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: DrFlex IE Helper - {8EEB2711-9D21-4f9c-99A1-B7FC5A8CA56A} - C:\Program Files\QdrDrive\QdrDrive20.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe" O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\suspatch.exe /S /CHECK O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKCU\..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe (User '?') O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL O9 - Extra 'Tools' menuitem: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26291336b09b14...ip/RdxIE601.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://hmesfinsun.us.oracle.com:8001/jinitiator/oajinit.exe O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - http://bde-linux3.us.oracle.com:8000/jinitiator/oajinit.exe O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://fusion12.us.oracle.com:8000/jinitiator/oajinit.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HttpAnalyzer CodeHook service (HttpAnalyzer DllInjectService) - Unknown owner - C:\Program Files\IEInspector\HTTPAnalyzerFullV2\InjectWinSockServiceV2.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe O23 - Service: OracleDBConsoleinfra - Unknown owner - C:\oracle\product\infra\bin\nmesrvc.exe (file missing) O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\oracle\product\10g\bin\nmesrvc.exe O23 - Service: OracleDBConsoletest - Unknown owner - C:\oracle\product\10.2.0\10g\bin\nmesrvc.exe (file missing) O23 - Service: OracleJobSchedulerORCL - Unknown owner - c:\oracle\product\10g\Bin\extjob.exe O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10g\bin\isqlplussvc.exe O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10g\BIN\TNSLSNR.exe O23 - Service: OracleOraDb10g_home2iSQL*Plus - Unknown owner - C:\oracle\products\10.2.0\db_2\bin\isqlplussvc.exe (file missing) O23 - Service: OracleOraDb10g_home2TNSListener - Unknown owner - C:\oracle\products\10.2.0\db_2\BIN\TNSLSNR.exe (file missing) O23 - Service: OracleServiceORCL - Oracle Corporation - c:\oracle\product\10g\bin\ORACLE.EXE O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 11258 bytes
  10. SLIPPY1175
    what is windows explorer?? i will just try to find them manually in safe mode, P.S. i already have "hide hidden folders" unchecked and "hide protected operating system files(recommended)" is unchecked
  11. SLIPPY1175
    BTW, i couldnt do the panda scan because i dont use internet explorer my internet explorer is f***ed up so hope this enough thank you in advance for any help
  12. SLIPPY1175
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:05:22 PM, on 9/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\Integrity Client\iclient.exe C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\NETGEAR GA311 Adapter\GA311.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\IEInspector\HTTPAnalyzerFullV2\InjectWinSockServiceV2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smart-antivirus2009buy.com/buy.php?aff=1005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O1 - Hosts: 138.1.148.133 hmesfinsun.us.oracle.com hmesfinsun O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: DrFlex IE Helper - {8EEB2711-9D21-4f9c-99A1-B7FC5A8CA56A} - C:\Program Files\QdrDrive\QdrDrive20.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe" O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [sbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\suspatch.exe /S /CHECK O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKCU\..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe O4 - HKCU\..\Run: [smart Antivirus-2009.exe] C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [NetscapeConfig] C:\WINDOWS\orclobi\config\DTC121~1.EXE /NEWUSER (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe (User '?') O4 - HKUS\S-1-5-21-1078081533-412668190-682003330-1006\..\Run: [smart Antivirus-2009.exe] C:\Program Files\Smart Antivirus 2009\Smart Antivirus-2009.exe (User '?') O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL O9 - Extra 'Tools' menuitem: IE HTTPAnalyzer V2 - {85F4A88D-5FA7-40BB-8BD3-AF7E24C0BF4A} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26291336b09b14...ip/RdxIE601.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://hmesfinsun.us.oracle.com:8001/jinitiator/oajinit.exe O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) - http://bde-linux3.us.oracle.com:8000/jinitiator/oajinit.exe O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://fusion12.us.oracle.com:8000/jinitiator/oajinit.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HttpAnalyzer CodeHook service (HttpAnalyzer DllInjectService) - Unknown owner - C:\Program Files\IEInspector\HTTPAnalyzerFullV2\InjectWinSockServiceV2.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe O23 - Service: OracleDBConsoleinfra - Unknown owner - C:\oracle\product\infra\bin\nmesrvc.exe (file missing) O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\oracle\product\10g\bin\nmesrvc.exe O23 - Service: OracleDBConsoletest - Unknown owner - C:\oracle\product\10.2.0\10g\bin\nmesrvc.exe (file missing) O23 - Service: OracleJobSchedulerORCL - Unknown owner - c:\oracle\product\10g\Bin\extjob.exe O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10g\bin\isqlplussvc.exe O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10g\BIN\TNSLSNR.exe O23 - Service: OracleOraDb10g_home2iSQL*Plus - Unknown owner - C:\oracle\products\10.2.0\db_2\bin\isqlplussvc.exe (file missing) O23 - Service: OracleOraDb10g_home2TNSListener - Unknown owner - C:\oracle\products\10.2.0\db_2\BIN\TNSLSNR.exe (file missing) O23 - Service: OracleServiceORCL - Oracle Corporation - c:\oracle\product\10g\bin\ORACLE.EXE O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 11616 bytes
  13. SLIPPY1175
    Malwarebytes' Anti-Malware 1.26 Database version: 1113 Windows 5.1.2600 Service Pack 2 9/4/2008 3:02:24 PM mbam-log-2008-09-04 (15-02-24).txt Scan type: Quick Scan Objects scanned: 53559 Time elapsed: 9 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  14. SLIPPY1175
    ok ,i got infected with antivirus 2009 smart i scanned with malwarebytes and it comes up with nothing nothing on my computer is messed up except whenever i log in antivirus 2009 pops up but i just end its process and its done also spybot says it searches through virtumonde but it doesn't mark it as an infection any ways my malwarebytes scan will be up in next post then panda active scan
  15. SLIPPY1175
    hey so i have to head out of town for a couple of days and this panda scan is still not done, o i am going to have to cancel the scan and re do it in about 2 or 3 days then after that i will post the hijacked scan, so i will reply back asap
  16. SLIPPY1175
    i dont know if this is my computer or what but as i post this the panda scan is STILL scanning and its taking forever!!!! should i cancel it and restart it or just wait??? also, it is just staying at 30% the "files scanned" number is going up but it still stays at 30% thanks in advance
  17. SLIPPY1175
    This is my MBAM log: Malwarebytes' Anti-Malware 1.26 Database version: 1104 Windows 5.1.2600 Service Pack 2 9/2/2008 4:28:21 PM mbam-log-2008-09-02 (16-28-21).txt Scan type: Quick Scan Objects scanned: 53848 Time elapsed: 6 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) next log coming up is the panda one, just give me some time, im busy at the moment
  18. SLIPPY1175
    thank you so much guys i got rid of it there was a new update today of malwarebytes so i updated it then i scanned it and it got rid of the google and yahoo analitic checks so then i downloaded superanti spyware and that found some other stuff so now i dont have anything wrong with my computer, everything runs fine, thank you guys so much, this wasn't even my computer thats why i was so scared but one more question, do you think there are any hidden trojans that malwarebytes and superantispyware picked up that i dont know about, like ones that will steal my identity or something??
  19. SLIPPY1175
    so about a month ago i got infected with <b>Xp Antivirus</b> and i downloaded malwarebytes and it got rid of everything and my computer ran fine so today i try to download a program and i get <b>Antivirus 2008</b>. so i figure i will just use malwarebytes to get rid of it again but this time it doesn't get rid of everthing what it did get rid of: Antivirus Popping up every time i log in the background the shortcut and program of antivirus 2008 What still needs to be fixed; when i go to google i cant click on links without being re-directed cant go to malwarebytes.org, or superantispyware.com, so it basically blocks some sites cant see the C:/ drive someone please help me fix this problem!!!! p.s.- i have tried updating malwarebytes then scanning but it still found nothing and i cant download superantispyware because it blocks the site and i cant find an alternative
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.