Jump to content

JamieK

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Well, its been several days with no signs of pop-ups (knock on wood). I just want to thank everyone for their help in this. Heres my latest HJT scan... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:45:59 PM, on 12/15/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ICO.EXE C:\IBMTOOLS\UTILS\ibmprc.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\FSRremoS.EXE C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe C:\WINDOWS\system32\Pelmiced.exe C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\opt\MBCASE\pm\bin\mcp.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagent.exe C:\PROGRA~1\N-ABLE~1\WINDOW~1\AssetDiscoveryLocal.exe C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagentwatchdog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\smartagent\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\smartagent\bin\tgsrvc.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\cmd.exe C:\opt\MBCASE\pm\bin\cmserver.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cmd.exe C:\opt\MBCASE\pm\bin\lic_srv.exe C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe C:\Program Files\Adp\ws2000\ws2000.exe C:\Program Files\ADP\websuite TE\BZVT.EXE C:\Program Files\ADP\webSuite TE\BZVBA.EXE C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\Documents and Settings\mercedes\My Documents\HijackThis.exe O1 - Hosts: 12.44.59.46 ppa-extra.ndc.daimlerchrysler.com O2 - BHO: (no name) - {0EAA09D0-67C1-4FA5-85F3-4C602082F4B8} - C:\WINDOWS\system32\tuvUOHax.dll (file missing) O2 - BHO: (no name) - {75A0D0D7-9B92-4245-9884-CB8C0D3E92FC} - C:\WINDOWS\system32\byXopoLF.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [uC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [sSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\mercedes\Application Data\Twain\Twain.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O15 - Trusted Zone: http://www.download.com O15 - Trusted Zone: *.hotmail.com O15 - Trusted Zone: *.live.com O15 - Trusted Zone: *.msn.com O15 - Trusted Zone: *.passport.com O16 - DPF: {00906302-0F14-442C-B39C-275F61BC25BC} (atSdaCfg Control) - file://D:\autorun\atSdaCfg.CAB O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.33/g_bin/eng/cards_2_0_0_75.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - file://D:\autorun\PC-CONFIG-CHECK.CAB O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://supportcenter.mbnetstar.com/support.../weblaunch2.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA2EFE1-7069-4A5E-80C6-2D201E44C34E}: NameServer = 10.100.100.10,192.168.100.2 O20 - AppInit_DLLs: , O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: konfig - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: license - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: mcp - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: Windows Agent (N-able Technologies Windows Agent) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagent.exe O23 - Service: AssetDiscovery Local (N-able Technologies Windows Agent Asset Discovery) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\AssetDiscoveryLocal.exe O23 - Service: Windows Agent Watchdog (N-able Technologies Windows Agent Watchdog) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagentwatchdog.exe O23 - Service: noxtcyr Corporation inc. (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: roxtctm Co. Ltd. (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe (file missing) O23 - Service: solewxte Service (solewxte) - Unknown owner - C:\WINDOWS\system32\solewxte.exe (file missing) O23 - Service: sotpeca Settings storage service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SupportSoft Sprocket Service (smartagent) (sprtsvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: SupportSoft Repair Service (smartagent) (tgsrvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\tgsrvc.exe -- End of file - 9638 bytes
  2. Hmm, so far, so good. No more popups today. Heres the log... Malwarebytes' Anti-Malware 1.31 Database version: 1488 Windows 5.1.2600 Service Pack 3 12/11/2008 8:59:36 AM mbam-log-2008-12-11 (08-59-36).txt Scan type: Quick Scan Objects scanned: 64252 Time elapsed: 21 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. Just wanted to make sure the ZIP file came through okay. http://www.malwarebytes.org/forums/index.p...amp;#entry38865 Jamie
  4. Forgive me, but I'm a computer newbie here. Heres what I have so far... I run Malwarebytes scan and delete everything that it comes back with. Restart and computer works fine for a short while. Then the pop-ups start again, most directing me to Antivirus 2009. Can't download Spybot. Box pops up saying my security settings doesn't allow this. BTW, also will not open Hotmail messages. Did not start this till after I acquired the spyware Here are my logs immediately after running Malwarebytes and deleted affected files. MBAM scan... Malwarebytes' Anti-Malware 1.30 Database version: 1455 Windows 5.1.2600 Service Pack 3 12/6/2008 11:28:39 AM mbam-log-2008-12-06 (11-28-28).txt Scan type: Quick Scan Objects scanned: 62451 Time elapsed: 6 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\foyidigimi (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ---------------------------------------------------------------------------------------------------------- Panda Active Scan... ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-12-06 10:31:46 PROTECTIONS: 1 MALWARE: 73 SUSPECTS: 4 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Windows Defender 1.1.4104.0 No No ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@trafficmp[1].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@trafficmp[2].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@casalemedia[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@doubleclick[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@atdmt[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@247realmedia[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@tribalfusion[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@tribalfusion[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@mediaplex[1].txt 00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@www.myaffiliateprogram[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@com[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@com[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@statcounter[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@perf.overture[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@ad.yieldmanager[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@apmebf[2].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@burstnet[2].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@burstnet[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@serving-sys[3].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@bs.serving-sys[1].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@www.burstbeacon[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@advertising[1].txt 00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@adrevolver[1].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@statse.webtrendslive[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@ads.pointroll[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@realmedia[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@questionmarket[2].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@zedo[2].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@zedo[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@bluestreak[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@adrevolver[3].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@target[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@atwola[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@atwola[1].txt 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_535842273236.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_89776722911.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_874762533151.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_128934327310.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_136505215861.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_874020292801.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_14371778623.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_144848868885.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_148329836752.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_152231666639.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_161903652566.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_189660108725.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_862433146000.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_860608777112.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_840800513171.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_779457377344.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_767633656454.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_762292836773.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_280118583200.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_70399531758.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_683804286359.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_637888247826.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_303056494356.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_314703715848.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_625307573815.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_594073756767.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_341055408807.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_591736317705.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_556162533808.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_353287663239.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_355223715749.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_370803678003.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_395514226880.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_579392535283.bk 00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_492935543127.bk 03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\cfexfst.sys 03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\udxfytw.sys 03689555 Adware/AccesMembre Adware No 0 Yes No C:\WINDOWS\system32\oduxftw.sys 03957249 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_800399511374.bk 03957249 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_530379396844.bk 03974384 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_647775526466.bk 03974384 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_8010548914.bk 03978104 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_697634702050.bk 03978104 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_328392607444.bk 03979301 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_436603443840.bk 03979301 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_11121780611.bk 03979747 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_226227596976.bk 03979747 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_380089540018.bk 03983235 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_453658514383.bk 03983235 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_379647817646.bk 03990615 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_113715694771.bk 03997175 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_33375297218.bk 04002833 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_605394674751.bk 04003655 Generic Backdoor Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmp0_437759243043.bk.old 04050238 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_86290856820.bk 04050238 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_826921125323.bk 04065243 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_41106063122.bk 04065243 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_737683259459.bk 04065243 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_73128374677.bk 04066887 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_43674933710.bk 04078530 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_397467891942.bk 04078530 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_350727806895.bk 04079098 Adware/AccesMembre Adware No 0 Yes No C:\WINDOWS\system32\fduvfct.sys 04079109 Adware/AccesMembre Adware No 0 Yes No C:\WINDOWS\system32\xdufytw.sys 04084609 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_515828661131.bk 04084609 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_15997339982.bk 04086560 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_621436809986.bk 04086560 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_283504221541.bk 04086560 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_258435853187.bk 04114744 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_659357327962.bk 04114744 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_749610201232.bk 04119272 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_298193490211.bk 04119272 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_233659564768.bk 04119272 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_82512397490.bk 04123578 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_20765835537.bk 04123578 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_286894719977.bk 04126890 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_799774591180.bk 04129413 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_55008391153.bk 04132780 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_561760703762.bk 04132780 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_777441796483.bk 04133783 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_686906341809.bk 04133783 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_345391432521.bk 04133783 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_502531124176.bk 04150854 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_465186877580.bk 04150899 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_735454409576.bk 04150899 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_731074378351.bk 04157305 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_266639482319.bk 04160496 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_76630492908.bk 04160496 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_718993575284.bk 04186262 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_871305740577.bk 04199614 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_190149869478.bk 04199614 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_680888674233.bk 04199644 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_22453857698.bk 04251170 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\system32\tmpxr_564300304958.bk 04251176 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\system32\tmpxr_143548611230.bk 04279215 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_7932293085.bk 04279947 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_558049565916.bk 04279947 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_507042550548.bk 04280817 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_480738641824.bk 04280817 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_600861615418.bk 04281422 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_888846169283.bk 04281422 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_57857032587.bk 04281440 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_19922216147.bk 04281440 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_309698473179.bk 04281474 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_7755611560.bk 04289157 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Temporary Internet Files\Content.IE5\KB3FAOTL\A9installer_770522169011[1].exe ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location " ;=============================================================================== ================================================================================ = =================== No C:\Documents and Settings\mercedes\Local Settings\Temporary Internet Files\Content.IE5\ED1Q7UH4\InstallAVv_770522169011[1].exe No C:\Program Files\WinRAR\Default.SFX " No C:\WINDOWS\system32\tmpxr_18990228120.bk " No C:\WINDOWS\system32\tmpxr_49624638698.bk " ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description " ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== --------------------------------------------------------------------------------------------------------------- Hijack this scan... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:41:03 AM, on 12/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\opt\MBCASE\pm\bin\mcp.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagent.exe C:\PROGRA~1\N-ABLE~1\WINDOW~1\AssetDiscoveryLocal.exe C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagentwatchdog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\smartagent\bin\sprtsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\smartagent\bin\tgsrvc.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\opt\MBCASE\pm\bin\cmserver.exe C:\opt\MBCASE\pm\bin\lic_srv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\ctfmon.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\WINDOWS\system32\FSRremoS.EXE C:\WINDOWS\system32\Pelmiced.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPWin.exe C:\Program Files\WinRAR\WinRAR.exe C:\Documents and Settings\mercedes\My Documents\HijackThis.exe O1 - Hosts: 12.44.59.46 ppa-extra.ndc.daimlerchrysler.com O2 - BHO: (no name) - {0EAA09D0-67C1-4FA5-85F3-4C602082F4B8} - C:\WINDOWS\system32\tuvUOHax.dll (file missing) O2 - BHO: (no name) - {61d332c5-04c9-4571-a44e-bfa175cd2429} - C:\WINDOWS\system32\sagenumi.dll (file missing) O2 - BHO: (no name) - {75A0D0D7-9B92-4245-9884-CB8C0D3E92FC} - C:\WINDOWS\system32\byXopoLF.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [uC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [sSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [foyidigimi] Rundll32.exe "C:\WINDOWS\system32\lininofa.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\mercedes\Application Data\Twain\Twain.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O15 - Trusted Zone: http://www.download.com O15 - Trusted Zone: *.hotmail.com O15 - Trusted Zone: *.live.com O15 - Trusted Zone: *.msn.com O15 - Trusted Zone: *.passport.com O16 - DPF: {00906302-0F14-442C-B39C-275F61BC25BC} (atSdaCfg Control) - file://D:\autorun\atSdaCfg.CAB O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.33/g_bin/eng/cards_2_0_0_75.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - file://D:\autorun\PC-CONFIG-CHECK.CAB O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://supportcenter.mbnetstar.com/support.../weblaunch2.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA2EFE1-7069-4A5E-80C6-2D201E44C34E}: NameServer = 10.100.100.10,192.168.100.2 O20 - AppInit_DLLs: C:\WINDOWS\system32\pularewi.dll O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: konfig - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: license - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: mcp - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing) O23 - Service: Windows Agent (N-able Technologies Windows Agent) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagent.exe O23 - Service: AssetDiscovery Local (N-able Technologies Windows Agent Asset Discovery) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\AssetDiscoveryLocal.exe O23 - Service: Windows Agent Watchdog (N-able Technologies Windows Agent Watchdog) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagentwatchdog.exe O23 - Service: noxtcyr Corporation inc. (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: roxtctm Co. Ltd. (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe (file missing) O23 - Service: solewxte Service (solewxte) - Unknown owner - C:\WINDOWS\system32\solewxte.exe (file missing) O23 - Service: sotpeca Settings storage service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SupportSoft Sprocket Service (smartagent) (sprtsvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: SupportSoft Repair Service (smartagent) (tgsrvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\tgsrvc.exe -- End of file - 9633 bytes ----------------------------------------------------------------------------------------------------------- Please help me!!!!!!!!!!!! This is my work computer so I will be back with results Monday. Jamie P.S. Please assure me there is a special place in he!! for whoever invented spyware!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.