Jump to content

Log ~ Malwarebytes automation runtime error


Recommended Posts

Alright, my OS is windows XP. Not sure about service pack, most likely SP2.

Won't install malwarebytes due to a runtime error occurring during the install process. The message says something about 'automation'.

I followed guidelines, installed that avira antivirus. My computer reboots whenever i try to run the darned thing, so i gave up.

Hijack this on the other hand does work so i am able to post a log about it. Also I am pretty sure my computer has some sort of rootkit on it, i'm just unable to identify it, find it, or destroy it. I need help!!

Thanks~

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:31:43 AM, on 8/9/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - Default URLSearchHook is missing

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Download Studio Click Monitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERspecialawesome\SUPERSpecialAWESOME.exe

O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm694YYCA

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183728307703

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189341932218

O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--

End of file - 4531 bytes

Link to post
Share on other sites

Download GMER Antirootkit Here, click on Download EXE and save to your Desktop

  • Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
  • Double-click Gmer.exe to run the program.
  • When the program opens, click the "Rootkit" Tab
  • On the right-side, check all the items to be scanned, but leave "Show All" unchecked
  • Select all drives that are connected to your system to be scanned
  • Click the Scan button
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Save the gmer scan log and post it in your next reply.
  • Close Gmer
  • Open a command prompt (Start | run |type cmd and hit Enter)
    • Type or paste the following to unload the gmer driver:
    • net stop gmer
    • Hit Enter
    • Exit the command prompt.

    [*]Re-enable all active protection.

Link to post
Share on other sites

Alright i am incredibly frustrated with my computer now:

-i tried to scan using Gmer. My computer reboot as soon as it opened.

-I scanned through safe mode, about 15 minutes in, my computer reboots. Although I remember something about a bunch of files starting with ytas(filename) , within the system32 file.

It really irritates me, and i'm thinking of reformatting my computer, although i'm still not quite sure how to do that either but i'd prefer not to. Maybe my computer is just getting too old (Approximately 8-9 years)?

Link to post
Share on other sites

Seems you have a nasty little bugger on your pc.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:23:11 PM, on 8/11/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Download Studio Click Monitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERspecialawesome\SUPERSpecialAWESOME.exe

O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm694YYCA

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183728307703

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189341932218

O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--

End of file - 4269 bytes

---------------------------------------------------------------

COMBO FIX LOG:

ComboFix 09-08-10.06 - Administrator 08/11/2009 16:01.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.510.281 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\839221la.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Application Data\FunWebProducts

c:\documents and settings\Administrator\Application Data\FunWebProducts\Data\Administrator\avatar.dat

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\BMc3abc019.txt

c:\windows\BMc3abc019.xml

c:\windows\Installer\1a5a3788.msp

c:\windows\Installer\1a5a3789.msp

c:\windows\Installer\1a5a378a.msp

c:\windows\Installer\1a5a378b.msp

c:\windows\Installer\1a5a378c.msp

c:\windows\Installer\1a5a378d.msp

c:\windows\Installer\1a5a378e.msp

c:\windows\Installer\1a5a378f.msp

c:\windows\Installer\1a5a3790.msp

c:\windows\run.log

c:\windows\system32\Data

c:\windows\system32\drivers\fad.sys

c:\windows\system32\drivers\ytasfwcbitfkqp.sys

c:\windows\system32\mcrh.tmp

c:\windows\system32\regedit.exe

c:\windows\system32\UACxddvrsyoue.dll

c:\windows\system32\ytasfwnijrvdyi.dat

c:\windows\system32\ytasfwvnylqerf.dat

c:\windows\system32\ytasfwysdujeyr.dll

c:\windows\system32\ytasfwyxjbogrr.dll

And those are the logs :( I'm glad at least something worked without reboot.

Link to post
Share on other sites

Oh... I hadn't realized that there was more... Sorry about that.

.

ComboFix 09-08-10.06 - Administrator 08/11/2009 16:01.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.510.281 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\839221la.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Application Data\FunWebProducts

c:\documents and settings\Administrator\Application Data\FunWebProducts\Data\Administrator\avatar.dat

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\BMc3abc019.txt

c:\windows\BMc3abc019.xml

c:\windows\Installer\1a5a3788.msp

c:\windows\Installer\1a5a3789.msp

c:\windows\Installer\1a5a378a.msp

c:\windows\Installer\1a5a378b.msp

c:\windows\Installer\1a5a378c.msp

c:\windows\Installer\1a5a378d.msp

c:\windows\Installer\1a5a378e.msp

c:\windows\Installer\1a5a378f.msp

c:\windows\Installer\1a5a3790.msp

c:\windows\run.log

c:\windows\system32\Data

c:\windows\system32\drivers\fad.sys

c:\windows\system32\drivers\ytasfwcbitfkqp.sys

c:\windows\system32\mcrh.tmp

c:\windows\system32\regedit.exe

c:\windows\system32\UACxddvrsyoue.dll

c:\windows\system32\ytasfwnijrvdyi.dat

c:\windows\system32\ytasfwvnylqerf.dat

c:\windows\system32\ytasfwysdujeyr.dll

c:\windows\system32\ytasfwyxjbogrr.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_ytasfwttklfhxo

-------\Legacy_ytasfwttklfhxo

((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))

.

2009-08-11 19:51 . 2003-07-16 20:43 134144 ----a-w- c:\windows\regedit.exe

2009-08-11 19:50 . 2009-08-11 19:51 -------- d-s---w- C:\839La1la

2009-08-11 19:47 . 2009-08-11 19:47 -------- d-s---w- C:\839Lala

2009-08-11 19:40 . 2009-08-11 19:41 -------- d-s---w- C:\Mylifeinabox

2009-08-09 06:33 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-09 06:33 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-08-09 06:33 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-08-09 06:33 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-08-09 06:33 . 2009-08-09 06:33 -------- d-----w- c:\program files\Avira

2009-08-09 06:33 . 2009-08-09 06:33 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira

2009-07-26 03:59 . 2009-08-11 05:42 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-07-26 03:58 . 2009-07-26 03:58 -------- d-----w- c:\program files\SUPERspecialawesome

2009-07-24 23:38 . 2009-07-24 23:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2009-07-24 23:32 . 2009-07-24 23:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET

2009-07-24 23:31 . 2009-07-24 23:31 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ESET

2009-07-24 04:05 . 2009-07-24 04:05 310 ----a-w- c:\windows\system32\UACeqdgvsbpbc.dat

2009-07-23 19:01 . 2009-07-27 23:02 -------- d-----w- c:\program files\StarCraft

2009-07-22 17:15 . 2009-07-23 19:05 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2009-07-21 02:40 . 2009-07-21 02:40 -------- d-----w- c:\program files\WiFiConnector

2009-07-21 02:32 . 2006-04-10 18:02 162816 ----a-w- c:\windows\system32\drivers\RT25USBAP.SYS

2009-07-18 06:16 . 2009-08-05 03:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp

2009-07-14 22:01 . 2009-07-14 22:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Shoddy Battle

2009-07-13 01:29 . 2009-07-16 22:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-03 00:23 . 2007-12-26 20:18 -------- d-----w- c:\program files\QuickTime

2009-08-03 00:21 . 2008-02-21 22:58 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-29 18:01 . 2009-07-03 20:18 -------- d-----w- c:\program files\Nexon

2009-07-26 03:57 . 2008-07-23 22:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-07-26 03:41 . 2009-06-25 01:21 84264 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-07-25 00:46 . 2008-07-04 01:16 -------- d-----w- c:\program files\Inkscape

2009-07-25 00:43 . 2007-07-30 17:22 -------- d-----w- c:\program files\DirectX

2009-07-24 23:40 . 2007-09-02 02:05 -------- d-----w- c:\program files\MSN Messenger

2009-07-24 04:02 . 2007-07-06 12:10 90112 ----a-w- c:\windows\DUMP4621.tmp

2009-07-24 04:02 . 2008-07-23 16:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Symantec

2009-07-24 04:02 . 2007-07-10 11:59 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-07-17 16:07 . 2009-02-27 01:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent

2009-07-03 20:20 . 2009-07-03 20:20 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\MapleStory.exe1_193428D8940D435188F60AFA7D1E3CB8.exe

2009-07-03 20:20 . 2009-07-03 20:20 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\MapleStory.exe_193428D8940D435188F60AFA7D1E3CB8.exe

2009-07-03 20:20 . 2009-07-03 20:20 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\ARPPRODUCTICON.exe

2009-07-03 19:00 . 2009-07-03 18:58 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PMB Files

2009-07-03 18:48 . 2007-07-30 17:51 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys

2009-06-30 04:23 . 2009-06-30 04:23 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Conceiva

2009-06-30 04:23 . 2009-06-30 04:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Conceiva

2009-06-30 04:22 . 2009-06-30 04:22 -------- d-----w- c:\program files\WinPcap

2009-06-30 04:21 . 2009-06-30 04:21 -------- d-----w- c:\program files\Conceiva

2009-06-30 04:21 . 2007-07-06 12:43 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-30 04:20 . 2009-06-30 04:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield

2009-06-26 00:26 . 2009-05-24 06:42 -------- d-----w- c:\program files\Finale NotePad 2009

2009-06-25 05:07 . 2009-06-25 05:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\RoboForm

2009-06-21 19:48 . 2009-06-21 19:48 -------- d-----w- c:\program files\Persona

2009-05-25 21:02 . 2007-07-06 12:11 84432 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-15 00:56 . 2009-05-15 00:56 207872 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll

2009-05-15 00:56 . 2009-05-15 00:56 207872 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll

2009-05-15 00:56 . 2009-05-15 00:56 207872 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll

2009-05-15 00:56 . 2009-05-15 00:56 207872 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll

2009-05-14 20:06 . 2004-08-04 04:56 33280 ----a-w- c:\windows\system32\rundll32.exe

2008-07-22 23:34 . 2008-07-22 23:34 50960 ----a-w- c:\program files\Notepad.exe

2003-03-21 17:45 . 2007-09-11 23:33 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERspecialawesome\SUPERSpecialAWESOME.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\

Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2009-7-20 1175552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERspecialawesome\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Persona\\Persona.exe"=

"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58895:TCP"= 58895:TCP:Pando Media Booster

"58895:UDP"= 58895:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERspecialawesome\sasdifsv.sys [5/26/2009 10:05 AM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERspecialawesome\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/9/2009 2:33 AM 108289]

S3 IOIDDEV;IOIDDEV;\??\c:\program files\SurvivalProject\config\ioid.sys --> c:\program files\SurvivalProject\config\ioid.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]

S3 SASENUM;SASENUM;c:\program files\SUPERspecialawesome\SASENUM.SYS [5/26/2009 10:05 AM 7408]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm694YYCA

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\docume~1\ADMINI~1\APPLIC~1\Mozilla\Firefox\Profiles\j835byhx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca

FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-11 16:17

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2009-08-11 16:20

ComboFix-quarantined-files.txt 2009-08-11 20:20

Pre-Run: 14,403,768,320 bytes free

Post-Run: 15,063,769,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

185 --- E O F --- 2008-03-21 07:02

Link to post
Share on other sites

Please download a fresh copy of ComboFix

Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Link to post
Share on other sites

ComboFix 09-08-10.06 - Administrator 08/17/2009 3:08.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.510.306 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\Sunnydays.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

Infected copy of c:\windows\msagent\agentsvr.exe was found and disinfected

Restored copy from - c:\windows\$hf_mig$\KB920213\SP2QFE\agentsvr.exe

.

((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))

.

2009-08-12 05:19 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-12 05:19 . 2009-08-12 05:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes

2009-08-12 05:19 . 2009-08-14 22:12 -------- d-----w- c:\program files\MShizzle

2009-08-12 05:19 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-11 19:51 . 2003-07-16 20:43 134144 ----a-w- c:\windows\regedit.exe

2009-08-11 19:50 . 2009-08-11 19:51 -------- d-s---w- C:\839La1la

2009-08-11 19:47 . 2009-08-11 19:47 -------- d-s---w- C:\839Lala

2009-08-11 19:40 . 2009-08-11 19:41 -------- d-s---w- C:\Mylifeinabox

2009-08-09 06:33 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-07-26 03:59 . 2009-08-17 07:19 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-07-26 03:58 . 2009-07-26 03:58 -------- d-----w- c:\program files\SUPERspecialawesome

2009-07-24 23:38 . 2009-07-24 23:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2009-07-24 23:32 . 2009-07-24 23:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET

2009-07-24 23:31 . 2009-07-24 23:31 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ESET

2009-07-24 04:05 . 2009-07-24 04:05 310 ----a-w- c:\windows\system32\UACeqdgvsbpbc.dat

2009-07-23 19:01 . 2009-07-27 23:02 -------- d-----w- c:\program files\StarCraft

2009-07-22 17:15 . 2009-07-23 19:05 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2009-07-21 02:40 . 2009-07-21 02:40 -------- d-----w- c:\program files\WiFiConnector

2009-07-21 02:32 . 2006-04-10 18:02 162816 ----a-w- c:\windows\system32\drivers\RT25USBAP.SYS

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-12 16:28 . 2009-07-03 20:18 -------- d-----w- c:\program files\Nexon

2009-08-03 00:23 . 2007-12-26 20:18 -------- d-----w- c:\program files\QuickTime

2009-08-03 00:21 . 2008-02-21 22:58 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-26 03:57 . 2008-07-23 22:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-07-26 03:41 . 2009-06-25 01:21 84264 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-07-25 00:46 . 2008-07-04 01:16 -------- d-----w- c:\program files\Inkscape

2009-07-25 00:43 . 2007-07-30 17:22 -------- d-----w- c:\program files\DirectX

2009-07-24 23:40 . 2007-09-02 02:05 -------- d-----w- c:\program files\MSN Messenger

2009-07-24 04:02 . 2007-07-06 12:10 90112 ----a-w- c:\windows\DUMP4621.tmp

2009-07-24 04:02 . 2008-07-23 16:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Symantec

2009-07-24 04:02 . 2007-07-10 11:59 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-07-17 16:07 . 2009-02-27 01:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent

2009-07-16 22:12 . 2009-07-13 01:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc

2009-07-03 20:20 . 2009-07-03 20:20 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\MapleStory.exe1_193428D8940D435188F60AFA7D1E3CB8.exe

2009-07-03 20:20 . 2009-07-03 20:20 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\MapleStory.exe_193428D8940D435188F60AFA7D1E3CB8.exe

2009-07-03 20:20 . 2009-07-03 20:20 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\ARPPRODUCTICON.exe

2009-07-03 19:00 . 2009-07-03 18:58 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PMB Files

2009-07-03 18:48 . 2007-07-30 17:51 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys

2009-06-30 04:23 . 2009-06-30 04:23 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Conceiva

2009-06-30 04:23 . 2009-06-30 04:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Conceiva

2009-06-30 04:22 . 2009-06-30 04:22 -------- d-----w- c:\program files\WinPcap

2009-06-30 04:21 . 2009-06-30 04:21 -------- d-----w- c:\program files\Conceiva

2009-06-30 04:21 . 2007-07-06 12:43 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-30 04:20 . 2009-06-30 04:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield

2009-06-26 00:26 . 2009-05-24 06:42 -------- d-----w- c:\program files\Finale NotePad 2009

2009-06-25 05:07 . 2009-06-25 05:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\RoboForm

2009-06-21 19:48 . 2009-06-21 19:48 -------- d-----w- c:\program files\Persona

2009-05-25 21:02 . 2007-07-06 12:11 84432 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2008-07-22 23:34 . 2008-07-22 23:34 50960 ----a-w- c:\program files\Notepad.exe

2003-03-21 17:45 . 2007-09-11 23:33 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERspecialawesome\SUPERSpecialAWESOME.exe" [2009-05-26 1830128]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-07-24 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\

Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2009-7-20 1175552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERspecialawesome\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Persona\\Persona.exe"=

"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58895:TCP"= 58895:TCP:Pando Media Booster

"58895:UDP"= 58895:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERspecialawesome\sasdifsv.sys [5/26/2009 10:05 AM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERspecialawesome\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]

R3 SASENUM;SASENUM;c:\program files\SUPERspecialawesome\SASENUM.SYS [5/26/2009 10:05 AM 7408]

S3 IOIDDEV;IOIDDEV;\??\c:\program files\SurvivalProject\config\ioid.sys --> c:\program files\SurvivalProject\config\ioid.sys [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm694YYCA

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\docume~1\ADMINI~1\APPLIC~1\Mozilla\Firefox\Profiles\j835byhx.default\

FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-17 03:19

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

Completion time: 2009-08-17 3:25 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-17 07:25

ComboFix2.txt 2009-08-11 20:20

Pre-Run: 15,165,534,208 bytes free

Post-Run: 15,191,437,312 bytes free

138 --- E O F --- 2008-03-21 07:02

Sorry for a somewhat late reply, my internet stopped working for a while.

Link to post
Share on other sites

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:22:47 PM, on 8/17/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\ManualPatcherv74.exe

C:\Program Files\MShizzle\mbam.exe

C:\Documents and Settings\Administrator\Desktop\ry9wwv9d.exe

C:\Program Files\Trend Micro\HijackThis\AntiDisestablishmentarianism.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Download Studio Click Monitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\MShizzle\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERspecialawesome\SUPERSpecialAWESOME.exe

O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm694YYCA

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183728307703

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189341932218

O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--

End of file - 4257 bytes

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.