mofuwalters
Members-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by mofuwalters
-
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/9/2010 8:39:38 AM mbam-log-2010-07-09 (08-39-38).txt Scan type: Quick scan Objects scanned: 125214 Time elapsed: 13 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) ComboFix 10-07-06.05 - joey walters 07/09/2010 4:53.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.514 [GMT -7:00] Running from: c:\documents and settings\joey walters\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\joey walters\Desktop\CFscript.txt AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\joey walters\local settings\application data\axfsmsntv\ispnyr.exe" "c:\windows\system32\autochk(10).exe" "c:\windows\system32\autochk(3).exe" "c:\windows\system32\autochk(4).exe" "c:\windows\system32\autochk(6).exe" "c:\windows\system32\autochk(7).exe" "c:\windows\system32\autochk(8).exe" "c:\windows\system32\autochk(9).exe" "c:\windows\system32\drivers\sptd.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\autochk(10).exe c:\windows\system32\autochk(3).exe c:\windows\system32\autochk(4).exe c:\windows\system32\autochk(6).exe c:\windows\system32\autochk(7).exe c:\windows\system32\autochk(8).exe c:\windows\system32\autochk(9).exe c:\windows\system32\drivers\sptd.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SPTD -------\Service_sptd ((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 ))))))))))))))))))))))))))))))) . 2010-07-07 18:05 . 2010-07-09 12:19 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2010-07-05 19:29 . 2010-07-05 19:29 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Common Files\Roxio Shared 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Common Files\Research In Motion 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Hewlett-Packard 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Common Files\HP 2010-07-05 19:27 . 2010-07-05 19:27 -------- d-----w- c:\program files\Common Files\Java 2010-06-30 23:06 . 2010-06-30 23:06 -------- d-----w- c:\program files\Ant.com 2010-06-30 04:18 . 2010-07-05 19:27 -------- d-----w- c:\program files\ESET(2) 2010-06-30 04:06 . 2010-07-05 19:27 -------- d-----w- C:\RECYCLER(2) 2010-06-30 04:06 . 2010-07-05 19:27 -------- d-----w- c:\program files\Common Files\Java(2) 2010-06-27 23:51 . 2010-06-27 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-09 12:19 . 2009-08-12 04:46 57752 ----a-w- c:\windows\system32\rpcnet.dll 2010-07-09 12:18 . 2009-12-21 00:35 191672 ----a-w- c:\windows\system32\drivers\sthdae.log 2010-07-09 09:34 . 2009-08-10 19:46 -------- d-----w- c:\documents and settings\joey walters\Application Data\vlc 2010-07-09 09:23 . 2009-08-10 19:46 -------- d-----w- c:\documents and settings\joey walters\Application Data\dvdcss 2010-07-09 06:19 . 2009-08-08 08:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2010-07-05 19:28 . 2010-05-05 11:58 -------- d-----w- c:\documents and settings\joey walters\Application Data\Research In Motion 2010-07-01 16:51 . 2004-08-04 10:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2010-07-01 11:26 . 2009-08-30 03:36 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-29 21:45 . 2010-01-15 04:21 -------- d-----w- c:\program files\Research In Motion 2010-06-27 22:07 . 2010-02-19 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-02 05:22 . 2004-08-04 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-27 18:40 . 2009-08-22 05:42 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys 2010-04-27 18:40 . 2009-08-22 05:42 133616 ------w- c:\windows\system32\pxafs.dll 2010-04-27 18:40 . 2009-08-22 05:42 126448 -c----w- c:\windows\system32\pxinsi64.exe 2010-04-27 18:40 . 2009-08-22 05:42 123888 -c----w- c:\windows\system32\pxcpyi64.exe 2010-04-20 05:30 . 2004-08-04 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2009-10-14 13:48 . 2010-02-25 02:01 524288 ----a-w- c:\program files\Sakura.dll 2009-10-14 13:29 . 2010-02-25 02:01 532480 ----a-w- c:\program files\Sawer.dll 2009-10-14 13:13 . 2010-02-25 02:01 499712 ----a-w- c:\program files\PoiZone.dll 2009-10-14 13:09 . 2010-02-25 02:02 671744 ----a-w- c:\program files\Toxic Biohazard.dll 2009-09-26 14:14 . 2010-02-25 02:01 512000 ----a-w- c:\program files\Hardcore.dll 2009-05-29 12:02 . 2009-05-29 12:02 818176 ----a-w- c:\program files\FL Studio VSTi.dll 2009-05-29 12:01 . 2009-05-29 12:01 818176 ----a-w- c:\program files\FL Studio VSTi (Multi).dll . ((((((((((((((((((((((((((((( SnapShot@2010-07-08_11.04.38 ))))))))))))))))))))))))))))))))))))))))) . - 2004-08-04 10:00 . 2010-07-08 10:14 67714 c:\windows\system32\perfc009.dat + 2004-08-04 10:00 . 2010-07-09 11:41 67714 c:\windows\system32\perfc009.dat + 2004-08-04 10:00 . 2010-07-09 11:41 432924 c:\windows\system32\perfh009.dat - 2004-08-04 10:00 . 2010-07-08 10:14 432924 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\joey walters\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-25 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "IDTSysTrayApp"="sttray.exe" [2007-09-06 405504] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-11 136512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536] c:\documents and settings\joey walters\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [9/29/2008 8:07 AM 19456] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/12/2009 2:47 PM 67904] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/12/2009 2:47 PM 64432] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [8/10/2009 1:12 PM 367616] S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [8/10/2009 1:12 PM 18944] S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [8/10/2009 1:12 PM 33792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore FF - ProfilePath - c:\documents and settings\joey walters\Application Data\Mozilla\Firefox\Profiles\9c5mt8ab.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-09 05:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\
-
ComboFix 10-07-06.05 - joey walters 07/07/2010 6:29.1.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.792 [GMT -7:00] Running from: G:\ComboFix.exe Command switches used :: g:\docs\CFscript.txt.txt AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\windows\system32\rpcnetp.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\rpcnetp.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FAD -------\Legacy_RPCNETP -------\Legacy_XPROTECTOR -------\Service_rpcnetp ((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 ))))))))))))))))))))))))))))))) . 2010-07-05 19:29 . 2010-07-05 19:29 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-27 23:51 . 2010-06-27 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-07 10:08 . 2009-08-12 04:46 57752 ----a-w- c:\windows\system32\rpcnet.dll 2010-07-07 10:07 . 2009-12-21 00:35 189732 ----a-w- c:\windows\system32\drivers\sthdae.log 2010-07-07 06:29 . 2009-08-10 19:46 -------- d-----w- c:\documents and settings\joey walters\Application Data\vlc 2010-07-05 19:29 . 2009-08-10 19:46 -------- d-----w- c:\documents and settings\joey walters\Application Data\dvdcss 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Common Files\Roxio Shared 2010-07-05 19:28 . 2010-05-05 11:58 -------- d-----w- c:\documents and settings\joey walters\Application Data\Research In Motion 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Common Files\Research In Motion 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Hewlett-Packard 2010-07-05 19:28 . 2010-07-05 19:28 -------- d-----w- c:\program files\Common Files\HP 2010-07-05 19:27 . 2010-07-05 19:27 -------- d-----w- c:\program files\Common Files\Java 2010-07-05 19:27 . 2010-06-30 04:06 -------- d-----w- c:\program files\Common Files\Java(2) 2010-07-05 19:27 . 2010-06-30 04:18 -------- d-----w- c:\program files\ESET(2) 2010-07-01 16:51 . 2004-08-04 10:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2010-07-01 11:26 . 2009-08-30 03:36 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-30 23:06 . 2010-06-30 23:06 -------- d-----w- c:\program files\Ant.com 2010-06-29 21:45 . 2010-01-15 04:21 -------- d-----w- c:\program files\Research In Motion 2010-06-27 22:07 . 2010-02-19 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-26 23:08 . 2009-08-08 08:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2010-05-02 05:22 . 2004-08-04 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-27 18:40 . 2009-08-22 05:42 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys 2010-04-27 18:40 . 2009-08-22 05:42 133616 ------w- c:\windows\system32\pxafs.dll 2010-04-27 18:40 . 2009-08-22 05:42 126448 -c----w- c:\windows\system32\pxinsi64.exe 2010-04-27 18:40 . 2009-08-22 05:42 123888 -c----w- c:\windows\system32\pxcpyi64.exe 2010-04-20 05:30 . 2004-08-04 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-08 18:40 . 2010-04-08 18:40 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2009-10-14 13:48 . 2010-02-25 02:01 524288 ----a-w- c:\program files\Sakura.dll 2009-10-14 13:29 . 2010-02-25 02:01 532480 ----a-w- c:\program files\Sawer.dll 2009-10-14 13:13 . 2010-02-25 02:01 499712 ----a-w- c:\program files\PoiZone.dll 2009-10-14 13:09 . 2010-02-25 02:02 671744 ----a-w- c:\program files\Toxic Biohazard.dll 2009-09-26 14:14 . 2010-02-25 02:01 512000 ----a-w- c:\program files\Hardcore.dll 2009-05-29 12:02 . 2009-05-29 12:02 818176 ----a-w- c:\program files\FL Studio VSTi.dll 2009-05-29 12:01 . 2009-05-29 12:01 818176 ----a-w- c:\program files\FL Studio VSTi (Multi).dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "bhrtsbtr"="c:\documents and settings\joey walters\local settings\application data\axfsmsntv\ispnyr.exe" [bU] "Google Update"="c:\documents and settings\joey walters\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-25 136176] "AlcoholAutomount"="e:\alcohol 120\axcmd.exe" [bU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "IDTSysTrayApp"="sttray.exe" [2007-09-06 405504] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-11 136512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536] "bhrtsbtr"="c:\documents and settings\joey walters\local settings\application data\axfsmsntv\ispnyr.exe" [bU] c:\documents and settings\joey walters\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "Midi1"=ma_cmidn.dll "Midi2"=xgusb.cpl [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [9/29/2008 8:07 AM 19456] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/12/2009 2:47 PM 67904] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/12/2009 2:47 PM 64432] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [8/10/2009 1:12 PM 367616] S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [8/10/2009 1:12 PM 18944] S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [8/10/2009 1:12 PM 33792] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/6/2009 3:55 PM 721904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore FF - ProfilePath - c:\documents and settings\joey walters\Application Data\Mozilla\Firefox\Profiles\9c5mt8ab.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Aim6 - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-07 06:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\autochk(10).exe:BAK 22528 bytes executable c:\windows\system32\autochk(3).exe:BAK 22528 bytes executable c:\windows\system32\autochk(4).exe:BAK 22528 bytes executable c:\windows\system32\autochk(6).exe:BAK 22528 bytes executable c:\windows\system32\autochk(7).exe:BAK 22528 bytes executable c:\windows\system32\autochk(8).exe:BAK 22528 bytes executable c:\windows\system32\autochk(9).exe:BAK 22528 bytes executable scan completed successfully hidden files: 7 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\
-
here is the combofix log from when it worked the second time ComboFix 10-06-29.02 - joey walters 06/29/2010 15:20:04.1.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.827 [GMT -7:00] Running from: c:\documents and settings\joey walters\Desktop\ComboFix.exe AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\1028_DELL_XPS_MP061 .MRK c:\windows\system32\drivers\DELL_XPS_MP061 .MRK . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FAD -------\Legacy_XPROTECTOR ((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 ))))))))))))))))))))))))))))))) . 2010-06-29 21:43 . 2010-06-29 21:43 -------- d-----w- c:\windows\LastGood 2010-06-27 23:51 . 2010-06-27 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-06-27 22:07 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-27 22:06 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-27 14:28 . 2010-06-27 14:28 -------- d-----w- c:\documents and settings\joey walters\Local Settings\Application Data\WMTools Downloaded Files 2010-06-27 00:25 . 2010-06-27 00:25 388096 ----a-r- c:\documents and settings\joey walters\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-29 22:37 . 2009-08-08 00:24 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2010-06-29 21:45 . 2010-05-05 11:58 -------- d-----w- c:\documents and settings\joey walters\Application Data\Research In Motion 2010-06-29 21:45 . 2010-01-15 04:21 -------- d-----w- c:\program files\Research In Motion 2010-06-29 20:26 . 2009-08-12 04:46 57752 ----a-w- c:\windows\system32\rpcnet.dll 2010-06-29 20:26 . 2009-12-21 00:35 183136 ----a-w- c:\windows\system32\drivers\sthdae.log 2010-06-29 15:00 . 2009-08-08 08:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2010-06-28 17:35 . 2009-08-10 19:46 -------- d-----w- c:\documents and settings\joey walters\Application Data\vlc 2010-06-28 17:13 . 2009-08-10 19:46 -------- d-----w- c:\documents and settings\joey walters\Application Data\dvdcss 2010-06-27 22:07 . 2010-02-19 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-27 00:55 . 2010-02-14 03:14 13160 ----a-w- c:\windows\system32\Upgrd.exe 2010-06-27 00:55 . 2009-08-12 04:46 57752 ------w- c:\windows\system32\rpcnet.exe 2010-05-02 05:22 . 2004-08-04 10:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-27 18:40 . 2009-08-22 05:42 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys 2010-04-27 18:40 . 2009-08-22 05:42 133616 ------w- c:\windows\system32\pxafs.dll 2010-04-27 18:40 . 2009-08-22 05:42 126448 -c----w- c:\windows\system32\pxinsi64.exe 2010-04-27 18:40 . 2009-08-22 05:42 123888 -c----w- c:\windows\system32\pxcpyi64.exe 2010-04-20 05:30 . 2004-08-04 10:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-08 18:40 . 2010-04-08 18:40 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe 2010-04-01 02:34 . 2009-08-10 18:47 18496 ----a-w- c:\documents and settings\joey walters\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-14 13:48 . 2010-02-25 02:01 524288 ----a-w- c:\program files\Sakura.dll 2009-10-14 13:29 . 2010-02-25 02:01 532480 ----a-w- c:\program files\Sawer.dll 2009-10-14 13:13 . 2010-02-25 02:01 499712 ----a-w- c:\program files\PoiZone.dll 2009-10-14 13:09 . 2010-02-25 02:02 671744 ----a-w- c:\program files\Toxic Biohazard.dll 2009-09-26 14:14 . 2010-02-25 02:01 512000 ----a-w- c:\program files\Hardcore.dll 2009-05-29 12:02 . 2009-05-29 12:02 818176 ----a-w- c:\program files\FL Studio VSTi.dll 2009-05-29 12:01 . 2009-05-29 12:01 818176 ----a-w- c:\program files\FL Studio VSTi (Multi).dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "IDTSysTrayApp"="sttray.exe" [2007-09-06 405504] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-11 136512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] c:\documents and settings\joey walters\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "Midi1"=ma_cmidn.dll "Midi2"=xgusb.cpl [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [9/29/2008 8:07 AM 19456] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/12/2009 2:47 PM 67904] S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe [8/7/2009 5:24 PM 17408] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/12/2009 2:47 PM 64432] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [8/10/2009 1:12 PM 367616] S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [8/10/2009 1:12 PM 18944] S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [8/10/2009 1:12 PM 33792] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/6/2009 3:55 PM 721904] --- Other Services/Drivers In Memory --- *NewlyCreated* - RPCNETP [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=127.0.0.1:1033 uInternet Settings,ProxyOverride = <local> FF - ProfilePath - c:\documents and settings\joey walters\Application Data\Mozilla\Firefox\Profiles\9c5mt8ab.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en&tab=iw FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-bhrtsbtr - c:\documents and settings\joey walters\local settings\application data\axfsmsntv\ispnyr.exe HKCU-Run-AlcoholAutomount - e:\alcohol 120\axcmd.exe HKLM-Run-bhrtsbtr - c:\documents and settings\joey walters\local settings\application data\axfsmsntv\ispnyr.exe AddRemove-MagicDisc 2.7.106 - e:\progra~1\MAGICD~1\UNWISE.EXE AddRemove-ProInst - c:\windows\Installer\iProInst.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-29 16:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\
-
alright ima go ahead and say that i used combofix to delete these two files: C:\DOCUME~1\JOEYWA~1\LOCALS~1\Temp\WERf203.dir00\svchost.exe.mdmp C:\DOCUME~1\JOEYWA~1\LOCALS~1\Temp\WERf203.dir00\appcompat.txt I have the log from combofix but I don't know how to post it up. Heres a recent Hijack.txt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:17:00 PM, on 6/30/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\rpcnet.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Ant.com\IE add-on\AntMaintainer.exe C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1033 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Ant.com Toolbars browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.antplugin O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ant.com Download Toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iDTSysTrayApp] sttray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.antplugin O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1256273138421 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ant Toolbar updater service (AntUpdaterService) - Ant.com - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - E:\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8794 bytes
-
I'm new here but I've been having a problem with the trojan thats using my computer as a spambot, idk what to do.