Results 1 to 3 of 3

Thread: XP 2010 Antivirus crap

  1. #1
    Junior Member
    Join Date
    Jan 2009
    Posts
    29

    Default XP 2010 Antivirus crap

    my apologies for running a fix prior.

    ComboFix 10-02-23.04 - JJB 02/23/2010 23:34:49.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.202 [GMT -8:00]
    Running from: c:\documents and settings\JJB\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\crt.dat
    E:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_6TO4
    -------\Legacy_OREANS32
    -------\Service_oreans32


    ((((((((((((((((((((((((( Files Created from 2010-01-24 to 2010-02-24 )))))))))))))))))))))))))))))))
    .

    2010-02-24 07:19 . 2010-02-24 07:20 -------- d-----w- c:\program files\ERUNT
    2010-02-24 05:52 . 2010-02-24 05:52 -------- d-----w- c:\program files\Trend Micro
    2010-02-24 05:21 . 2010-02-24 05:21 -------- d-----w- c:\documents and settings\JJB\Application Data\Malwarebytes
    2010-02-24 05:21 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-24 05:21 . 2010-02-24 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-02-24 05:21 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-24 05:21 . 2010-02-24 05:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-23 09:17 . 2010-02-23 09:18 -------- d-----w- c:\program files\Medieval CUE Splitter
    2010-02-20 10:35 . 2010-02-20 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
    2010-02-20 10:32 . 2010-02-20 10:32 -------- d-----w- c:\windows\Downloaded Installations
    2010-02-20 10:01 . 2010-02-20 10:01 -------- d-----w- C:\THM
    2010-02-20 04:46 . 2010-02-20 04:46 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-02-20 01:21 . 2010-02-23 08:11 -------- d-----w- c:\program files\mp3DirectCut
    2010-02-19 23:20 . 2008-11-19 17:41 16640 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys
    2010-02-19 22:35 . 2010-02-19 22:35 -------- d-----w- c:\documents and settings\JJB\Application Data\GetGo Software
    2010-02-19 22:33 . 2010-02-19 22:33 -------- d-----w- c:\program files\GetGo Software
    2010-02-15 19:16 . 2010-02-15 19:16 -------- d-----w- c:\program files\nicmp4
    2010-02-11 11:36 . 2010-02-11 11:55 -------- d-----w- C:\92daae41f6266307aa34e3
    2010-01-29 02:53 . 2010-01-29 02:53 -------- d-----w- c:\documents and settings\JJB\Application Data\Facebook

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-24 07:23 . 2009-11-06 03:23 0 ----a-w- c:\documents and settings\JJB\Local Settings\Application Data\prvlcl.dat
    2010-02-23 11:21 . 2010-01-08 19:46 579696 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-02-22 07:39 . 2009-05-04 05:31 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-02-22 00:29 . 2009-09-24 07:11 -------- d-----w- c:\documents and settings\JJB\Application Data\BitTorrent
    2010-02-20 04:49 . 2009-07-29 19:43 -------- d-----w- c:\program files\Winnydows
    2010-02-20 03:55 . 2009-05-14 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
    2010-02-19 22:21 . 2009-10-24 07:50 -------- d-----w- c:\documents and settings\JJB\Application Data\Orbit
    2010-02-17 03:09 . 2009-05-08 21:26 -------- d-----w- c:\documents and settings\JJB\Application Data\FMZilla
    2010-01-29 02:53 . 2010-01-29 02:53 50354 ----a-w- c:\documents and settings\JJB\Application Data\Facebook\uninstall.exe
    2010-01-27 03:21 . 2010-01-27 03:21 847040 ----a-w- c:\documents and settings\JJB\Application Data\Facebook\axfbootloader.dll
    2010-01-27 03:20 . 2010-01-27 03:20 5578752 ----a-w- c:\documents and settings\JJB\Application Data\Facebook\npfbplugin_1_0_1.dll
    2010-01-19 08:46 . 2010-01-19 08:46 -------- d-----w- c:\program files\MSXML 4.0
    2010-01-18 17:53 . 2009-05-04 06:57 31768 ----a-w- c:\documents and settings\JJB\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-18 17:53 . 2010-01-18 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle VideoSpin
    2010-01-18 17:42 . 2010-01-18 17:42 -------- d-----w- c:\program files\Common Files\Yahoo!
    2010-01-18 17:42 . 2010-01-18 17:42 -------- d-----w- c:\program files\Pinnacle
    2010-01-18 17:32 . 2010-01-18 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
    2010-01-18 16:53 . 2010-01-18 16:53 -------- d-----w- c:\program files\Corel
    2010-01-18 16:20 . 2010-01-18 16:20 286720 ------w- c:\windows\Setup1.exe
    2010-01-18 16:20 . 2010-01-18 16:20 73216 ----a-w- c:\windows\ST6UNST.EXE
    2010-01-18 01:03 . 2009-06-26 21:50 -------- d-----w- c:\program files\Google
    2010-01-17 22:52 . 2010-01-17 22:49 -------- d-----w- c:\documents and settings\JJB\Application Data\avidemux
    2009-12-31 23:41 . 2009-12-31 23:41 -------- d-----w- c:\documents and settings\JJB\Application Data\FFSJ
    2009-12-31 23:38 . 2009-12-31 23:38 4022 ----a-w- c:\windows\unins000.dat
    2009-12-31 23:38 . 2009-12-31 23:38 794906 ----a-w- c:\windows\unins000.exe
    2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-12-20 21:54 . 2009-12-20 21:54 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-12-16 18:43 . 2009-05-04 05:14 343040 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-15 19:14 . 2009-06-19 18:16 22708 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2009-12-08 19:27 . 2004-08-04 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:43 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-12-04 19:38 . 2009-05-04 06:45 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-12-04 19:38 . 2009-05-04 06:45 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-12-04 19:37 . 2009-05-04 06:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2009-11-27 17:11 . 2004-08-04 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
    2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
    2009-11-27 16:07 . 2004-08-04 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
    2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-11-27 16:07 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
    2009-11-27 16:07 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
    2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

    c:\documents and settings\JJB\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-12-04 19:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk
    backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 12:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    2006-11-13 20:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2006-05-16 18:58 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPlayer2_FixUp]
    2007-06-27 05:10 317440 ----a-w- c:\windows\inf\unregmp2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-05-04 07:53 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\SoulseekNS\\slsk.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "<NO NAME>"=

    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/25/2009 12:35 AM 717296]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/3/2009 10:45 PM 333192]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/3/2009 10:45 PM 360584]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/4/2009 11:36 AM 285392]
    R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [11/10/2009 9:07 PM 53307]
    R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2/19/2010 3:20 PM 16640]
    S0 cdemi;cdemi; [x]
    S2 gupdate1c9f6a858dbaca0;Google Update Service (gupdate1c9f6a858dbaca0);c:\program files\Google\Update\GoogleUpdate.exe [6/26/2009 1:51 PM 133104]
    S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [5/11/2009 10:48 PM 299904]
    S3 qcmdmxp;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\drivers\qcmdmxp.sys [12/27/2006 5:38 PM 92800]
    S3 qcserxp;HTC Diagnostic Port (PID 0B03);c:\windows\system32\drivers\qcserxp.sys [7/18/2009 7:35 PM 92800]
    S3 sctdisk;sctdisk;\??\c:\windows\system32\sctdisk.sys --> c:\windows\system32\sctdisk.sys [?]
    S3 ZD1211U(Hawking Technologies);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking Technologies);c:\windows\system32\drivers\ZD1211U.sys [5/3/2009 9:31 PM 247296]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 21:50]

    2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 21:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=14986&l=dis
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\JJB\Application Data\Mozilla\Firefox\Profiles\7q1yr8ke.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|http://www.facebook.com/#!/jjbjjjjj?ref=profile|http://www.google.com/firefox
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - prefs.js: network.proxy.http - 94.154.216.17:808
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\documents and settings\JJB\Application Data\Mozilla\Firefox\Profiles\7q1yr8ke.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\WINNT_x86-msvc\components\libchm.dll
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\JJB\Application Data\Facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    MSConfigStartUp-MaxMenuMgr - c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    AddRemove-VobSub - e:\vobsub\uninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-23 23:46
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spef.sys >>UNKNOWN [0x82391938]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf857bf28
    \Driver\ACPI -> ACPI.sys @ 0xf83d6cb8
    \Driver\atapi -> atapi.sys @ 0xf8391b40
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
    ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
    ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
    NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf829abb0
    PacketIndicateHandler -> NDIS.sys @ 0xf8289a0d
    SendHandler -> NDIS.sys @ 0xf829db40
    user & kernel MBR OK
    malicious code @ sector 0x6a546e0 size 0x1c2 !
    PE file found in sector at 0x06A546E0 !

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3316)
    c:\windows\system32\WININET.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
    c:\progra~1\MICROS~3\rapimgr.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-02-23 23:54:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-02-24 07:54

    Pre-Run: 32,992,825,344 bytes free
    Post-Run: 32,889,237,504 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 9C12FC96C30C56820A8F40582C2562E9


    ================================================
    ================================================
    ================================================
    ================================================
    ================================================
    ================end of comb beg of hjt===============
    ================================================
    ================================================
    ================================================
    ================================================
    ================================================
    ================================================


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:55:37 PM, on 2/23/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14986&l=dis
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c9f6a858dbaca0) (gupdate1c9f6a858dbaca0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    --
    End of file - 5401 bytes
    ------------------------------------
    http://forums.spybot.info/showthread...092#post310092

  2. #2
    Junior Member
    Join Date
    Jan 2009
    Posts
    29

    Default

    slsk deleted now too

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    32,545

    Default

    Hi bjorning,

    Posting to your own topic removed the zero response helpers look for.

    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Also,
    Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days

    If you have waited four days or longer for assistance, please start a topic in this sub-forum and post with a link back to your topic in the HJT forum, so that we know who you are and your topic is not archived.
    As this thread was started Feb 24th, 2010 and it is now March, if you still need assistance please start a new topic.

    Best regards.
    Microsoft MVP. Consumer Security 2006-2014


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •