Jump to content

WU8

Honorary Members
 View Profile  See their activity

  • Posts

    45

  • Joined

  • Last visited

Reputation

0 Neutral
  1. WU8
    Thanks so much for your help. Happy new year and take care!
  2. WU8
    Okay, everything has been deleted/updated as instructed. No issues to report.
  3. WU8
    Sorry, I haven't had a chance to follow your latest instruction yet, but I plan to in the next day or so. So please don't close the thread yet, I haven't bailed on it.
  4. WU8
    Pretty smooth, actually. There's been no issues lately.
  5. WU8
    I tried VirusTotal again and got the same result.... Only this time if I do a search for it nothing turns up.
  6. WU8
    Malwarebytes' Anti-Malware www.malwarebytes.org Database version: Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 11/30/2011 6:50:09 PM mbam-log-2011-11-30 (18-50-09).txt Scan type: Quick scan Objects scanned: 173044 Time elapsed: 3 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. WU8
    Forgot to hit attach. ComboFix.zip
  8. WU8
    ComboFix log attached, I was having trouble getting it to copy and paste.
  9. WU8
    I succesfully removed PC Speedscan Pro, but I am having an issue with the file you told me to upload to VirusTotal. If I click browse ant follow the path to that file it doesnt show up. If I copy and paste the link and upload it nothing happens. And if I manually search in Windows this is the only thing that comes up.... HKLM-Run-iiovsVgraP.exe.reg in folder C:\Qoobox\Quarantine\Registry_backups. Did I do something wrong? I havent run any scans or anything outside of your instruction, and the computer is off and unplugged unless I have new instructions. Could it have been part of PC speedscan or whatever? Would you like me to continue with combo fix and MBAM?
  10. WU8
    The computer is running much better so far, but it still has something called PC SpeedScan Pro that pops up claiming it found like 85 errors. But the performance has definately improved so far.
  11. WU8
    Results of screen317's Security Check version 0.99.28 Windows XP Service Pack 3 x86 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Antivirus out of date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log````````````
  12. WU8
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17096 (vista_gdr.110211-1830) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=1b69486686cbba4eb6060bb82ac23c48 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-19 04:28:45 # local_time=2011-11-18 11:28:45 (-0500, Eastern Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1283 16774653 100 99 48529577 88931956 49495589 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=75391 # found=10 # cleaned=10 # scan_time=4335 C:\Documents and Settings\TOMMY HEILMAN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cp3.jar-1b90bb29-2ebaedc0.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\TOMMY HEILMAN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cp3.jar-33c90388-5e04a5a8.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\TOMMY HEILMAN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\field.jar-3bc2bd4b-44ba82f5.zip Java/Agent.DW trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\TOMMY HEILMAN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mario.jar-629a43da-422ae4de.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\TOMMY HEILMAN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mario.jar-62c48a5e-4735d62d.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\TOMMY HEILMAN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\rox.jar-3725b11e-6b6aa9f1.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\TOMMY HEILMAN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\rox.jar-4f5df97d-56699795.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\TOMMY HEILMAN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\serial.jar-64040d11-13336f6c.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\TOMMY HEILMAN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\serial.jar-7c3c5570-36c320dc.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\system32\AscConTest.dll Win32/Adware.Ascentive application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  13. WU8
    . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 Run by TOMMY HEILMAN at 22:12:58 on 2011-11-13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.534 [GMT -5:00] . AV: PeoplePC Internet Security Pack *Enabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: PeoplePC Internet Security Pack *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\PeoplePC\PeoplePC Internet Security Pack\avp.exe C:\Program Files\PeoplePC\ISP7300\Browser\Bartshel.exe C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\PeoplePC\PeoplePC Internet Security Pack\avp.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\PeoplePC\ISP7300\Browser\PPShared.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\eHome\ehmsas.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://home.peoplepc.com/websearch uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files\peoplepc, inc\toolbar\ElnkPub.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~1\people~1\PRPL_I~1.DLL BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files\peoplepc, inc\toolbar\ProtctIE.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files\peoplepc, inc\toolbar\uninsttb.dll TB: PeoplePC Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\peoplepc, inc\toolbar\Toolbar.dll uRun: [Performance Center] c:\program files\ascentive\performance center\ApcMain.exe -m uRun: [PC SpeedScan Pro] c:\program files\ascentive\pc speedscan pro\PCSpeedScan.exe -m uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe mRun: [HPHUPD05] c:\program files\hewlett-packard\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [HPHmon05] c:\windows\system32\hphmon05.exe mRun: [bart Station] c:\program files\peoplepc\isp7300\bin\PPCOLink.exe -STATION mRun: [iiovsVgraP.exe] c:\documents and settings\all users\application data\iiovsVgraP.exe mRun: [AVP] "c:\program files\peoplepc\peoplepc internet security pack\avp.exe" StartupFolder: c:\docume~1\tommyh~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\tommyh~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: PeoplePC Google Search - c:\program files\peoplepc, inc\toolbar\SearchUI.dll/search.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\peoplepc\peoplepc internet security pack\SCIEPlgn.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: motorsport.com\www DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{AFC44BFD-24FB-487D-B843-F3C653FC5DE5} : DhcpNameServer = 10.0.0.1 Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: igfxcui - igfxdev.dll Notify: klogon - c:\windows\system32\klogon.dll . ============= SERVICES / DRIVERS =============== . R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-4-16 112144] R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-12-28 195344] R2 AVP;PeoplePC Internet Security Pack;c:\program files\peoplepc\peoplepc internet security pack\avp.exe [2009-1-22 227856] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592] . =============== Created Last 30 ================ . 2011-11-14 02:26:49 98816 ----a-w- c:\windows\sed.exe 2011-11-14 02:26:49 518144 ----a-w- c:\windows\SWREG.exe 2011-11-14 02:26:49 256000 ----a-w- c:\windows\PEV.exe 2011-11-14 02:26:49 208896 ----a-w- c:\windows\MBR.exe 2011-11-14 02:26:36 -------- d-----w- C:\ComboFix 2011-11-08 01:57:51 -------- d-sha-r- C:\cmdcons 2011-11-08 00:59:57 529340 ----a-w- c:\windows\system32\PerfStringBackup.TMP . ==================== Find3M ==================== . . ============= FINISH: 22:13:47.44 =============== attach.zip
  14. WU8
    ComboFix 11-11-13.03 - TOMMY HEILMAN 11/13/2011 21:28:09.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.524 [GMT -5:00] Running from: C:\Documents and Settings\TOMMY HEILMAN\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\TOMMY HEILMAN\Desktop\CFScript.txt AV: PeoplePC Internet Security Pack *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: PeoplePC Internet Security Pack *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_mqcbxme ((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 ))))))))))))))))))))))))))))))) 2011-11-08 00:59:57 . 2011-11-08 00:59:57 529340 ----a-w- C:\WINDOWS\system32\PerfStringBackup.TMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PC SpeedScan Pro"="C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe" [2009-09-04 16:10:54 2150400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 19:01:14 67584] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 21:48:02 98304] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 21:50:10 86016] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-21 21:47:00 81920] "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 15:20:00 282624] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 12:15:00 151552] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 08:12:00 94208] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 10:20:00 122940] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 21:50:42 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 21:50:18 81920] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 16:58:54 278528] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-02 01:06:40 155648] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 07:21:22 176128] "HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 04:34:44 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 19:18:56 241664] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 20:41:44 49152] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-04 22:17:06 491520] "Bart Station"="C:\Program Files\PeoplePC\ISP7300\BIN\PPCOLink.exe" [2008-09-23 23:22:10 25944] "AVP"="C:\Program Files\PeoplePC\PeoplePC Internet Security Pack\avp.exe" [2009-01-22 21:08:02 227856] C:\Documents and Settings\TOMMY HEILMAN\Start Menu\Programs\Startup\ Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-11-16 111376] Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-16 51984] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-11-15 24576] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\America Online 9.0\\waol.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "53:UDP"= 53:UDP:Promo R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [12/13/2007 12:28:40 PM 24592] --- Other Services/Drivers In Memory --- *Deregistered* - NDISRD Contents of the 'Scheduled Tasks' folder 2011-11-08 C:\WINDOWS\Tasks\HP Usg Daily.job - C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 04:35:06 . 2004-04-01 04:35:06] ------- Supplementary Scan ------- uStart Page = hxxp://home.peoplepc.com/websearch uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: PeoplePC Google Search - C:\Program Files\PeoplePC, Inc\Toolbar\SearchUI.dll/search.html Trusted Zone: motorsport.com\www TCP: DhcpNameServer = 10.0.0.1 - - - - ORPHANS REMOVED - - - - HKCU-Run-Performance Center - C:\Program Files\Ascentive\Performance Center\ApcMain.exe HKLM-Run-iiovsVgraP.exe - C:\Documents and Settings\All Users\Application Data\iiovsVgraP.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-13 21:36:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2440) C:\WINDOWS\system32\WININET.dll C:\WINDOWS\system32\msi.dll C:\WINDOWS\system32\ieframe.dll ------------------------ Other Running Processes ------------------------ C:\WINDOWS\stsystra.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\PeoplePC\ISP7300\Browser\Bartshel.exe C:\PROGRA~1\PeoplePC\ISP7300\Browser\PPShared.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\eHome\ehmsas.exe ************************************************************************** Completion time: 2011-11-13 21:43:34 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-14 02:43:30 Pre-Run: 139,292,909,568 bytes free Post-Run: 139,231,944,704 bytes free
  15. WU8
    . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 Run by TOMMY HEILMAN at 22:10:05 on 2011-11-07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.481 [GMT -5:00] . AV: PeoplePC Internet Security Pack *Enabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: PeoplePC Internet Security Pack *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\PeoplePC\PeoplePC Internet Security Pack\avp.exe C:\Program Files\PeoplePC\ISP7300\Browser\Bartshel.exe C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\PeoplePC\ISP7300\Browser\PPShared.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\PeoplePC\PeoplePC Internet Security Pack\avp.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\NOTEPAD.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://home.peoplepc.com/websearch uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: ElnkPubBHO Class: {512acf1b-64d9-4928-b382-a80556f28db4} - c:\program files\peoplepc, inc\toolbar\ElnkPub.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~1\people~1\PRPL_I~1.DLL BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: ElnkProtectionBHO Class: {9579d574-d4d8-4335-9560-fe8641a013bd} - c:\program files\peoplepc, inc\toolbar\ProtctIE.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: ElnkLegacyUninstBHO Class: {e713904c-df05-4c79-bbad-02db923253be} - c:\program files\peoplepc, inc\toolbar\uninsttb.dll TB: PeoplePC Toolbar: {c7768536-96f8-4001-b1a2-90ee21279187} - c:\program files\peoplepc, inc\toolbar\Toolbar.dll uRun: [Performance Center] c:\program files\ascentive\performance center\ApcMain.exe -m uRun: [PC SpeedScan Pro] c:\program files\ascentive\pc speedscan pro\PCSpeedScan.exe -m uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe mRun: [HPHUPD05] c:\program files\hewlett-packard\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [HPHmon05] c:\windows\system32\hphmon05.exe mRun: [bart Station] c:\program files\peoplepc\isp7300\bin\PPCOLink.exe -STATION mRun: [iiovsVgraP.exe] c:\documents and settings\all users\application data\iiovsVgraP.exe mRun: [AVP] "c:\program files\peoplepc\peoplepc internet security pack\avp.exe" StartupFolder: c:\docume~1\tommyh~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\tommyh~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: PeoplePC Google Search - c:\program files\peoplepc, inc\toolbar\SearchUI.dll/search.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\peoplepc\peoplepc internet security pack\SCIEPlgn.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: motorsport.com\www DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{AFC44BFD-24FB-487D-B843-F3C653FC5DE5} : DhcpNameServer = 10.0.0.1 Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: igfxcui - igfxdev.dll Notify: klogon - c:\windows\system32\klogon.dll . ============= SERVICES / DRIVERS =============== . R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-4-16 112144] R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-12-28 195344] R2 AVP;PeoplePC Internet Security Pack;c:\program files\peoplepc\peoplepc internet security pack\avp.exe [2009-1-22 227856] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592] S0 mqcbxme;mqcbxme;c:\windows\system32\drivers\tkcmafrv.sys --> c:\windows\system32\drivers\tkcmafrv.sys [?] . =============== Created Last 30 ================ . 2011-11-08 01:57:51 -------- d-sha-r- C:\cmdcons 2011-11-08 01:54:04 98816 ----a-w- c:\windows\sed.exe 2011-11-08 01:54:04 518144 ----a-w- c:\windows\SWREG.exe 2011-11-08 01:54:04 256000 ----a-w- c:\windows\PEV.exe 2011-11-08 01:54:04 208896 ----a-w- c:\windows\MBR.exe 2011-11-08 01:53:47 -------- d-----w- C:\ComboFix 2011-11-08 00:59:57 529340 ----a-w- c:\windows\system32\PerfStringBackup.TMP . ==================== Find3M ==================== . . ============= FINISH: 22:12:00.46 =============== attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.