|
|
welshdragonsod
new user
Reg'd: Wed
Posts: 18
|
Re: Probs with malware, any help appreciated!
Sat Apr 26 2008 11:39 PM
|
|
|
Thanks for your time on this mate, if memory serves, you helped me with a previous problem quite a while back, most appreciated. Anyway here's the logs:
ComboFix 08-04-24.1 - Compaq_Owner 2008-04-26 22:14:38.2 - NTFSx86
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.
2008-04-25 22:25 . 2008-04-25 22:25 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-23 13:03 . 2008-04-23 13:03 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-23 13:03 . 2008-04-23 13:03 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-04-23 13:03 . 2008-04-23 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-23 12:00 . 2008-04-24 13:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-23 12:00 . 2008-04-24 13:45 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-04-23 12:00 . 2008-04-23 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-23 09:52 . 2008-04-23 11:05 <DIR> d-------- C:\fixwareout
2008-04-22 18:54 . 2008-04-22 18:54 <DIR> d-------- C:\Program Files\Share World
2008-04-13 12:11 . 2008-04-13 12:38 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\ImgBurn
2008-04-13 12:10 . 2008-04-13 12:10 <DIR> d-------- C:\Program Files\ImgBurn
2008-04-06 20:31 . 2008-04-06 20:33 197,581 --a------ C:\_crash.dmp
2008-04-02 17:05 . 2008-04-02 17:05 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\IDMComp
2008-04-02 17:04 . 2008-04-02 17:04 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2008-03-26 21:10 . 2008-03-26 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-26 21:09 . 2008-04-24 13:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 13:12 39,936 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
2008-04-25 22:40 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
2008-04-25 21:42 54,784 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
2008-04-25 21:42 3,659,776 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
2008-04-25 21:26 --------- d-----w C:\Program Files\NewsRover
2008-04-25 08:30 45,568 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
2008-04-25 08:30 3,654,656 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
2008-04-24 21:16 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
2008-04-24 21:16 3,654,144 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
2008-04-24 15:43 60,416 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2008-04-24 15:43 3,653,632 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
2008-04-24 12:40 48,128 ----a-w C:\WINDOWS\Internet Logs\xDB6E.tmp
2008-04-24 12:40 3,646,976 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
2008-04-23 21:36 40,960 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
2008-04-23 15:07 104,448 ----a-w C:\WINDOWS\Internet Logs\xDB6C.tmp
2008-04-23 11:33 3,611,136 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
2008-04-23 11:33 107,008 ----a-w C:\WINDOWS\Internet Logs\xDB6A.tmp
2008-04-23 10:14 --------- d-----w C:\Program Files\Java
2008-04-23 08:54 62,464 ----a-w C:\WINDOWS\Internet Logs\xDB68.tmp
2008-04-23 08:54 3,610,624 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp
2008-04-23 08:44 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-22 22:08 60,928 ----a-w C:\WINDOWS\Internet Logs\xDB67.tmp
2008-04-22 13:10 3,593,216 ----a-w C:\WINDOWS\Internet Logs\xDB66.tmp
2008-04-21 21:02 46,080 ----a-w C:\WINDOWS\Internet Logs\xDB64.tmp
2008-04-21 21:02 3,590,144 ----a-w C:\WINDOWS\Internet Logs\xDB65.tmp
2008-04-21 08:37 48,640 ----a-w C:\WINDOWS\Internet Logs\xDB62.tmp
2008-04-21 08:37 3,589,632 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp
2008-04-20 20:45 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB60.tmp
2008-04-20 20:45 3,589,120 ----a-w C:\WINDOWS\Internet Logs\xDB61.tmp
2008-04-20 10:30 50,688 ----a-w C:\WINDOWS\Internet Logs\xDB5E.tmp
2008-04-20 10:30 3,588,608 ----a-w C:\WINDOWS\Internet Logs\xDB5F.tmp
2008-04-19 22:04 41,984 ----a-w C:\WINDOWS\Internet Logs\xDB5C.tmp
2008-04-19 22:04 3,588,096 ----a-w C:\WINDOWS\Internet Logs\xDB5D.tmp
2008-04-19 15:37 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB5A.tmp
2008-04-19 15:37 3,587,584 ----a-w C:\WINDOWS\Internet Logs\xDB5B.tmp
2008-04-18 12:17 48,640 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp
2008-04-18 12:17 3,587,072 ----a-w C:\WINDOWS\Internet Logs\xDB59.tmp
2008-04-17 16:13 39,424 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
2008-04-17 16:12 3,586,560 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
2008-04-17 15:48 64,512 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
2008-04-17 15:48 3,586,048 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
2008-04-17 12:13 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2008-04-17 06:42 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
2008-04-17 06:42 3,584,000 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
2008-04-16 20:35 48,640 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
2008-04-16 20:35 3,583,488 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
2008-04-15 21:53 39,936 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp
2008-04-15 21:53 3,582,976 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
2008-04-15 20:37 41,472 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2008-04-15 19:08 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-04-15 14:23 51,712 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2008-04-15 14:23 3,570,176 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2008-04-15 01:13 45,056 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-04-15 01:13 3,569,664 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2008-04-14 15:15 41,984 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-04-14 12:34 40,960 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-04-14 07:57 41,984 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-04-14 07:57 3,568,128 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-04-13 19:56 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-04-13 19:56 3,567,616 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2008-04-13 13:11 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-04-13 13:11 3,567,104 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-04-13 12:02 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-04-13 12:02 3,566,592 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-04-13 11:12 58,368 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-04-13 11:12 3,567,616 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-04-12 23:28 47,616 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-04-12 23:28 3,560,960 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-04-11 22:05 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-04-11 12:12 40,448 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-04-11 12:12 3,559,936 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-04-11 08:33 41,472 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-04-11 08:33 3,559,424 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-04-10 20:50 53,248 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-04-10 20:50 3,558,400 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2008-04-10 09:45 46,592 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2008-04-10 09:45 3,554,816 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2008-04-10 09:35 52,224 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-04-10 09:35 3,554,304 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2008-04-09 21:09 45,056 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2008-04-09 21:09 3,553,792 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-04-09 19:30 47,616 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-04-09 19:30 3,553,280 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-04-09 09:25 41,472 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-04-09 07:23 48,128 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-04-09 07:23 3,552,256 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-04-08 20:54 55,296 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-04-08 20:54 3,533,824 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-04-08 10:38 41,984 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-04-08 10:38 3,533,312 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-04-07 23:13 49,664 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-04-07 23:12 3,532,800 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-04-07 12:56 40,960 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-04-07 08:10 43,008 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-04-07 08:10 3,531,776 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-04-07 07:12 41,984 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-04-07 07:12 3,531,264 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-04-06 19:41 47,616 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-04-06 19:41 3,530,752 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-04-06 19:33 71,658 ----a-w C:\report.zip
.
((((((((((((((((((((((((((((( snapshot@2008-04-23_14.15.05.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-23 13:07:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-26 21:01:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 16:00 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 05:05 344064]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"PCDrProfiler"="" []
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 01:50 253952]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 07:11 49152]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21 94208]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-02 01:44 98304]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"RegistryMechanic"="" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-11 10:17 949376]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 00:11 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
S3 StreamSurge;StreamSurge Driver;C:\WINDOWS\system32\DRIVERS\ss.sys []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-17 15:47:52 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-07-22 15:24:29 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 22:18:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\WINDOWS\explorer.exe [512] 0x843019B8
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 100
**************************************************************************
.
Completion time: 2008-04-26 22:20:44
ComboFix-quarantined-files.txt 2008-04-26 21:20:32
ComboFix2.txt 2008-04-23 13:16:20
Pre-Run: 36,336,226,304 bytes free
Post-Run: 36,384,256,000 bytes free
199 --- E O F --- 2008-04-09 07:18:07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38, on 2008-04-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8459 bytes
|
|
|
|
|
Probs with malware, any help appreciated!
|
welshdragonsod
|
Fri Apr 25 2008 11:59 PM
|
Re: Probs with malware, any help appreciated!
|
bricat
|
Sat Apr 26 2008 09:41 AM
|
Re: Probs with malware, any help appreciated!
|
welshdragonsod
|
Sat Apr 26 2008 11:39 PM
|
|
Re: Probs with malware, any help appreciated!
|
bricat
|
Sun Apr 27 2008 09:47 AM
|
|
Re: Probs with malware, any help appreciated!
|
welshdragonsod
|
Sun Apr 27 2008 08:13 PM
|
|
Re: Probs with malware, any help appreciated!
|
bricat
|
Mon Apr 28 2008 07:25 AM
|
|
Re: Probs with malware, any help appreciated!
|
welshdragonsod
|
Mon Apr 28 2008 10:21 PM
|
|
Re: Probs with malware, any help appreciated!
|
bricat
|
Mon Apr 28 2008 11:39 PM
|
|
Re: Probs with malware, any help appreciated!
|
welshdragonsod
|
Tue Apr 29 2008 12:43 AM
|
|
Re: Probs with malware, any help appreciated!
|
bricat
|
Tue Apr 29 2008 02:09 AM
|
|
0 registered and 14 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Thread
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Thread views: 0
|
|
|
Previous
Index
Next
Flat
Edit
Reply
Quote
