Jump to content

aws

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by aws

  1. Hello. Yes I think we can consider this thread resolved. Thank you very much for your help. It is nice to know there are people out there who will take the trouble to help someone as opposed to the malicious people out there who put viruses on people's computers in the first place. Thanks again!
  2. ComboFix: ComboFix 09-01-01.02 - Anne 2009-01-06 17:30:50.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1983.1292 [GMT -5:00] Running from: c:\documents and settings\Anne\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Anne\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point FILE :: c:\my download files\kmd.exe c:\windows\system32\wotupogo.dll c:\windows\Tasks\trglgmiq.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\my download files\kmd.exe c:\windows\Tasks\trglgmiq.job . ((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 ))))))))))))))))))))))))))))))) . 2008-12-29 20:31 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2008-12-29 20:30 . 2008-12-29 20:30 <DIR> d-------- c:\program files\Panda Security 2008-12-29 15:31 . 2008-12-29 15:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-29 15:31 . 2008-12-29 15:31 <DIR> d-------- c:\documents and settings\Anne\Application Data\Malwarebytes 2008-12-29 15:31 . 2008-12-29 15:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-29 15:31 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-29 15:31 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-29 14:49 . 2008-12-29 14:49 95 --a------ c:\windows\wininit.ini 2008-12-29 12:37 . 2008-12-31 12:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-12-29 12:37 . 2008-12-29 12:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-28 17:12 . 2008-12-28 17:14 <DIR> d-------- c:\documents and settings\Administrator 2008-12-28 16:03 . 2008-12-28 16:03 <DIR> d-------- c:\program files\CCleaner 2008-12-28 15:50 . 2008-12-28 15:50 <DIR> d-------- c:\program files\Trend Micro 2008-12-25 13:00 . 2008-12-25 13:00 <DIR> d-------- c:\documents and settings\Anne\Application Data\CyberLink 2008-12-20 15:09 . 2008-12-20 15:09 <DIR> d-------- c:\windows\Sun . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-24 23:57 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-06 23:26 --------- d-----w c:\documents and settings\Anne\Application Data\ArcSoft 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-03_10.22.09.32 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-03 14:25:15 67,424 ----a-w c:\windows\system32\perfc009.dat + 2009-01-06 14:14:51 67,424 ----a-w c:\windows\system32\perfc009.dat - 2009-01-03 14:25:15 430,826 ----a-w c:\windows\system32\perfh009.dat + 2009-01-06 14:14:51 430,826 ----a-w c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "EPSON Stylus Photo R280 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE" [2007-04-13 182272] "Auto EPSON Stylus Photo R280 Series on LAPTOP"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE" [2007-04-13 182272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-06 98304] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840] "Auto EPSON Stylus CX7800 Series on YOUR-6BVPXYZTOQ"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-06 98304] "Auto EPSON Stylus CX7800 Series on LAPTOP"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-06 98304] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688] "nwiz"="nwiz.exe" [2006-10-31 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Anne^Start Menu^Programs^Startup^Product Registration.lnk] path=c:\documents and settings\Anne\Start Menu\Programs\Startup\Product Registration.lnk backup=c:\windows\pss\Product Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2006-10-22 22:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] --a------ 2007-03-20 15:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2006-12-05 21:55 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2006-11-23 14:10 56928 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 00:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a------ 2007-04-11 14:32 56080 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG8\\avgscanx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgwdsvc.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\EPSON\\EPW!3 SSRP\\E_S40RP7.EXE"= "c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-29 28544] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-24 97928] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-31 875288] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-31 231704] R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-24 76040] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4d69af9-5fe2-11dd-9908-001d7d297731}] \Shell\AutoRun\command - I:\setupSNK.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.weather.com/weather/local/29501?lswe=29501&lwsa=WeatherLocalUndeclared&from=searchbox uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Anne\Application Data\Mozilla\Firefox\Profiles\vawte78a.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-06 17:33:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(836) c:\windows\System32\BCMLogon.dll . Completion time: 2009-01-06 17:34:32 ComboFix-quarantined-files.txt 2009-01-06 22:34:30 ComboFix2.txt 2009-01-03 15:22:56 Pre-Run: 256,357,109,760 bytes free Post-Run: 256,351,227,904 bytes free 169 --- E O F --- 2008-08-16 14:22:46 Malwarebytes: Malwarebytes' Anti-Malware 1.32 Database version: 1625 Windows 5.1.2600 Service Pack 2 1/6/2009 5:48:03 PM mbam-log-2009-01-06 (17-48-03).txt Scan type: Quick Scan Objects scanned: 52541 Time elapsed: 2 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Overall, my computer seems to be working normally now. AVG caught and stopped a Trojan a couple of days ago, other than that it seems good.
  3. Ok. Here they are: Combofix log - ComboFix 09-01-01.02 - Anne 2009-01-03 10:16:40.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1983.1511 [GMT -5:00] Running from: c:\documents and settings\Anne\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Anne\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Anne\LOCALS~1\Temp\tmp1.tmp c:\docume~1\Anne\LOCALS~1\Temp\tmp2.tmp c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\ewukefig.ini c:\windows\system32\lbxdun.dll c:\windows\system32\vjbjvaca.dll ----- BITS: Possible infected sites ----- hxxp://childhe.com . ((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 ))))))))))))))))))))))))))))))) . 2008-12-29 20:31 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2008-12-29 20:30 . 2008-12-29 20:30 <DIR> d-------- c:\program files\Panda Security 2008-12-29 15:31 . 2008-12-29 15:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-29 15:31 . 2008-12-29 15:31 <DIR> d-------- c:\documents and settings\Anne\Application Data\Malwarebytes 2008-12-29 15:31 . 2008-12-29 15:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-29 15:31 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-29 15:31 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-29 14:49 . 2008-12-29 14:49 95 --a------ c:\windows\wininit.ini 2008-12-29 12:37 . 2008-12-31 12:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-12-29 12:37 . 2008-12-29 12:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-28 17:12 . 2008-12-28 17:14 <DIR> d-------- c:\documents and settings\Administrator 2008-12-28 16:03 . 2008-12-28 16:03 <DIR> d-------- c:\program files\CCleaner 2008-12-28 15:50 . 2008-12-28 15:50 <DIR> d-------- c:\program files\Trend Micro 2008-12-25 13:00 . 2008-12-25 13:00 <DIR> d-------- c:\documents and settings\Anne\Application Data\CyberLink 2008-12-20 15:09 . 2008-12-20 15:09 <DIR> d-------- c:\windows\Sun . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-24 23:57 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-06 23:26 --------- d-----w c:\documents and settings\Anne\Application Data\ArcSoft . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "EPSON Stylus Photo R280 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE" [2007-04-13 182272] "Auto EPSON Stylus Photo R280 Series on LAPTOP"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE" [2007-04-13 182272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-06 98304] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840] "Auto EPSON Stylus CX7800 Series on YOUR-6BVPXYZTOQ"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-06 98304] "Auto EPSON Stylus CX7800 Series on LAPTOP"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-06 98304] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688] "nwiz"="nwiz.exe" [2006-10-31 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= c:\windows\system32\wotupogo.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Anne^Start Menu^Programs^Startup^Product Registration.lnk] path=c:\documents and settings\Anne\Start Menu\Programs\Startup\Product Registration.lnk backup=c:\windows\pss\Product Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2006-10-22 22:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] --a------ 2007-03-20 15:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2006-12-05 21:55 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2006-11-23 14:10 56928 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 00:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a------ 2007-04-11 14:32 56080 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG8\\avgscanx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgwdsvc.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\EPSON\\EPW!3 SSRP\\E_S40RP7.EXE"= "c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-29 28544] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-24 97928] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-31 875288] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-31 231704] R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-24 76040] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4d69af9-5fe2-11dd-9908-001d7d297731}] \Shell\AutoRun\command - I:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-01-03 c:\windows\Tasks\trglgmiq.job - c:\windows\system32\rundll32.exe [2004-08-04 07:00] . - - - - ORPHANS REMOVED - - - - BHO-{07661B5D-76AC-424C-ACEF-7F9B8226D1B6} - c:\windows\system32\pmnkJBtU.dll MSConfigStartUp-LELA - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.weather.com/weather/local/29501?lswe=29501&lwsa=WeatherLocalUndeclared&from=searchbox uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Anne\Application Data\Mozilla\Firefox\Profiles\vawte78a.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-03 10:19:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(840) c:\windows\System32\BCMLogon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Bonjour\mDNSResponder.exe c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\AVG\AVG8\avgrsx.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac . ************************************************************************** . Completion time: 2009-01-03 10:22:56 - machine was rebooted [Anne] ComboFix-quarantined-files.txt 2009-01-03 15:22:53 Pre-Run: 257,120,755,712 bytes free Post-Run: 256,923,344,896 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer 188 --- E O F --- 2008-08-16 14:22:46 Add-Remove Programs - Add or Remove Adobe Creative Suite 3 Design Standard Add or Remove Adobe Creative Suite 3 Web Standard Adobe Acrobat 8 Professional Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Contribute CS3 Adobe Creative Suite 3 Design Standard Adobe Creative Suite 3 Web Standard Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Fireworks CS3 Adobe Flash CS3 Adobe Flash Player 9 ActiveX Adobe Flash Player 9 Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe InDesign CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Setup Adobe SING CS3 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AHV content for Acrobat and Flash ArcSoft PhotoImpression 5 ArcSoft PhotoImpression 6 ArcSoft Print Creations ArcSoft Print Creations - Photo Calendar AVG Free 8.0 CCleaner (remove only) CDDRV_Installer EPSON Print CD EPSON Printer Software EPSON R280 User's Guide EPSON Scan High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB935448) Hotfix for Windows XP (KB952287) Java 6 Update 3 KhalInstallWrapper Logitech Registration Logitech SetPoint Macromedia FreeHand 10 Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft IntelliPoint 5.0 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.5) MSXML 6.0 Parser (KB933579) NVIDIA Drivers Panda ActiveScan 2.0 Pattern Maker for cross stitch - v4 (Pro+ME) PCI SoftV92 Modem PDF Settings PowerDVD QuarkXPress 5.01 QuarkXPress 6.5 Realtek High Definition Audio Driver Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Spybot - Search & Destroy Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB932823-v3) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) WebEx Support Manager for Internet Explorer WebFldrs XP Windows Communication Foundation Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Presentation Foundation Windows Workflow Foundation Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 XML Paper Specification Shared Components Pack 1.0
  4. Hi there I have followed your instructions and I now have the log files to show you. I have tried to clean my system as best I could, but I think there still may be some junk left over. Let me know if you need any other information than what I have provided in the log files. Thanks! 1. MBAM scan - it found nothing so I have no log files to show you for this. 2. Panda ActiveScan - ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-12-30 12:13:42 PROTECTIONS: 1 MALWARE: 21 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== AVG Anti-Virus Free 8.0 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00039204 adware/cws Adware No 0 Yes No c:\documents and settings\anne\favorites\health 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Anne\Cookies\anne@atdmt[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Anne\Cookies\anne@tribalfusion[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Anne\Cookies\anne@com[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.com.com/] 00167749 Cookie/Toplist TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.toplist.cz/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.apmebf.com/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.apmebf.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Anne\Cookies\anne@serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Anne\Cookies\anne@bs.serving-sys[1].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[www.burstbeacon.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Anne\Cookies\anne@advertising[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.ads.pointroll.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Anne\Cookies\anne@questionmarket[1].txt 00172447 Cookie/Inet-Traffic TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.inet-traffic.com/] 00172447 Cookie/Inet-Traffic TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.inet-traffic.com/] 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.bravenet.com/] 00199981 Cookie/Seeq TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.www48.seeq.com/] 00207712 Cookie/360i TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.ct.360i.com/] 00207712 Cookie/360i TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.ct.360i.com/] 00207712 Cookie/360i TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.ct.360i.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No G:\FRomC\Anne Stanton\Application Data\Mozilla\Firefox\Profiles\gvjy2xf9.default\cookies.txt[.atwola.com/] 00497423 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{6B035AB3-7E57-4502-A6AA-ECA1CB426DAE}\RP171\A0037964.dll 00497423 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{6B035AB3-7E57-4502-A6AA-ECA1CB426DAE}\RP171\A0037961.dll 00497533 W32/Lineage.KIZ.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{6B035AB3-7E57-4502-A6AA-ECA1CB426DAE}\RP171\A0037965.dll 00497533 W32/Lineage.KIZ.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{6B035AB3-7E57-4502-A6AA-ECA1CB426DAE}\RP171\A0037966.dll 01010780 Generic Malware Virus/Trojan No 0 Yes No C:\My Download Files\kmd.exe 04466764 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\vjbjvaca.dll 04466764 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\lbxdun.dll ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location Q ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description Q ;=============================================================================== ================================================================================ = =================== 182048 HIGH MS07-069 Q 182043 HIGH MS07-064 Q 176382 HIGH MS07-057 Q 170907 HIGH MS07-046 Q 170906 HIGH MS07-045 Q 170904 HIGH MS07-043 Q 164913 HIGH MS07-033 Q 160623 HIGH MS07-027 Q 150253 HIGH MS07-016 Q 129976 MEDIUM MS06-052 Q 93394 HIGH MS05-050 Q ;=============================================================================== ================================================================================ = =================== 3. HijackThis log - Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:15:50 PM, on 12/30/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/local/29501...;from=searchbox R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {07661B5D-76AC-424C-ACEF-7F9B8226D1B6} - C:\WINDOWS\system32\pmnkJBtU.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Auto EPSON Stylus CX7800 Series on YOUR-6BVPXYZTOQ] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P50 "Auto EPSON Stylus CX7800 Series on YOUR-6BVPXYZTOQ" /O26 "\\YOUR-6BVPXYZTOQ\Printer5" /M "Stylus CX7800" O4 - HKLM\..\Run: [Auto EPSON Stylus CX7800 Series on LAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P41 "Auto EPSON Stylus CX7800 Series on LAPTOP" /O17 "\\LAPTOP\Printer5" /M "Stylus CX7800" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [EPSON Stylus Photo R280 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE /FU "C:\WINDOWS\TEMP\E_S1D9.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Auto EPSON Stylus Photo R280 Series on LAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE /FU "C:\WINDOWS\TEMP\E_S2A6.tmp" /EF "HKCU" O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: c:\windows\system32\wotupogo.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 8545 bytes Thanks again.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.