Jump to content

MBAM and HJT logs after Antivirus 2009 removal

brauh01

By brauh01
in Resolved Malware Removal Logs

 Share

Recommended Posts

brauh01

brauh01

Posted
Posted

There are entries in the HJT report that seem suspicious to me. Malware log reports clean, and did a great job removing my Antivirus 2009 infection. Any help much appreciated. Thanks!

Malware Log

Malwarebytes' Anti-Malware 1.33

Database version: 1736

Windows 5.1.2600 Service Pack 3

2/7/2009 6:42:12 AM

mbam-log-2009-02-07 (06-42-12).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 314011

Time elapsed: 6 hour(s), 40 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HJT log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:13:45 AM, on 2/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Photoshop Elements\PhotoshopElementsFileAgent.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe

C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\System32\tbctray.exe

C:\Program Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wsj.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [mssSort] C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe

O4 - HKLM\..\Run: [MaxBackSchedule] C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe

O4 - HKCU\..\Run: [Windows Services Hosts] svhosts.exe

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe -a

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.18.0.14\PlaxoSysTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [lrijh8s73jhbfgfd] C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\winlognn.exe

O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\csrssc.exe

O4 - HKCU\..\RunServices: [Windows Services Hosts] svhosts.exe

O4 - HKUS\S-1-5-21-3403473811-645757453-568730901-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe

O4 - Startup: Memeo AutoBackup Launcher.lnk = ?

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &Subscribe to this feed - file://C:\Documents and Settings\William Rauh\Application Data\AOL Fanfare\subscribe.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - \\MSS-01E41E\Elizabeth\My Backup\LIZ\C\Program Files\AIM\aim.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://get.adobe.com

O15 - Trusted Zone: http://torrent.genesis-movement.org

O15 - Trusted Zone: http://webmail.verizon.net

O15 - Trusted Zone: http://online.wsj.com

O15 - Trusted Zone: www.wsj.com

O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB

O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/11e3f564f056ab...ip/RdxIE601.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123115290409

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} (IOBIVMUtil.VMDecoder) - https://www36.verizon.com/CallAssistant/MyA...l/VCAVMUtil.CAB

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} - http://pak06.pictures.aol.com/ygp/aol/plug...-US.9.2.4.0.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\SYSTEM32\IcdSptSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--

End of file - 19400 bytes

Link to post
Share on other sites
Tigger93

Tigger93

Posted
Posted

Hi. :D

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

Link to post
Share on other sites
brauh01

brauh01

Posted
  • Author
Posted

Thanks for the help!

I d/l combo and ran. After it produced the log file, it stalled. I had to power down the pc and power back up. Not sure this makes a difference, but thought I would let you know. Below are the two log files. Between the time of my initial post and your reply, I did unistall a few programs that have been rarely used. You may see this if comparing my first HJT log with the second. Thanks in advance for your kind help.

Bill

ComboFix 09-02-06.04 - William Rauh 2009-02-07 15:14:37.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.489 [GMT -5:00]

Running from: c:\documents and settings\William Rauh\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

FW: McAfee Personal Firewall *disabled*

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\William Rauh\Application Data\inst.exe

c:\program files\INSTALL.LOG

.

((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))

.

2009-02-06 19:18 . 2009-02-06 19:18 <DIR> d-------- c:\program files\Trend Micro

2009-02-04 21:42 . 2009-02-04 21:43 <DIR> d-------- c:\windows\ERUNT

2009-02-04 21:15 . 2009-02-04 22:08 <DIR> d-------- C:\SDFix

2009-02-04 20:43 . 2009-02-04 20:43 <DIR> d-------- c:\documents and settings\William Rauh\Application Data\Uniblue

2009-02-03 21:30 . 2009-02-04 05:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-03 21:30 . 2009-02-03 21:30 <DIR> d-------- c:\documents and settings\William Rauh\Application Data\Malwarebytes

2009-02-03 21:30 . 2009-02-03 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-03 21:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys

2009-02-03 21:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys

2009-02-01 13:27 . 2009-02-01 13:28 <DIR> d-------- c:\documents and settings\William Rauh\Application Data\Vso

2009-02-01 13:27 . 2009-02-01 13:27 47,360 --a------ c:\windows\SYSTEM32\DRIVERS\pcouffin.sys

2009-02-01 13:27 . 2009-02-01 13:27 47,360 --a------ c:\documents and settings\William Rauh\Application Data\pcouffin.sys

2009-02-01 13:23 . 2009-02-01 13:24 <DIR> d-------- c:\program files\DVDFab 5

2009-01-20 19:31 . 2009-01-21 02:54 <DIR> d-------- c:\documents and settings\William Rauh\.housecall6.6

2009-01-14 20:15 . 2008-11-10 03:39 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-07 17:45 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-07 16:44 --------- d-----w c:\program files\OpenOffice.org 2.4

2009-02-07 16:08 --------- d-----w c:\program files\Plaxo

2009-02-07 16:02 --------- d-----w c:\program files\Google

2009-02-07 15:50 --------- d-----w c:\program files\Yahoo!

2009-02-07 14:11 --------- d-----w c:\program files\Dell Computer

2009-02-07 13:32 --------- d-----w c:\documents and settings\William Rauh\Application Data\uTorrent

2009-02-07 13:11 --------- d-----w c:\program files\DC++

2009-02-01 13:03 --------- d-----w c:\documents and settings\William Rauh\Application Data\RipIt4Me

2009-02-01 13:02 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink

2009-01-31 04:06 --------- d-----w c:\program files\Norton SystemWorks

2009-01-28 01:39 --------- d-----w c:\documents and settings\William Rauh\Application Data\Move Networks

2009-01-15 01:14 --------- d-----w c:\program files\Java

2009-01-10 12:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys

2008-11-10 10:43 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll

2006-06-29 18:43 88,544 ----a-w c:\documents and settings\Liz\Application Data\GDIPFONTCACHEV1.DAT

2006-04-21 02:18 88,544 ----a-w c:\documents and settings\William Rauh\Application Data\GDIPFONTCACHEV1.DAT

2005-07-27 19:03 88,152 ----a-w c:\documents and settings\MertBrain\Application Data\GDIPFONTCACHEV1.DAT

2004-06-17 02:47 560 ----a-w c:\documents and settings\William Rauh\PCDOC.BAT

2004-04-08 20:12 298,496 ----a-w c:\documents and settings\William Rauh\PictureViewer.exe

2007-11-28 19:12 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2007-11-28 19:12 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2007-11-28 19:12 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2007-11-28 19:12 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2007-11-28 19:12 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-04-14 00:12 50,688 --sh--w c:\windows\twain_32.dll

2005-05-15 17:00 32 --sha-w c:\windows\{6D9E0FF6-82CB-4567-9470-1B38B12F4BB2}.dat

2005-05-15 17:00 32 --sha-w c:\windows\{755D0829-9DC9-4A72-B7C8-7E1748A2848E}.dat

2005-05-15 16:56 32 --sha-w c:\windows\{78C54626-3819-4C08-9561-62AE32C4FF3C}.dat

2005-05-15 16:58 32 --sha-w c:\windows\{7E22BE40-6D7A-4ED0-8BD9-70972A60A932}.dat

2005-05-15 16:56 32 --sha-w c:\windows\{9B8A3353-E251-43CB-A24B-31B7082FF9D9}.dat

2005-05-15 16:56 32 --sha-w c:\windows\{E49FE847-48DE-4C3E-A47D-E0CAFA0774EB}.dat

2008-04-14 00:11 1,028,096 --sha-w c:\windows\SYSTEM32\mfc42.dll

2008-04-14 00:12 57,344 --sha-w c:\windows\SYSTEM32\msvcirt.dll

2008-04-14 00:12 413,696 --sha-w c:\windows\SYSTEM32\msvcp60.dll

2008-04-14 00:12 343,040 --sha-w c:\windows\SYSTEM32\msvcrt.dll

2008-04-14 00:12 551,936 --sh--w c:\windows\SYSTEM32\oleaut32.dll

2008-04-14 00:12 84,992 --sha-w c:\windows\SYSTEM32\olepro32.dll

2008-04-14 00:12 11,776 --sh--w c:\windows\SYSTEM32\regsvr32.exe

2005-05-15 16:56 32 --sha-w c:\windows\SYSTEM32\{083BB43C-38DE-4AD5-9B49-6F7DEB1946EE}.dat

2005-05-15 16:56 32 --sha-w c:\windows\SYSTEM32\{B2F3AC3E-B1D7-471A-AC83-895B34502FA1}.dat

2005-05-15 17:00 32 --sha-w c:\windows\SYSTEM32\{D31B4431-2D55-4D40-99C9-AF23C8D38025}.dat

2005-05-15 16:56 32 --sha-w c:\windows\SYSTEM32\{E11D4DFB-1038-405D-B6E0-784EA4E3231F}.dat

2005-05-15 17:00 32 --sha-w c:\windows\SYSTEM32\{F367B613-20E5-4CAA-8E08-D20C16B73575}.dat

2005-05-15 16:58 32 --sha-w c:\windows\SYSTEM32\{FC82FBDF-1631-4E95-B005-F6C343153947}.dat

2008-08-04 09:53 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008080420080805\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PlaxoUpdate"="c:\program files\Plaxo\3.18.0.14\PlaxoHelper_en.exe" [2008-12-08 370759]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"NBJ"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]

"Nero PhotoShow Media Manager"="c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" [2006-01-13 249856]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"PlaxoSysTray"="c:\program files\Plaxo\3.18.0.14\PlaxoSysTray.exe" [2008-12-08 20480]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]

"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2004-10-05 684032]

"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]

"Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]

"QD FastAndSafe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-28 185872]

"PCDRealtime"="c:\windows\realtime.exe" [2003-03-15 168448]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-06 57344]

"mssSort"="c:\program files\Maxtor\Maxtor Quick Start\msssort.exe" [2005-07-15 1335296]

"MaxBackSchedule"="c:\program files\Maxtor\Maxtor Quick Start\maxbackservice.exe" [2005-10-06 172032]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]

"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"TraySantaCruz"="c:\windows\System32\tbctray.exe" [2002-04-03 290816]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

"nwiz"="nwiz.exe" [2003-10-06 c:\windows\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\SYSTEM32\narrator.exe]

c:\documents and settings\William Rauh\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2007-03-01 585728]

Memeo AutoBackup Launcher.lnk - c:\documents and settings\William Rauh\Application Data\Microsoft\Installer\{5E30A8A3-1430-43A0-A25E-503B3A7D32BA}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-02-17 73728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2005-06-19 221247]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-11-08 45056]

Norton System Doctor.lnk - c:\program files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE [2005-05-15 24614]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=

"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=

"c:\\WINDOWS\\SYSTEM32\\dxdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Abacast\\Abaclient.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\utorrent\\utorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\SkyGolf\\SkyCaddie Desktop\\SkyCaddieDesktop.exe"=

"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"67:UDP"= 67:UDP:DHCP Discovery Service

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [2007-01-01 6097]

R2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2005-05-15 135168]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-10 24652]

R3 tbcspud;Santa Cruz Driver;c:\windows\SYSTEM32\DRIVERS\tbcspud.sys [1980-01-01 144768]

R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\SYSTEM32\DRIVERS\tbcwdm.sys [1980-01-01 545088]

S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [2007-01-01 299923]

S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2002-11-08 19232]

S4 asurscsi;asurscsi;c:\program files\Voyetra\AudioSurgeon 5\asurscsi.exe --> c:\program files\Voyetra\AudioSurgeon 5\asurscsi.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8a25bf2-01c1-11dd-a12d-00038a000015}]

\Shell\AutoRun\command - g:\portableapps\PortableAppsMenu\PortableAppsMenu.exe

.

Contents of the 'Scheduled Tasks' folder

2009-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-15 c:\windows\Tasks\McDefragTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-02-01 c:\windows\Tasks\McQcTask.job

- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-02-06 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job

- c:\program files\Norton SystemWorks\OBC.exe [2002-09-29 20:57]

2009-02-07 c:\windows\Tasks\User_Feed_Synchronization-{D9E77542-4EC9-4B07-AF28-DA1A31BFA5B4}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]

.

- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{b75ab0c8-03d5-4592-9821-a48d54d66b14} - MssShellExt.dll

HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe

HKCU-Run-Windows Services Hosts - svhosts.exe

HKCU-RunServices-Windows Services Hosts - svhosts.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.wsj.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm

IE: &Subscribe to this feed - file://c:\documents and settings\William Rauh\Application Data\AOL Fanfare\subscribe.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Trusted Zone: adobe.com\get

Trusted Zone: genesis-movement.org\torrent

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: verizon.net\webmail

Trusted Zone: wsj.com\online

Trusted Zone: wsj.com\www

Trusted Zone: musicmatch.com\online

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB

DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} - hxxp://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab

DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB

DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} - hxxp://pak06.pictures.aol.com/ygp/aol/plugin/upf/YGPUPF.en-US.9.2.4.0.cab

FF - ProfilePath -

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-07 15:24:34

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Windows Services Hosts = svhosts.exe?

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

Windows Services Hosts = svhosts.exe?

scanning hidden files ...

**************************************************************************

.

Completion time: 2009-02-07 15:30:56

ComboFix-quarantined-files.txt 2009-02-07 20:29:37

Pre-Run: 11,429,416,960 bytes free

Post-Run: 12,835,966,976 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

247 --- E O F --- 2009-01-15 01:38:53

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:47:14 PM, on 2/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Photoshop Elements\PhotoshopElementsFileAgent.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

C:\WINDOWS\realtime.exe

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe

C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\WINDOWS\System32\tbctray.exe

C:\Program Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wsj.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [mssSort] C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe

O4 - HKLM\..\Run: [MaxBackSchedule] C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe -a

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.18.0.14\PlaxoSysTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Windows Services Hosts] svhosts.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe

O4 - Startup: Memeo AutoBackup Launcher.lnk = ?

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &Subscribe to this feed - file://C:\Documents and Settings\William Rauh\Application Data\AOL Fanfare\subscribe.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - \\MSS-01E41E\Elizabeth\My Backup\LIZ\C\Program Files\AIM\aim.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://get.adobe.com

O15 - Trusted Zone: http://torrent.genesis-movement.org

O15 - Trusted Zone: http://webmail.verizon.net

O15 - Trusted Zone: http://online.wsj.com

O15 - Trusted Zone: www.wsj.com

O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB

O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123115290409

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} (IOBIVMUtil.VMDecoder) - https://www36.verizon.com/CallAssistant/MyA...l/VCAVMUtil.CAB

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} - http://pak06.pictures.aol.com/ygp/aol/plug...-US.9.2.4.0.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 17572 bytes

Link to post
Share on other sites
Tigger93

Tigger93

Posted
Posted

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Link to post
Share on other sites
brauh01

brauh01

Posted
  • Author
Posted

Well, I was able to download SDFix and save it to my Desktop. Things are have taken a significant turn for the worse. Something called PC Doctor ONCall Real Time Reporting is in the Systray. It runs and reports a signifcant number of problems (more than 100), and encourages me to click on it for some sort of action. This I have not done.

Looks like my I/O drivers have become corrupted. The keyboard seems to be dead. If I hold the F4 key at bootup, the Dell 4550 reports a board failure, yet continues on to start up Windows. If I trick it into booting up and giving me the "which Windows" options, since the keyboard driver doesn't work, I can't key up to Safe mode. Earlier this week, I had no problems with Safe mode and this is the first hardware problem I've encountered. Unplugging and re-connecting the keyboard does nothing. Unplugging and re-connecting the mouse does trip a search for the mouse driver.

Device manager does not report a keyboard, only mice.

Well, how bad is it?

TIA,

Bill

Link to post
Share on other sites
brauh01

brauh01

Posted
  • Author
Posted

Well, as the keyboard was problematic, through a combination of the Recovery Disk and pulling the ribbon to the C drive, I've able to get to the following. Please note these were developed using boot-up with the recovery disk in the cd-rom. I thought I would post these first, then try re-botting without the Recovery CD.

SDFix Log

SDFix: Version 1.240

Run by William Rauh on Sat 02/07/2009 at 09:42 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Checking Services :

Name :

TDSSserv.sys

Path :

TDSSserv.sys - Deleted

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-07 22:02:59

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\SYSTEM32\\mmc.exe"="C:\\WINDOWS\\SYSTEM32\\mmc.exe:*:Enabled:Microsoft Management Console"

"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"="C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

"C:\\WINDOWS\\SYSTEM32\\dxdiag.exe"="C:\\WINDOWS\\SYSTEM32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"

"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"

"C:\\Program Files\\Abacast\\Abaclient.exe"="C:\\Program Files\\Abacast\\Abaclient.exe:*:Enabled:Abaclient"

"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"

"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:

Link to post
Share on other sites
brauh01

brauh01

Posted
  • Author
Posted

Rebooted without Recovery Disk. Keyboard now working. PC Doctor OnCall Real Time Reporting shows up as Real in Applications section of Task Manager. I ended the process, then ran HJT. Here is the log file. Once again, thank you.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:29:10 PM, on 2/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Photoshop Elements\PhotoshopElementsFileAgent.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe

C:\WINDOWS\system32\taskswitch.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\tbctray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wsj.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [mssSort] C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [MaxBackSchedule] C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &Subscribe to this feed - file://C:\Documents and Settings\William Rauh\Application Data\AOL Fanfare\subscribe.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - \\MSS-01E41E\Elizabeth\My Backup\LIZ\C\Program Files\AIM\aim.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://get.adobe.com

O15 - Trusted Zone: http://torrent.genesis-movement.org

O15 - Trusted Zone: http://webmail.verizon.net

O15 - Trusted Zone: http://online.wsj.com

O15 - Trusted Zone: www.wsj.com

O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB

O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/share...83/mcinsctl.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123115290409

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} (IOBIVMUtil.VMDecoder) - https://www36.verizon.com/CallAssistant/MyA...l/VCAVMUtil.CAB

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} - http://pak06.pictures.aol.com/ygp/aol/plug...-US.9.2.4.0.cab

O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/share...,20/McGDMgr.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 16192 bytes

Link to post
Share on other sites
Tigger93

Tigger93

Posted
Posted

Open HijackThis and put a check next to these:

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - \\MSS-01E41E\Elizabeth\My Backup\LIZ\C\Program Files\AIM\aim.exe (file missing)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

Click Fix Checked and close HJT.

What exactly is PC Doctor showing?

Link to post
Share on other sites
brauh01

brauh01

Posted
  • Author
Posted

PC Doctor would create a pop-up window in the middle of the screen saying there were 100+ problems with the Registry. While I could x out of the window, there was no way to "close" the program. It would stay resident in the Systray. I never clicked through to see where it would take me. I updated CCleaner, ran it, discovered the StartUp entry, removed it, and erase the .exe file in Windows. This seems to have solved the problem.

Thanks for the specific entries to remove. I've removed those.

Things seem to working now. Should I remove the Combo and SD files/folders?

Bill

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept