Jump to content

mofuwalters

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by mofuwalters

  1. its doing great, i guess the cookies thing scared me because mcafee was put on some kind of high alerted state. theres been know redirects thank you so much!!!
  2. kaspersy didn't find anything and neither did f-secure. I'm still showing advertizement cookies blocked on mcafee. is there any other scans I can do?
  3. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/9/2010 8:39:38 AM mbam-log-2010-07-09 (08-39-38).txt Scan type: Quick scan Objects scanned: 125214 Time elapsed: 13 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) ComboFix 10-07-06.05 - joey walters 07/09/2010 4:53.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.514 [GMT -7:00] Running from: c:\documents and settings\joey walters\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\joey walters\Desktop\CFscript.txt AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\joey walters\local settings\application data\axfsmsntv\ispnyr.exe" "c:\windows\system32\autochk(10).exe" "c:\windows\system32\autochk(3).exe" "c:\windows\system32\autochk(4).exe" "c:\windows\system32\autochk(6).exe" "c:\windows\system32\autochk(7).exe" "c:\windows\system32\autochk(8).exe" "c:\windows\system32\autochk(9).exe" "c:\windows\system32\drivers\sptd.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\autochk(10).exe c:\windows\system32\autochk(3).exe c:\windows\system32\autochk(4).exe c:\windows\system32\autochk(6).exe c:\windows\system32\autochk(7).exe c:\windows\system32\autochk(8).exe c:\windows\system32\autochk(9).exe c:\windows\system32\drivers\sptd.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SPTD -------\Service_sptd ((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 ))))))))))))))))))))))))))))))) . 2010-07-07 18:05 . 2010-07-09 12:19 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2010-07-05 19:29 . 2010-07-05 19:29 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Common Files\Roxio Shared 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Common Files\Research In Motion 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Hewlett-Packard 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Common Files\HP 2010-07-05 19:27 . 2010-07-05 19:27 -------- d-----w- c:\program files\Common Files\Java 2010-06-30 23:06 . 2010-06-30 23:06 -------- d-----w- c:\program files\Ant.com 2010-06-30 04:18 . 2010-07-05 19:27 -------- d-----w- c:\program files\ESET(2) 2010-06-30 04:06 . 2010-07-05 19:27 -------- d-----w- C:\RECYCLER(2) 2010-06-30 04:06 . 2010-07-05 19:27 -------- d-----w- c:\program files\Common Files\Java(2) 2010-06-27 23:51 . 2010-06-27 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-09 12:19 . 2009-08-12 04:46 57752 ----a-w- c:\windows\system32\rpcnet.dll 2010-07-09 12:18 . 2009-12-21 00:35 191672 ----a-w- c:\windows\system32\drivers\sthdae.log 2010-07-09 09:34 . 2009-08-10 19:46 -------- d-----w- c:\documents and settings\joey walters\Application Data\vlc 2010-07-09 09:23 . 2009-08-10 19:46 -------- d-----w- c:\documents and settings\joey walters\Application Data\dvdcss 2010-07-09 06:19 . 2009-08-08 08:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2010-07-05 19:28 . 2010-05-05 11:58 -------- d-----w- c:\documents and settings\joey walters\Application Data\Research In Motion 2010-07-01 16:51 . 2004-08-04 10:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2010-07-01 11:26 . 2009-08-30 03:36 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-29 21:45 . 2010-01-15 04:21 -------- d-----w- c:\program files\Research In Motion 2010-06-27 22:07 . 2010-02-19 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-02 05:22 . 2004-08-04 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-27 18:40 . 2009-08-22 05:42 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys 2010-04-27 18:40 . 2009-08-22 05:42 133616 ------w- c:\windows\system32\pxafs.dll 2010-04-27 18:40 . 2009-08-22 05:42 126448 -c----w- c:\windows\system32\pxinsi64.exe 2010-04-27 18:40 . 2009-08-22 05:42 123888 -c----w- c:\windows\system32\pxcpyi64.exe 2010-04-20 05:30 . 2004-08-04 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2009-10-14 13:48 . 2010-02-25 02:01 524288 ----a-w- c:\program files\Sakura.dll 2009-10-14 13:29 . 2010-02-25 02:01 532480 ----a-w- c:\program files\Sawer.dll 2009-10-14 13:13 . 2010-02-25 02:01 499712 ----a-w- c:\program files\PoiZone.dll 2009-10-14 13:09 . 2010-02-25 02:02 671744 ----a-w- c:\program files\Toxic Biohazard.dll 2009-09-26 14:14 . 2010-02-25 02:01 512000 ----a-w- c:\program files\Hardcore.dll 2009-05-29 12:02 . 2009-05-29 12:02 818176 ----a-w- c:\program files\FL Studio VSTi.dll 2009-05-29 12:01 . 2009-05-29 12:01 818176 ----a-w- c:\program files\FL Studio VSTi (Multi).dll . ((((((((((((((((((((((((((((( SnapShot@2010-07-08_11.04.38 ))))))))))))))))))))))))))))))))))))))))) . - 2004-08-04 10:00 . 2010-07-08 10:14 67714 c:\windows\system32\perfc009.dat + 2004-08-04 10:00 . 2010-07-09 11:41 67714 c:\windows\system32\perfc009.dat + 2004-08-04 10:00 . 2010-07-09 11:41 432924 c:\windows\system32\perfh009.dat - 2004-08-04 10:00 . 2010-07-08 10:14 432924 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\joey walters\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-25 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "IDTSysTrayApp"="sttray.exe" [2007-09-06 405504] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-11 136512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536] c:\documents and settings\joey walters\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [9/29/2008 8:07 AM 19456] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/12/2009 2:47 PM 67904] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/12/2009 2:47 PM 64432] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [8/10/2009 1:12 PM 367616] S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [8/10/2009 1:12 PM 18944] S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [8/10/2009 1:12 PM 33792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore FF - ProfilePath - c:\documents and settings\joey walters\Application Data\Mozilla\Firefox\Profiles\9c5mt8ab.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-09 05:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\
  4. the antivirus software warning is still showing up. I disabled all the processess in mctray and it still comes up. when i try to run combofix /u it always just does a scan.
  5. it says G:\SPTDinst-v169-x86.exe" is not not a valid Win32 application. i downloaded the other version to check and it said the same thing.
  6. i don't have a firewall how can i download microsoft recovery. and if it never was on the desktop on the firstplace do I have to move it there to uninstall it?
  7. ComboFix 10-07-06.05 - joey walters 07/07/2010 6:29.1.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.792 [GMT -7:00] Running from: G:\ComboFix.exe Command switches used :: g:\docs\CFscript.txt.txt AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\windows\system32\rpcnetp.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\rpcnetp.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FAD -------\Legacy_RPCNETP -------\Legacy_XPROTECTOR -------\Service_rpcnetp ((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 ))))))))))))))))))))))))))))))) . 2010-07-05 19:29 . 2010-07-05 19:29 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-27 23:51 . 2010-06-27 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-07 10:08 . 2009-08-12 04:46 57752 ----a-w- c:\windows\system32\rpcnet.dll 2010-07-07 10:07 . 2009-12-21 00:35 189732 ----a-w- c:\windows\system32\drivers\sthdae.log 2010-07-07 06:29 . 2009-08-10 19:46 -------- d-----w- c:\documents and settings\joey walters\Application Data\vlc 2010-07-05 19:29 . 2009-08-10 19:46 -------- d-----w- c:\documents and settings\joey walters\Application Data\dvdcss 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Common Files\Roxio Shared 2010-07-05 19:28 . 2010-05-05 11:58 -------- d-----w- c:\documents and settings\joey walters\Application Data\Research In Motion 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Common Files\Research In Motion 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Hewlett-Packard 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Common Files\HP 2010-07-05 19:27 . 2010-07-05 19:27 -------- d-----w- c:\program files\Common Files\Java 2010-07-05 19:27 . 2010-06-30 04:06 -------- d-----w- c:\program files\Common Files\Java(2) 2010-07-05 19:27 . 2010-06-30 04:18 -------- d-----w- c:\program files\ESET(2) 2010-07-01 16:51 . 2004-08-04 10:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2010-07-01 11:26 . 2009-08-30 03:36 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-30 23:06 . 2010-06-30 23:06 -------- d-----w- c:\program files\Ant.com 2010-06-29 21:45 . 2010-01-15 04:21 -------- d-----w- c:\program files\Research In Motion 2010-06-27 22:07 . 2010-02-19 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-26 23:08 . 2009-08-08 08:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2010-05-02 05:22 . 2004-08-04 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-27 18:40 . 2009-08-22 05:42 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys 2010-04-27 18:40 . 2009-08-22 05:42 133616 ------w- c:\windows\system32\pxafs.dll 2010-04-27 18:40 . 2009-08-22 05:42 126448 -c----w- c:\windows\system32\pxinsi64.exe 2010-04-27 18:40 . 2009-08-22 05:42 123888 -c----w- c:\windows\system32\pxcpyi64.exe 2010-04-20 05:30 . 2004-08-04 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-08 18:40 . 2010-04-08 18:40 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2009-10-14 13:48 . 2010-02-25 02:01 524288 ----a-w- c:\program files\Sakura.dll 2009-10-14 13:29 . 2010-02-25 02:01 532480 ----a-w- c:\program files\Sawer.dll 2009-10-14 13:13 . 2010-02-25 02:01 499712 ----a-w- c:\program files\PoiZone.dll 2009-10-14 13:09 . 2010-02-25 02:02 671744 ----a-w- c:\program files\Toxic Biohazard.dll 2009-09-26 14:14 . 2010-02-25 02:01 512000 ----a-w- c:\program files\Hardcore.dll 2009-05-29 12:02 . 2009-05-29 12:02 818176 ----a-w- c:\program files\FL Studio VSTi.dll 2009-05-29 12:01 . 2009-05-29 12:01 818176 ----a-w- c:\program files\FL Studio VSTi (Multi).dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "bhrtsbtr"="c:\documents and settings\joey walters\local settings\application data\axfsmsntv\ispnyr.exe" [bU] "Google Update"="c:\documents and settings\joey walters\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-25 136176] "AlcoholAutomount"="e:\alcohol 120\axcmd.exe" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "IDTSysTrayApp"="sttray.exe" [2007-09-06 405504] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-11 136512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536] "bhrtsbtr"="c:\documents and settings\joey walters\local settings\application data\axfsmsntv\ispnyr.exe" [bU] c:\documents and settings\joey walters\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "Midi1"=ma_cmidn.dll "Midi2"=xgusb.cpl [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [9/29/2008 8:07 AM 19456] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/12/2009 2:47 PM 67904] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/12/2009 2:47 PM 64432] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [8/10/2009 1:12 PM 367616] S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [8/10/2009 1:12 PM 18944] S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [8/10/2009 1:12 PM 33792] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/6/2009 3:55 PM 721904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore FF - ProfilePath - c:\documents and settings\joey walters\Application Data\Mozilla\Firefox\Profiles\9c5mt8ab.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Aim6 - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-07 06:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\autochk(10).exe:BAK 22528 bytes executable c:\windows\system32\autochk(3).exe:BAK 22528 bytes executable c:\windows\system32\autochk(4).exe:BAK 22528 bytes executable c:\windows\system32\autochk(6).exe:BAK 22528 bytes executable c:\windows\system32\autochk(7).exe:BAK 22528 bytes executable c:\windows\system32\autochk(8).exe:BAK 22528 bytes executable c:\windows\system32\autochk(9).exe:BAK 22528 bytes executable scan completed successfully hidden files: 7 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\
  8. i bet if i started cursing someone would respond to this post. i can't run anything on this computer, I NEED IMIDIATE ASSITANCE!!!!!!
  9. my firewall went down last night. i don't know whatI'm doing anymore. I've lost confidence in my computing skills.
  10. i just reseted IE and used the ATFCleaner and it deleted 223.25mb of stuff! i used it yesterday and it only deleted 17. so far I haven't had any redirects, or pop-ups. mctray hasn't popped up yet either.
  11. here is the combofix log from when it worked the second time ComboFix 10-06-29.02 - joey walters 06/29/2010 15:20:04.1.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.827 [GMT -7:00] Running from: c:\documents and settings\joey walters\Desktop\ComboFix.exe AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\1028_DELL_XPS_MP061 .MRK c:\windows\system32\drivers\DELL_XPS_MP061 .MRK . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FAD -------\Legacy_XPROTECTOR ((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 ))))))))))))))))))))))))))))))) . 2010-06-29 21:43 . 2010-06-29 21:43 -------- d-----w- c:\windows\LastGood 2010-06-27 23:51 . 2010-06-27 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-06-27 22:07 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-27 22:06 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-27 14:28 . 2010-06-27 14:28 -------- d-----w- c:\documents and settings\joey walters\Local Settings\Application Data\WMTools Downloaded Files 2010-06-27 00:25 . 2010-06-27 00:25 388096 ----a-r- c:\documents and settings\joey walters\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-29 22:37 . 2009-08-08 00:24 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2010-06-29 21:45 . 2010-05-05 11:58 -------- d-----w- c:\documents and settings\joey walters\Application Data\Research In Motion 2010-06-29 21:45 . 2010-01-15 04:21 -------- d-----w- c:\program files\Research In Motion 2010-06-29 20:26 . 2009-08-12 04:46 57752 ----a-w- c:\windows\system32\rpcnet.dll 2010-06-29 20:26 . 2009-12-21 00:35 183136 ----a-w- c:\windows\system32\drivers\sthdae.log 2010-06-29 15:00 . 2009-08-08 08:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2010-06-28 17:35 . 2009-08-10 19:46 -------- d-----w- c:\documents and settings\joey walters\Application Data\vlc 2010-06-28 17:13 . 2009-08-10 19:46 -------- d-----w- c:\documents and settings\joey walters\Application Data\dvdcss 2010-06-27 22:07 . 2010-02-19 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-27 00:55 . 2010-02-14 03:14 13160 ----a-w- c:\windows\system32\Upgrd.exe 2010-06-27 00:55 . 2009-08-12 04:46 57752 ------w- c:\windows\system32\rpcnet.exe 2010-05-02 05:22 . 2004-08-04 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-27 18:40 . 2009-08-22 05:42 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys 2010-04-27 18:40 . 2009-08-22 05:42 133616 ------w- c:\windows\system32\pxafs.dll 2010-04-27 18:40 . 2009-08-22 05:42 126448 -c----w- c:\windows\system32\pxinsi64.exe 2010-04-27 18:40 . 2009-08-22 05:42 123888 -c----w- c:\windows\system32\pxcpyi64.exe 2010-04-20 05:30 . 2004-08-04 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-08 18:40 . 2010-04-08 18:40 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2010-04-01 02:34 . 2009-08-10 18:47 18496 ----a-w- c:\documents and settings\joey walters\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-14 13:48 . 2010-02-25 02:01 524288 ----a-w- c:\program files\Sakura.dll 2009-10-14 13:29 . 2010-02-25 02:01 532480 ----a-w- c:\program files\Sawer.dll 2009-10-14 13:13 . 2010-02-25 02:01 499712 ----a-w- c:\program files\PoiZone.dll 2009-10-14 13:09 . 2010-02-25 02:02 671744 ----a-w- c:\program files\Toxic Biohazard.dll 2009-09-26 14:14 . 2010-02-25 02:01 512000 ----a-w- c:\program files\Hardcore.dll 2009-05-29 12:02 . 2009-05-29 12:02 818176 ----a-w- c:\program files\FL Studio VSTi.dll 2009-05-29 12:01 . 2009-05-29 12:01 818176 ----a-w- c:\program files\FL Studio VSTi (Multi).dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "IDTSysTrayApp"="sttray.exe" [2007-09-06 405504] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-11 136512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] c:\documents and settings\joey walters\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "Midi1"=ma_cmidn.dll "Midi2"=xgusb.cpl [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [9/29/2008 8:07 AM 19456] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/12/2009 2:47 PM 67904] S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe [8/7/2009 5:24 PM 17408] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/12/2009 2:47 PM 64432] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [8/10/2009 1:12 PM 367616] S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [8/10/2009 1:12 PM 18944] S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [8/10/2009 1:12 PM 33792] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/6/2009 3:55 PM 721904] --- Other Services/Drivers In Memory --- *NewlyCreated* - RPCNETP [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=127.0.0.1:1033 uInternet Settings,ProxyOverride = <local> FF - ProfilePath - c:\documents and settings\joey walters\Application Data\Mozilla\Firefox\Profiles\9c5mt8ab.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en&tab=iw FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-bhrtsbtr - c:\documents and settings\joey walters\local settings\application data\axfsmsntv\ispnyr.exe HKCU-Run-AlcoholAutomount - e:\alcohol 120\axcmd.exe HKLM-Run-bhrtsbtr - c:\documents and settings\joey walters\local settings\application data\axfsmsntv\ispnyr.exe AddRemove-MagicDisc 2.7.106 - e:\progra~1\MAGICD~1\UNWISE.EXE AddRemove-ProInst - c:\windows\Installer\iProInst.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-29 16:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\
  12. alright ima go ahead and say that i used combofix to delete these two files: C:\DOCUME~1\JOEYWA~1\LOCALS~1\Temp\WERf203.dir00\svchost.exe.mdmp C:\DOCUME~1\JOEYWA~1\LOCALS~1\Temp\WERf203.dir00\appcompat.txt I have the log from combofix but I don't know how to post it up. Heres a recent Hijack.txt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:17:00 PM, on 6/30/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\rpcnet.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Ant.com\IE add-on\AntMaintainer.exe C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1033 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Ant.com Toolbars browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.antplugin O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ant.com Download Toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iDTSysTrayApp] sttray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.antplugin O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1256273138421 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Ant.com - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - E:\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8794 bytes
  13. I'm new here but I've been having a problem with the trojan thats using my computer as a spambot, idk what to do.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.