View Full Version : Log for virus
orcmeister
2007-10-21, 14:10
I have performed the log for my virus but it is too long (89000 characters) what should I do?
orcmeister
2007-10-23, 04:34
I followed your steps and my first log is much to long to try and post but here is my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:10 PM, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\CTHELPER.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wauservice.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
D:\nokia6600\connmngmntbox.exe
D:\nokia6600\ectaskscheduler.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\NOKIA6~2\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\NOKIA6~2\BROADC~1.EXE
D:\NOKIA6~2\SCRFS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavigate.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;<local>;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Powermarks - {6172E460-FAE3-11D2-B494-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntiSpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Windows Audio Service] wauservice.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: STOPzilla.lnk = C:\Program Files\STOPzilla!\STOPzilla.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {CF9DFC05-9367-45E0-81C0-9C27077F0B79} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CF9DFC05-9367-45E0-81C0-9C27077F0B79} - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 11858 bytes
Hi :)
Please post the log in 2 or 3 parts. You could also attach the file to your message.
orcmeister
2007-10-23, 23:01
here is my HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:49 PM, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\CTHELPER.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wauservice.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
D:\nokia6600\connmngmntbox.exe
D:\nokia6600\ectaskscheduler.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\NOKIA6~2\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\NOKIA6~2\BROADC~1.EXE
D:\NOKIA6~2\SCRFS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Warcraft III\Maps\Downloads\W3XMapHack12102.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavigate.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.;<local>;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Powermarks - {6172E460-FAE3-11D2-B494-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntiSpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Windows Audio Service] wauservice.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: STOPzilla.lnk = C:\Program Files\STOPzilla!\STOPzilla.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {CF9DFC05-9367-45E0-81C0-9C27077F0B79} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CF9DFC05-9367-45E0-81C0-9C27077F0B79} - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 11611 bytes
orcmeister
2007-10-24, 03:42
the report is way too big for an attachment i tried sipping it and in pdf its too big for this forum
Hi :)
Ok please upload the Kaspersky log to rapidshare (http://rapidshare.com/)
Then just post the link to your log to me :bigthumb:
orcmeister
2007-10-24, 23:05
here is the link to my report thanks for the help!!!
http://rapidshare.com/files/64920053/kaspersky_report.txt.html
Hi :)
We'll continue..
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.zip) and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
orcmeister
2007-10-26, 00:46
SDFix: Version 1.112
Run by Thomas on 25/10/2007 at 02:02 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\CEP111.TMP - Deleted
C:\CEP14.TMP - Deleted
C:\CEP1B.TMP - Deleted
C:\CEP23.TMP - Deleted
C:\CEP72.TMP - Deleted
C:\CEPB.TMP - Deleted
C:\CEPBA.TMP - Deleted
C:\CEPD2.TMP - Deleted
C:\~GLHTTP1.TMP - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"D:\\MOHAA\\moh_spearhead.exe"="D:\\MOHAA\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\MOHAA\\moh_Breakthrough.exe"="D:\\MOHAA\\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"D:\\WoW\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"="D:\\WoW\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\WoW\\World of Warcraft\\BackgroundDownloader.exe"="D:\\WoW\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"D:\\WoW\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="D:\\WoW\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\SpywareBot\\Quarantine\\06-01-2007-11-07-22\\10030.qit\\LimeWire.exe"="C:\\Program Files\\SpywareBot\\Quarantine\\06-01-2007-11-07-22\\10030.qit\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"="C:\\Program Files\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sun 11 Jan 2004 18 A..H. --- "C:\WINDOWS\system32\ln32k.DLL"
Sat 20 Oct 2007 51,712 ..SHR --- "C:\WINDOWS\system32\wauservice.exe"
Thu 28 Apr 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 25 Oct 2004 20,992 A..H. --- "C:\Documents and Settings\Thomas\My Documents\~WRL0479.tmp"
Tue 3 Aug 2004 53,248 A.SHR --- "C:\WINDOWS\system32\drivers\1394bus.sys"
Tue 3 Aug 2004 187,776 A.SHR --- "C:\WINDOWS\system32\drivers\acpi.sys"
Thu 29 Aug 2002 11,648 A.SHR --- "C:\WINDOWS\system32\drivers\acpiec.sys"
Wed 4 Aug 2004 4,255 ..SHR --- "C:\WINDOWS\system32\drivers\adv01nt5.dll"
Wed 4 Aug 2004 3,967 ..SHR --- "C:\WINDOWS\system32\drivers\adv02nt5.dll"
Wed 4 Aug 2004 3,615 ..SHR --- "C:\WINDOWS\system32\drivers\adv05nt5.dll"
Wed 4 Aug 2004 3,647 ..SHR --- "C:\WINDOWS\system32\drivers\adv07nt5.dll"
Wed 4 Aug 2004 3,135 ..SHR --- "C:\WINDOWS\system32\drivers\adv08nt5.dll"
Wed 4 Aug 2004 3,711 ..SHR --- "C:\WINDOWS\system32\drivers\adv09nt5.dll"
Wed 4 Aug 2004 3,775 ..SHR --- "C:\WINDOWS\system32\drivers\adv11nt5.dll"
Tue 14 Feb 2006 142,464 A.SHR --- "C:\WINDOWS\system32\drivers\aec.sys"
Tue 3 Aug 2004 138,496 A.SHR --- "C:\WINDOWS\system32\drivers\afd.sys"
Tue 3 Aug 2004 42,368 ..SHR --- "C:\WINDOWS\system32\drivers\agp440.sys"
Tue 3 Aug 2004 44,928 ..SHR --- "C:\WINDOWS\system32\drivers\agpcpq.sys"
Tue 3 Aug 2004 42,752 ..SHR --- "C:\WINDOWS\system32\drivers\alim1541.sys"
Tue 3 Aug 2004 43,008 ..SHR --- "C:\WINDOWS\system32\drivers\amdagp.sys"
Tue 3 Aug 2004 36,992 A.SHR --- "C:\WINDOWS\system32\drivers\amdk6.sys"
Tue 3 Aug 2004 37,376 A.SHR --- "C:\WINDOWS\system32\drivers\amdk7.sys"
Tue 3 Aug 2004 60,800 A.SHR --- "C:\WINDOWS\system32\drivers\arp1394.sys"
Tue 3 Aug 2004 14,336 A.SHR --- "C:\WINDOWS\system32\drivers\asyncmac.sys"
Tue 3 Aug 2004 95,360 A.SHR --- "C:\WINDOWS\system32\drivers\atapi.sys"
Tue 3 Aug 2004 56,623 ..SHR --- "C:\WINDOWS\system32\drivers\ati1btxx.sys"
Tue 3 Aug 2004 11,615 ..SHR --- "C:\WINDOWS\system32\drivers\ati1mdxx.sys"
Tue 3 Aug 2004 12,047 ..SHR --- "C:\WINDOWS\system32\drivers\ati1pdxx.sys"
Tue 3 Aug 2004 30,671 ..SHR --- "C:\WINDOWS\system32\drivers\ati1raxx.sys"
Tue 3 Aug 2004 63,663 ..SHR --- "C:\WINDOWS\system32\drivers\ati1rvxx.sys"
Tue 3 Aug 2004 26,367 ..SHR --- "C:\WINDOWS\system32\drivers\ati1snxx.sys"
Tue 3 Aug 2004 21,343 ..SHR --- "C:\WINDOWS\system32\drivers\ati1ttxx.sys"
Tue 3 Aug 2004 36,463 ..SHR --- "C:\WINDOWS\system32\drivers\ati1tuxx.sys"
Tue 3 Aug 2004 29,455 ..SHR --- "C:\WINDOWS\system32\drivers\ati1xbxx.sys"
Tue 3 Aug 2004 34,735 ..SHR --- "C:\WINDOWS\system32\drivers\ati1xsxx.sys"
Tue 3 Aug 2004 327,040 ..SHR --- "C:\WINDOWS\system32\drivers\ati2mtaa.sys"
Tue 3 Aug 2004 701,440 ..SHR --- "C:\WINDOWS\system32\drivers\ati2mtag.sys"
Tue 3 Aug 2004 57,856 ..SHR --- "C:\WINDOWS\system32\drivers\atinbtxx.sys"
Tue 3 Aug 2004 13,824 ..SHR --- "C:\WINDOWS\system32\drivers\atinmdxx.sys"
Tue 3 Aug 2004 14,336 ..SHR --- "C:\WINDOWS\system32\drivers\atinpdxx.sys"
Tue 3 Aug 2004 52,224 ..SHR --- "C:\WINDOWS\system32\drivers\atinraxx.sys"
Tue 3 Aug 2004 104,960 ..SHR --- "C:\WINDOWS\system32\drivers\atinrvxx.sys"
Tue 3 Aug 2004 28,672 ..SHR --- "C:\WINDOWS\system32\drivers\atinsnxx.sys"
Tue 3 Aug 2004 13,824 ..SHR --- "C:\WINDOWS\system32\drivers\atinttxx.sys"
Tue 3 Aug 2004 73,216 ..SHR --- "C:\WINDOWS\system32\drivers\atintuxx.sys"
Tue 3 Aug 2004 31,744 ..SHR --- "C:\WINDOWS\system32\drivers\atinxbxx.sys"
Tue 3 Aug 2004 63,488 ..SHR --- "C:\WINDOWS\system32\drivers\atinxsxx.sys"
Tue 3 Aug 2004 59,904 A.SHR --- "C:\WINDOWS\system32\drivers\atmarpc.sys"
Thu 29 Aug 2002 31,360 A.SHR --- "C:\WINDOWS\system32\drivers\atmepvc.sys"
Tue 3 Aug 2004 55,936 A.SHR --- "C:\WINDOWS\system32\drivers\atmlane.sys"
Thu 29 Aug 2002 352,256 A.SHR --- "C:\WINDOWS\system32\drivers\atmuni.sys"
Wed 4 Aug 2004 21,183 ..SHR --- "C:\WINDOWS\system32\drivers\atv01nt5.dll"
Wed 4 Aug 2004 11,359 ..SHR --- "C:\WINDOWS\system32\drivers\atv02nt5.dll"
Wed 4 Aug 2004 25,471 ..SHR --- "C:\WINDOWS\system32\drivers\atv04nt5.dll"
Wed 4 Aug 2004 14,143 ..SHR --- "C:\WINDOWS\system32\drivers\atv06nt5.dll"
Wed 4 Aug 2004 17,279 ..SHR --- "C:\WINDOWS\system32\drivers\atv10nt5.dll"
Fri 17 Aug 2001 3,072 A.SHR --- "C:\WINDOWS\system32\drivers\audstub.sys"
Tue 3 Aug 2004 11,776 A.SHR --- "C:\WINDOWS\system32\drivers\bdasup.sys"
Thu 29 Aug 2002 4,224 A.SHR --- "C:\WINDOWS\system32\drivers\beep.sys"
Tue 3 Aug 2004 71,552 A.SHR --- "C:\WINDOWS\system32\drivers\bridge.sys"
Mon 24 Jul 2000 19,537 A.SHR --- "C:\WINDOWS\system32\drivers\BRPAR.SYS"
Wed 20 Feb 2002 6,430 A.SHR --- "C:\WINDOWS\system32\drivers\BT3CSer.sys"
Mon 14 Apr 2003 55,616 A.SHR --- "C:\WINDOWS\system32\drivers\Btcomm.sys"
Tue 3 Aug 2004 17,024 ..SHR --- "C:\WINDOWS\system32\drivers\bthenum.sys"
Tue 3 Aug 2004 38,016 ..SHR --- "C:\WINDOWS\system32\drivers\bthmodem.sys"
orcmeister
2007-10-26, 00:48
Tue 3 Aug 2004 100,992 ..SHR --- "C:\WINDOWS\system32\drivers\bthpan.sys"
Tue 3 Aug 2004 274,304 ..SHR --- "C:\WINDOWS\system32\drivers\bthport.sys"
Tue 3 Aug 2004 35,456 ..SHR --- "C:\WINDOWS\system32\drivers\bthprint.sys"
Tue 3 Aug 2004 18,944 ..SHR --- "C:\WINDOWS\system32\drivers\bthusb.sys"
Tue 18 Mar 2003 15,876 A.SHR --- "C:\WINDOWS\system32\drivers\BtKrnBdg.sys"
Wed 20 Feb 2002 32,131 A.SHR --- "C:\WINDOWS\system32\drivers\BtLegacy.sys"
Thu 29 Aug 2002 13,952 A.SHR --- "C:\WINDOWS\system32\drivers\cbidf2k.sys"
Tue 3 Aug 2004 17,024 A.SHR --- "C:\WINDOWS\system32\drivers\ccdecode.sys"
Thu 8 Jun 2000 41,520 A.SHR --- "C:\WINDOWS\system32\drivers\ccport.sys"
Tue 3 Aug 2004 63,744 A.SHR --- "C:\WINDOWS\system32\drivers\cdfs.sys"
Tue 3 Aug 2004 49,536 A.SHR --- "C:\WINDOWS\system32\drivers\cdrom.sys"
Wed 4 Aug 2004 15,423 ..SHR --- "C:\WINDOWS\system32\drivers\ch7xxnt5.dll"
Thu 29 Aug 2002 262,528 A.SHR --- "C:\WINDOWS\system32\drivers\cinemst2.sys"
Tue 3 Aug 2004 49,664 A.SHR --- "C:\WINDOWS\system32\drivers\classpnp.sys"
Thu 29 Aug 2002 11,776 A.SHR --- "C:\WINDOWS\system32\drivers\cpqdap01.sys"
Tue 3 Aug 2004 36,480 A.SHR --- "C:\WINDOWS\system32\drivers\crusoe.sys"
Wed 29 Oct 2003 24,523 ..SHR --- "C:\WINDOWS\system32\drivers\csrbc01.sys"
Wed 8 Oct 2003 177,456 A.SHR --- "C:\WINDOWS\system32\drivers\CTOSS9X.SYS"
Tue 3 Aug 2004 36,352 A.SHR --- "C:\WINDOWS\system32\drivers\disk.sys"
Tue 3 Aug 2004 14,208 A.SHR --- "C:\WINDOWS\system32\drivers\diskdump.sys"
Tue 3 Aug 2004 799,744 A.SHR --- "C:\WINDOWS\system32\drivers\dmboot.sys"
Thu 29 Aug 2002 5,888 A.SHR --- "C:\WINDOWS\system32\drivers\dmload.sys"
Tue 3 Aug 2004 52,864 A.SHR --- "C:\WINDOWS\system32\drivers\dmusic.sys"
Tue 3 Aug 2004 2,944 A.SHR --- "C:\WINDOWS\system32\drivers\drmkaud.sys"
Thu 29 Aug 2002 10,496 A.SHR --- "C:\WINDOWS\system32\drivers\dxapi.sys"
Tue 3 Aug 2004 71,040 A.SHR --- "C:\WINDOWS\system32\drivers\dxg.sys"
Thu 29 Aug 2002 3,328 A.SHR --- "C:\WINDOWS\system32\drivers\dxgthk.sys"
Fri 17 Aug 2001 6,400 A.SHR --- "C:\WINDOWS\system32\drivers\enum1394.sys"
Tue 3 Aug 2004 143,360 A.SHR --- "C:\WINDOWS\system32\drivers\fastfat.sys"
Tue 3 Aug 2004 27,392 A.SHR --- "C:\WINDOWS\system32\drivers\fdc.sys"
Thu 29 Aug 2002 34,944 A.SHR --- "C:\WINDOWS\system32\drivers\fips.sys"
Tue 3 Aug 2004 20,480 A.SHR --- "C:\WINDOWS\system32\drivers\flpydisk.sys"
Mon 21 Aug 2006 128,896 ..SHR --- "C:\WINDOWS\system32\drivers\fltmgr.sys"
Thu 29 Aug 2002 12,160 A.SHR --- "C:\WINDOWS\system32\drivers\fsvga.sys"
Thu 29 Aug 2002 7,936 A.SHR --- "C:\WINDOWS\system32\drivers\fs_rec.sys"
Thu 29 Aug 2002 125,056 A.SHR --- "C:\WINDOWS\system32\drivers\ftdisk.sys"
Tue 3 Aug 2004 46,464 ..SHR --- "C:\WINDOWS\system32\drivers\gagp30kx.sys"
Tue 3 Aug 2004 25,600 ..SHR --- "C:\WINDOWS\system32\drivers\hidbth.sys"
Tue 3 Aug 2004 36,224 A.SHR --- "C:\WINDOWS\system32\drivers\hidclass.sys"
Tue 3 Aug 2004 15,104 ..SHR --- "C:\WINDOWS\system32\drivers\hidir.sys"
Tue 3 Aug 2004 24,960 A.SHR --- "C:\WINDOWS\system32\drivers\hidparse.sys"
Fri 17 Aug 2001 9,600 A.SHR --- "C:\WINDOWS\system32\drivers\hidusb.sys"
Tue 3 Aug 2004 220,032 ..SHR --- "C:\WINDOWS\system32\drivers\hsfbs2s2.sys"
Tue 3 Aug 2004 685,056 ..SHR --- "C:\WINDOWS\system32\drivers\hsfcxts2.sys"
Tue 3 Aug 2004 1,041,536 ..SHR --- "C:\WINDOWS\system32\drivers\hsfdpsp2.sys"
Thu 16 Mar 2006 262,784 ..SHR --- "C:\WINDOWS\system32\drivers\http.sys"
Tue 3 Aug 2004 52,736 A.SHR --- "C:\WINDOWS\system32\drivers\i8042prt.sys"
Tue 2 Mar 2004 5,504 ..SHR --- "C:\WINDOWS\system32\drivers\imagedrv.sys"
Tue 2 Mar 2004 125,184 ..SHR --- "C:\WINDOWS\system32\drivers\imagesrv.sys"
Tue 3 Aug 2004 41,856 A.SHR --- "C:\WINDOWS\system32\drivers\imapi.sys"
Tue 3 Aug 2004 36,096 ..SHR --- "C:\WINDOWS\system32\drivers\intelppm.sys"
Tue 3 Aug 2004 29,056 ..SHR --- "C:\WINDOWS\system32\drivers\ip6fw.sys"
Thu 29 Aug 2002 32,896 A.SHR --- "C:\WINDOWS\system32\drivers\ipfltdrv.sys"
Tue 3 Aug 2004 20,992 A.SHR --- "C:\WINDOWS\system32\drivers\ipinip.sys"
Wed 29 Sep 2004 134,912 A.SHR --- "C:\WINDOWS\system32\drivers\ipnat.sys"
Tue 3 Aug 2004 74,752 A.SHR --- "C:\WINDOWS\system32\drivers\ipsec.sys"
Tue 3 Aug 2004 40,832 ..SHR --- "C:\WINDOWS\system32\drivers\irbus.sys"
Tue 3 Aug 2004 11,264 A.SHR --- "C:\WINDOWS\system32\drivers\irenum.sys"
Thu 29 Aug 2002 35,840 A.SHR --- "C:\WINDOWS\system32\drivers\isapnp.sys"
Tue 3 Aug 2004 24,576 A.SHR --- "C:\WINDOWS\system32\drivers\kbdclass.sys"
Wed 14 Jun 2006 172,416 A.SHR --- "C:\WINDOWS\system32\drivers\kmixer.sys"
Tue 3 Aug 2004 92,032 A.SHR --- "C:\WINDOWS\system32\drivers\ksecdd.sys"
Thu 29 Aug 2002 7,680 A.SHR --- "C:\WINDOWS\system32\drivers\mcd.sys"
Tue 3 Aug 2004 11,868 ..SHR --- "C:\WINDOWS\system32\drivers\mdmxsdk.sys"
Tue 3 Aug 2004 63,744 A.SHR --- "C:\WINDOWS\system32\drivers\mf.sys"
Thu 29 Aug 2002 4,224 A.SHR --- "C:\WINDOWS\system32\drivers\mnmdd.sys"
Tue 3 Aug 2004 30,080 A.SHR --- "C:\WINDOWS\system32\drivers\modem.sys"
Tue 3 Aug 2004 23,040 A.SHR --- "C:\WINDOWS\system32\drivers\mouclass.sys"
Fri 17 Aug 2001 12,160 A.SHR --- "C:\WINDOWS\system32\drivers\mouhid.sys"
Tue 3 Aug 2004 42,240 A.SHR --- "C:\WINDOWS\system32\drivers\mountmgr.sys"
Tue 3 Aug 2004 15,360 A.SHR --- "C:\WINDOWS\system32\drivers\mpe.sys"
Tue 3 Aug 2004 72,960 A.SHR --- "C:\WINDOWS\system32\drivers\mqac.sys"
Tue 3 Aug 2004 181,248 A.SHR --- "C:\WINDOWS\system32\drivers\mrxdav.sys"
Fri 5 May 2006 453,120 A.SHR --- "C:\WINDOWS\system32\drivers\mrxsmb.sys"
Tue 3 Aug 2004 51,328 A.SHR --- "C:\WINDOWS\system32\drivers\msdv.sys"
Tue 3 Aug 2004 19,072 A.SHR --- "C:\WINDOWS\system32\drivers\msfs.sys"
Tue 3 Aug 2004 35,072 A.SHR --- "C:\WINDOWS\system32\drivers\msgpc.sys"
Tue 3 Aug 2004 7,552 A.SHR --- "C:\WINDOWS\system32\drivers\mskssrv.sys"
Tue 3 Aug 2004 5,376 A.SHR --- "C:\WINDOWS\system32\drivers\mspclock.sys"
Tue 3 Aug 2004 4,992 A.SHR --- "C:\WINDOWS\system32\drivers\mspqm.sys"
Tue 3 Aug 2004 15,488 ..SHR --- "C:\WINDOWS\system32\drivers\mssmbios.sys"
Tue 3 Aug 2004 5,504 A.SHR --- "C:\WINDOWS\system32\drivers\mstee.sys"
Tue 3 Aug 2004 126,686 ..SHR --- "C:\WINDOWS\system32\drivers\mtlmnt5.sys"
Tue 3 Aug 2004 1,309,184 ..SHR --- "C:\WINDOWS\system32\drivers\mtlstrm.sys"
Tue 3 Aug 2004 452,736 ..SHR --- "C:\WINDOWS\system32\drivers\mtxparhm.sys"
Tue 3 Aug 2004 107,904 A.SHR --- "C:\WINDOWS\system32\drivers\mup.sys"
Tue 3 Aug 2004 12,672 ..SHR --- "C:\WINDOWS\system32\drivers\mutohpen.sys"
Tue 3 Aug 2004 85,376 A.SHR --- "C:\WINDOWS\system32\drivers\nabtsfec.sys"
Tue 3 Aug 2004 182,912 A.SHR --- "C:\WINDOWS\system32\drivers\ndis.sys"
Tue 3 Aug 2004 10,880 A.SHR --- "C:\WINDOWS\system32\drivers\ndisip.sys"
Thu 29 Aug 2002 9,600 A.SHR --- "C:\WINDOWS\system32\drivers\ndistapi.sys"
Tue 3 Aug 2004 91,776 A.SHR --- "C:\WINDOWS\system32\drivers\ndiswan.sys"
Thu 29 Aug 2002 38,016 A.SHR --- "C:\WINDOWS\system32\drivers\ndproxy.sys"
Tue 3 Aug 2004 34,560 A.SHR --- "C:\WINDOWS\system32\drivers\netbios.sys"
Tue 3 Aug 2004 162,816 A.SHR --- "C:\WINDOWS\system32\drivers\netbt.sys"
Tue 3 Aug 2004 61,824 A.SHR --- "C:\WINDOWS\system32\drivers\nic1394.sys"
Thu 29 Aug 2002 12,032 A.SHR --- "C:\WINDOWS\system32\drivers\nikedrv.sys"
Tue 3 Aug 2004 40,320 A.SHR --- "C:\WINDOWS\system32\drivers\nmnt.sys"
Tue 3 Aug 2004 30,848 A.SHR --- "C:\WINDOWS\system32\drivers\npfs.sys"
Fri 9 Feb 2007 574,464 A.SHR --- "C:\WINDOWS\system32\drivers\ntfs.sys"
Tue 3 Aug 2004 180,360 ..SHR --- "C:\WINDOWS\system32\drivers\ntmtlfax.sys"
Thu 29 Aug 2002 2,944 A.SHR --- "C:\WINDOWS\system32\drivers\null.sys"
Fri 1 Apr 2005 3,454,656 A.SHR --- "C:\WINDOWS\system32\drivers\nv4_mini.sys"
Thu 29 Aug 2002 12,416 A.SHR --- "C:\WINDOWS\system32\drivers\nwlnkflt.sys"
Thu 29 Aug 2002 32,512 A.SHR --- "C:\WINDOWS\system32\drivers\nwlnkfwd.sys"
Tue 3 Aug 2004 88,448 A.SHR --- "C:\WINDOWS\system32\drivers\nwlnkipx.sys"
Thu 29 Aug 2002 63,232 A.SHR --- "C:\WINDOWS\system32\drivers\nwlnknb.sys"
Thu 29 Aug 2002 55,936 A.SHR --- "C:\WINDOWS\system32\drivers\nwlnkspx.sys"
Fri 13 Oct 2006 163,584 A.SHR --- "C:\WINDOWS\system32\drivers\nwrdr.sys"
Tue 3 Aug 2004 61,056 A.SHR --- "C:\WINDOWS\system32\drivers\ohci1394.sys"
Mon 18 Sep 2000 160,073 A.SHR --- "C:\WINDOWS\system32\drivers\omcamvid.sys"
Thu 29 Aug 2002 3,456 A.SHR --- "C:\WINDOWS\system32\drivers\oprghdlr.sys"
Mon 18 Sep 2000 25,390 A.SHR --- "C:\WINDOWS\system32\drivers\ovtcamd.sys"
Tue 3 Aug 2004 42,496 A.SHR --- "C:\WINDOWS\system32\drivers\p3.sys"
Tue 3 Aug 2004 80,128 A.SHR --- "C:\WINDOWS\system32\drivers\parport.sys"
Thu 29 Aug 2002 18,688 A.SHR --- "C:\WINDOWS\system32\drivers\partmgr.sys"
Thu 29 Aug 2002 6,784 A.SHR --- "C:\WINDOWS\system32\drivers\parvdm.sys"
Tue 3 Aug 2004 68,224 A.SHR --- "C:\WINDOWS\system32\drivers\pci.sys"
Thu 29 Aug 2002 3,328 A.SHR --- "C:\WINDOWS\system32\drivers\pciide.sys"
Tue 3 Aug 2004 25,088 A.SHR --- "C:\WINDOWS\system32\drivers\pciidex.sys"
Tue 3 Aug 2004 119,936 A.SHR --- "C:\WINDOWS\system32\drivers\pcmcia.sys"
Tue 3 Aug 2004 35,328 A.SHR --- "C:\WINDOWS\system32\drivers\processr.sys"
Tue 3 Aug 2004 69,120 A.SHR --- "C:\WINDOWS\system32\drivers\psched.sys"
Thu 29 Aug 2002 17,792 A.SHR --- "C:\WINDOWS\system32\drivers\ptilink.sys"
Fri 11 Mar 2005 20,640 ..SHR --- "C:\WINDOWS\system32\drivers\pxhelp20.sys"
Thu 29 Aug 2002 8,832 A.SHR --- "C:\WINDOWS\system32\drivers\rasacd.sys"
Tue 3 Aug 2004 51,328 A.SHR --- "C:\WINDOWS\system32\drivers\rasl2tp.sys"
Tue 3 Aug 2004 41,472 A.SHR --- "C:\WINDOWS\system32\drivers\raspppoe.sys"
Tue 3 Aug 2004 48,384 A.SHR --- "C:\WINDOWS\system32\drivers\raspptp.sys"
Thu 29 Aug 2002 16,512 A.SHR --- "C:\WINDOWS\system32\drivers\raspti.sys"
Thu 29 Aug 2002 34,432 A.SHR --- "C:\WINDOWS\system32\drivers\rawwan.sys"
Fri 5 May 2006 174,592 A.SHR --- "C:\WINDOWS\system32\drivers\rdbss.sys"
Thu 29 Aug 2002 4,224 A.SHR --- "C:\WINDOWS\system32\drivers\rdpcdd.sys"
Tue 3 Aug 2004 196,864 A.SHR --- "C:\WINDOWS\system32\drivers\rdpdr.sys"
Thu 9 Jun 2005 139,528 A.SHR --- "C:\WINDOWS\system32\drivers\rdpwd.sys"
Tue 3 Aug 2004 13,776 ..SHR --- "C:\WINDOWS\system32\drivers\recagent.sys"
Tue 3 Aug 2004 57,472 A.SHR --- "C:\WINDOWS\system32\drivers\redbook.sys"
Tue 3 Aug 2004 59,648 ..SHR --- "C:\WINDOWS\system32\drivers\rfcomm.sys"
Thu 29 Aug 2002 12,032 A.SHR --- "C:\WINDOWS\system32\drivers\rio8drv.sys"
Thu 29 Aug 2002 12,032 A.SHR --- "C:\WINDOWS\system32\drivers\riodrv.sys"
Thu 13 Jul 2006 202,240 A.SHR --- "C:\WINDOWS\system32\drivers\rmcast.sys"
Thu 20 Oct 2005 30,592 A.SHR --- "C:\WINDOWS\system32\drivers\rndismp.sys"
Thu 20 Oct 2005 30,592 ..SHR --- "C:\WINDOWS\system32\drivers\rndismpx.sys"
Thu 29 Aug 2002 5,888 A.SHR --- "C:\WINDOWS\system32\drivers\rootmdm.sys"
Tue 3 Aug 2004 20,992 A.SHR --- "C:\WINDOWS\system32\drivers\rtl8139.sys"
Tue 3 Aug 2004 166,912 ..SHR --- "C:\WINDOWS\system32\drivers\s3gnbm.sys"
Tue 3 Aug 2004 96,256 A.SHR --- "C:\WINDOWS\system32\drivers\scsiport.sys"
Tue 3 Aug 2004 67,584 ..SHR --- "C:\WINDOWS\system32\drivers\sdbus.sys"
Sat 17 Jul 2004 27,440 A.SHR --- "C:\WINDOWS\system32\drivers\secdrv.sys"
Tue 3 Aug 2004 15,488 A.SHR --- "C:\WINDOWS\system32\drivers\serenum.sys"
Tue 3 Aug 2004 64,896 A.SHR --- "C:\WINDOWS\system32\drivers\serial.sys"
Tue 3 Aug 2004 11,136 ..SHR --- "C:\WINDOWS\system32\drivers\sffdisk.sys"
Tue 3 Aug 2004 10,240 ..SHR --- "C:\WINDOWS\system32\drivers\sffp_sd.sys"
Tue 3 Aug 2004 11,392 A.SHR --- "C:\WINDOWS\system32\drivers\sfloppy.sys"
Wed 4 Aug 2004 3,901 ..SHR --- "C:\WINDOWS\system32\drivers\siint5.dll"
Tue 3 Aug 2004 41,088 A.SHR --- "C:\WINDOWS\system32\drivers\sisagp.sys"
Tue 3 Aug 2004 32,768 A.SHR --- "C:\WINDOWS\system32\drivers\sisnic.sys"
Tue 3 Aug 2004 11,136 A.SHR --- "C:\WINDOWS\system32\drivers\slip.sys"
Tue 3 Aug 2004 129,535 ..SHR --- "C:\WINDOWS\system32\drivers\slnt7554.sys"
Tue 3 Aug 2004 404,990 ..SHR --- "C:\WINDOWS\system32\drivers\slntamr.sys"
Tue 3 Aug 2004 95,424 ..SHR --- "C:\WINDOWS\system32\drivers\slnthal.sys"
Tue 3 Aug 2004 13,240 ..SHR --- "C:\WINDOWS\system32\drivers\slwdmsup.sys"
Tue 3 Aug 2004 6,016 ..SHR --- "C:\WINDOWS\system32\drivers\smbali.sys"
Thu 29 Aug 2002 14,592 A.SHR --- "C:\WINDOWS\system32\drivers\smclib.sys"
Tue 3 Aug 2004 25,472 A.SHR --- "C:\WINDOWS\system32\drivers\sonydcam.sys"
Wed 14 Jun 2006 6,400 A.SHR --- "C:\WINDOWS\system32\drivers\splitter.sys"
Tue 3 Aug 2004 73,472 A.SHR --- "C:\WINDOWS\system32\drivers\sr.sys"
Mon 14 Aug 2006 332,928 A.SHR --- "C:\WINDOWS\system32\drivers\srv.sys"
Sat 18 Dec 2004 38,229 ..SHR --- "C:\WINDOWS\system32\drivers\StMp3Rec.sys"
Tue 3 Aug 2004 15,360 A.SHR --- "C:\WINDOWS\system32\drivers\streamip.sys"
Tue 3 Aug 2004 4,352 A.SHR --- "C:\WINDOWS\system32\drivers\swenum.sys"
Fri 17 Aug 2001 54,272 A.SHR --- "C:\WINDOWS\system32\drivers\swmidi.sys"
Tue 5 Apr 2005 11,512 A.SHR --- "C:\WINDOWS\system32\drivers\symdns.sys"
Thu 28 Jul 2005 123,712 A.SHR --- "C:\WINDOWS\system32\drivers\SYMEVENT.SYS"
Tue 5 Apr 2005 173,208 A.SHR --- "C:\WINDOWS\system32\drivers\symfw.sys"
Tue 5 Apr 2005 36,984 A.SHR --- "C:\WINDOWS\system32\drivers\symids.sys"
Thu 1 Jul 2004 170,208 A.SHR --- "C:\WINDOWS\system32\drivers\SymIDSCo.sys"
Tue 5 Apr 2005 47,192 A.SHR --- "C:\WINDOWS\system32\drivers\symndis.sys"
Tue 5 Apr 2005 17,976 A.SHR --- "C:\WINDOWS\system32\drivers\symredrv.sys"
Tue 5 Apr 2005 267,192 A.SHR --- "C:\WINDOWS\system32\drivers\symtdi.sys"
Tue 3 Aug 2004 14,976 A.SHR --- "C:\WINDOWS\system32\drivers\tape.sys"
Thu 20 Apr 2006 359,808 A.SHR --- "C:\WINDOWS\system32\drivers\tcpip.sys"
Wed 16 Aug 2006 225,664 A.SHR --- "C:\WINDOWS\system32\drivers\tcpip6.sys"
Tue 3 Aug 2004 18,560 A.SHR --- "C:\WINDOWS\system32\drivers\tdi.sys"
Wed 4 Aug 2004 12,040 A.SHR --- "C:\WINDOWS\system32\drivers\tdpipe.sys"
Wed 4 Aug 2004 21,896 A.SHR --- "C:\WINDOWS\system32\drivers\tdtcp.sys"
Wed 4 Aug 2004 40,840 A.SHR --- "C:\WINDOWS\system32\drivers\termdd.sys"
Thu 29 Aug 2002 51,712 A.SHR --- "C:\WINDOWS\system32\drivers\tosdvd.sys"
Thu 29 Aug 2002 21,376 A.SHR --- "C:\WINDOWS\system32\drivers\tsbvcap.sys"
Tue 3 Aug 2004 12,416 A.SHR --- "C:\WINDOWS\system32\drivers\tunmp.sys"
Tue 3 Aug 2004 44,672 ..SHR --- "C:\WINDOWS\system32\drivers\uagp35.sys"
Tue 3 Aug 2004 66,176 A.SHR --- "C:\WINDOWS\system32\drivers\udfs.sys"
Mon 23 Apr 2007 364,160 A.SHR --- "C:\WINDOWS\system32\drivers\update.sys"
Thu 20 Oct 2005 12,800 A.SHR --- "C:\WINDOWS\system32\drivers\usb8023.sys"
Thu 20 Oct 2005 12,800 ..SHR --- "C:\WINDOWS\system32\drivers\usb8023x.sys"
Thu 29 Aug 2002 23,808 A.SHR --- "C:\WINDOWS\system32\drivers\usbcamd.sys"
Thu 29 Aug 2002 23,936 A.SHR --- "C:\WINDOWS\system32\drivers\usbcamd2.sys"
Thu 29 Aug 2002 4,736 A.SHR --- "C:\WINDOWS\system32\drivers\usbd.sys"
Tue 3 Aug 2004 26,624 A.SHR --- "C:\WINDOWS\system32\drivers\usbehci.sys"
Tue 3 Aug 2004 57,600 A.SHR --- "C:\WINDOWS\system32\drivers\usbhub.sys"
Tue 3 Aug 2004 16,000 A.SHR --- "C:\WINDOWS\system32\drivers\usbintel.sys"
Tue 3 Aug 2004 17,024 A.SHR --- "C:\WINDOWS\system32\drivers\usbohci.sys"
Tue 3 Aug 2004 142,976 A.SHR --- "C:\WINDOWS\system32\drivers\usbport.sys"
Tue 3 Aug 2004 25,856 A.SHR --- "C:\WINDOWS\system32\drivers\usbprint.sys"
Tue 3 Aug 2004 25,600 ..SHR --- "C:\WINDOWS\system32\drivers\usbser.sys"
Tue 3 Aug 2004 26,496 A.SHR --- "C:\WINDOWS\system32\drivers\usbstor.sys"
Tue 3 Aug 2004 78,464 ..SHR --- "C:\WINDOWS\system32\drivers\usbvideo.sys"
Wed 5 Nov 2003 19,840 ..SHR --- "C:\WINDOWS\system32\drivers\vadmulti.sys"
Wed 4 Aug 2004 11,325 ..SHR --- "C:\WINDOWS\system32\drivers\vchnt5.dll"
Thu 29 Aug 2002 58,112 A.SHR --- "C:\WINDOWS\system32\drivers\vdmindvd.sys"
Tue 3 Aug 2004 20,992 A.SHR --- "C:\WINDOWS\system32\drivers\vga.sys"
Tue 3 Aug 2004 42,240 ..SHR --- "C:\WINDOWS\system32\drivers\viaagp.sys"
Tue 3 Aug 2004 79,744 A.SHR --- "C:\WINDOWS\system32\drivers\videoprt.sys"
Tue 3 Aug 2004 52,352 A.SHR --- "C:\WINDOWS\system32\drivers\volsnap.sys"
Tue 3 Aug 2004 13,568 ..SHR --- "C:\WINDOWS\system32\drivers\wacompen.sys"
Tue 3 Aug 2004 11,807 ..SHR --- "C:\WINDOWS\system32\drivers\wadv07nt.sys"
Tue 3 Aug 2004 11,295 ..SHR --- "C:\WINDOWS\system32\drivers\wadv08nt.sys"
Tue 3 Aug 2004 11,871 ..SHR --- "C:\WINDOWS\system32\drivers\wadv09nt.sys"
Tue 3 Aug 2004 11,935 ..SHR --- "C:\WINDOWS\system32\drivers\wadv11nt.sys"
Tue 3 Aug 2004 34,560 A.SHR --- "C:\WINDOWS\system32\drivers\wanarp.sys"
Tue 3 Aug 2004 22,271 ..SHR --- "C:\WINDOWS\system32\drivers\watv06nt.sys"
Tue 3 Aug 2004 25,471 ..SHR --- "C:\WINDOWS\system32\drivers\watv10nt.sys"
Tue 14 Jun 2005 104,576 A.SHR --- "C:\WINDOWS\system32\drivers\wceusbsh.sys"
Wed 14 Jun 2006 82,944 A.SHR --- "C:\WINDOWS\system32\drivers\wdmaud.sys"
Thu 29 Aug 2002 4,352 A.SHR --- "C:\WINDOWS\system32\drivers\wmilib.sys"
Wed 18 Oct 2006 38,528 A.SHR --- "C:\WINDOWS\system32\drivers\wpdusb.sys"
Thu 29 Aug 2002 12,032 A.SHR --- "C:\WINDOWS\system32\drivers\ws2ifsl.sys"
Tue 3 Aug 2004 19,328 A.SHR --- "C:\WINDOWS\system32\drivers\wstcodec.sys"
Mon 26 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Sun 11 Jan 2004 1,740 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Sun 11 Jan 2004 274,904 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Sun 11 Jan 2004 158,410 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\IAM.reg"
Fri 28 Jan 2005 73,728 A.SH. --- "C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe"
Tue 3 Aug 2004 10,624 A.SHR --- "C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\gameenum.sys"
Finished!
orcmeister
2007-10-26, 00:49
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:24 PM, on 25/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\system32\wauservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
D:\nokia6600\connmngmntbox.exe
D:\nokia6600\ectaskscheduler.exe
D:\NOKIA6~2\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\NOKIA6~2\BROADC~1.EXE
D:\NOKIA6~2\SCRFS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavigate.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavigate.com/search.php?qq=%1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Powermarks - {6172E460-FAE3-11D2-B494-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntiSpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Windows Audio Service] wauservice.exe
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: STOPzilla.lnk = C:\Program Files\STOPzilla!\STOPzilla.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {CF9DFC05-9367-45E0-81C0-9C27077F0B79} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CF9DFC05-9367-45E0-81C0-9C27077F0B79} - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 11864 bytes
Hi again, we'll continue :)
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
==================
Stop the following processes using Task Manager (press ctrl+alt+del, select the Processes tab, highlight the first process in the list and click End Process). Continue through the list (one at a time) until all processes have been ended. If something isn't found, please continue with the next process in the list.
wauservice.exe
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavigate.com/search.php?qq=%1
O2 - BHO: Powermarks - {6172E460-FAE3-11D2-B494-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll (file missing)
O4 - HKLM\..\Run: [Windows Audio Service] wauservice.exe
O9 - Extra button: Microsoft AntiSpyware helper - {CF9DFC05-9367-45E0-81C0-9C27077F0B79} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CF9DFC05-9367-45E0-81C0-9C27077F0B79} - (no file) (HKCU)
Open HijackThis.
Open the Misc Tools section
Delete a file on Reboot
Copy the following line to the filenamebox and press Open; C:\WINDOWSsystem32\wauservice.exe
Answer Yes
Reboot the computer if it isn't restarted automatically
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
orcmeister
2007-10-27, 05:15
HoTMaiL[3].htm;C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\D4RB68Z3;Win32.HLLM.Graz;Deleted.;
HoTMaiL[9].htm;C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\D4RB68Z3;Win32.HLLM.Graz;Deleted.;
HoTMaiL[4].htm;C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\F33TL5FG;Win32.HLLM.Graz;Deleted.;
HoTMaiL[1].htm;C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\GT44B9FG;Win32.HLLM.Graz;Deleted.;
HoTMaiL[1].htm;C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\JH1448G4;Win32.HLLM.Graz;Deleted.;
MY0ACAZHRYFQCAMS4L1FCA3PI788CAWZMT5WCAW3LZS7CAN97U5ZCA9MLHKWCAQGPZOPCAWQKKFYCAW7MVFZCAPSP3VDCA6T5JTGCAH4A8DHCATJDTKQCA58OFB8CAK;C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\L6JU83JW;Win32.HLLM.Graz;Deleted.;
HoTMaiL[3].htm;C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\OADJW49H;Win32.HLLM.Graz;Deleted.;
HoTMaiL[4].htm;C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\RS7E2A32;Win32.HLLM.Graz;Deleted.;
HoTMaiL[5].htm;C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\TKZHANM5;Win32.HLLM.Graz;Deleted.;
HoTMaiL[10].htm;C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\TROMKTE4;Win32.HLLM.Graz;Deleted.;
HoTMaiL[1].htm;C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\UHFPN3L7;Win32.HLLM.Graz;Deleted.;
HoTMaiL[11].htm;C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\Z8NE0SQW;Win32.HLLM.Graz;Deleted.;
mirc.exe;C:\Documents and Settings\Thomas\Start Menu\Programs;Program.mIRC.616;Incurable.Moved.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.616;Incurable.Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0103106.reg;C:\System Volume Information\_restore{60D113A7-D7DF-4EE5-B1B6-729269819161}\RP750;Trojan.StartPage.1505;Deleted.;
A0103163.reg;C:\System Volume Information\_restore{60D113A7-D7DF-4EE5-B1B6-729269819161}\RP751;Trojan.StartPage.1505;Deleted.;
orcmeister
2007-10-27, 05:16
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:41 PM, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wauservice.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
D:\nokia6600\connmngmntbox.exe
D:\nokia6600\ectaskscheduler.exe
D:\NOKIA6~2\Elogerr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\NOKIA6~2\BROADC~1.EXE
D:\NOKIA6~2\SCRFS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavigate.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavigate.com/search.php?qq=%1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {6172E460-FAE3-11D2-B494-004005A47AAA} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntiSpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Audio Service] wauservice.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: STOPzilla.lnk = C:\Program Files\STOPzilla!\STOPzilla.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 10942 bytes
Hi :)
Did you fix the HijackThis entries I listed in my last instruction? If not please fix and post a fresh HijackThis log :bigthumb:
orcmeister
2007-10-27, 22:18
Sorry I thought I cleaned the selections...but maybe I didnt.....:sad:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:15 PM, on 27/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
D:\nokia6600\connmngmntbox.exe
D:\nokia6600\ectaskscheduler.exe
D:\NOKIA6~2\Elogerr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\NOKIA6~2\BROADC~1.EXE
D:\NOKIA6~2\SCRFS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {6172E460-FAE3-11D2-B494-004005A47AAA} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntiSpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: STOPzilla.lnk = C:\Program Files\STOPzilla!\STOPzilla.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 10161 bytes
Ok looks pretty good :)
How is the computer running?
Fix this leftover with HijackThis:
O2 - BHO: (no name) - {6172E460-FAE3-11D2-B494-004005A47AAA} - (no file)
orcmeister
2007-10-28, 21:51
I fixed the last selection..... It seems to be runnign fine the main problem was with msn messenger it kept running backdoor messages to my contact list to spread it around....I ran kaspersky scan again and it said there was still a virus, but the process' look clean. Is this a problem?
Hi :)
Can you remember the location of the virus?
orcmeister
2007-10-31, 01:09
Hi,
yes the location was drive C, so I did a scan of the drive and here is the report.
http://rapidshare.com/files/66373547/kasper.txt.html
Hi :)
Ok you have some infections in quarantine and the temp folders...
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Post a one more HijackThis log
orcmeister
2007-11-01, 21:47
Hi, I ran the ATF cleaner and here is the HJT log,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:33 PM, on 01/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
D:\nokia6600\connmngmntbox.exe
D:\nokia6600\ectaskscheduler.exe
C:\WINDOWS\System32\svchost.exe
D:\NOKIA6~2\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Messenger\msmsgs.exe
D:\NOKIA6~2\BROADC~1.EXE
D:\NOKIA6~2\SCRFS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntiSpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: STOPzilla.lnk = C:\Program Files\STOPzilla!\STOPzilla.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by140fd.bay140.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 10078 bytes
Hi again, it is looking clean now :)
You can remove the tools we used.
Then you should update your Java to the latest version (6u3) Start
Control Panel
Add/Remove Programs
Delete the old Java,
J2SE Runtime Environment 5.0 Update 2
Download the latest version of Java Runtime Environment (JRE) 6u3 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it
Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
=============
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)
Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.
Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
This topic has been moved to archives.
If you need the thread re-opened, please send me a private message (pm) and provide a link.
Applies only to the original poster, anyone else with similar problems please start your own topic.
Thank you Mr_JAk3.