Unsolved
This post is more than 5 years old
4 Posts
0
1836
Pop Ups and misc audio comercials playing
I ran hijackthis along with a few other malware program to get rid of random pop ups and random audios that
play on my computer all day long. The are always the same 2 or 3 audios and pop ups. The following find the log
from HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:47 PM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpamButcher\spambutcher.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\u2bk7mM4.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.3.13&build=Symantec&a=00000082.00000003.00000008&b=00000082.00000006.0000000c&c=00000082.00000007.0000000f&d=00000082.00000045.00000119&e=00000082.00000045.0000011b&f=00000083.00000028.000000D8&g=00000083.0000002C.000000E2.DMTemp
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 11026 bytes
bamajim
10.4K Posts
0
December 30th, 2008 07:00
1. Go HERE and download File Lister.
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.
allanparker1
4 Posts
0
December 31st, 2008 10:00
Per your request here is File.txt
+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.4
+
+ By bamajim / bamajim.com
+
+++++++++++++++++++++++++++++++++
Report ran on --->>> 12/31/2008 8:50:01 AM
====== Values under HKLM\~\Run ======
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"mcagent_exe"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe /runkey"
"Carbonite Backup"="C:\\Program Files\\Carbonite\\Carbonite Backup\\CarboniteUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
====== Values under HKCU\~\Run ======
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
====== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======
12/31/2008 8:50:01 AM 1059 32 C:\Files.txt
12/28/2008 2:42:50 PM 1072766976 38 C:\hiberfil.sys
12/11/2008 3:03:39 AM 4114976 C:\WINDOWS\$NtUninstallKB952069_WM9$
12/11/2008 3:03:39 AM 625184 C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst
12/11/2008 3:03:21 AM 871202 C:\WINDOWS\$NtUninstallKB954600$
12/11/2008 3:03:21 AM 624388 C:\WINDOWS\$NtUninstallKB954600$\spuninst
12/11/2008 3:11:30 AM 685582 C:\WINDOWS\$NtUninstallKB955839$
12/11/2008 3:11:30 AM 625166 C:\WINDOWS\$NtUninstallKB955839$\spuninst
12/11/2008 3:02:56 AM 909437 C:\WINDOWS\$NtUninstallKB956802$
12/11/2008 3:02:56 AM 624253 C:\WINDOWS\$NtUninstallKB956802$\spuninst
12/11/2008 4:27:55 PM 662204 C:\WINDOWS\$NtUninstallWdf01005$
12/11/2008 4:27:55 PM 662204 C:\WINDOWS\$NtUninstallWdf01005$\spuninst
12/11/2008 3:03:30 AM 11625 32 C:\WINDOWS\KB952069.log
12/11/2008 3:03:16 AM 7819 32 C:\WINDOWS\KB954600.log
12/10/2008 5:45:15 AM 34754 32 C:\WINDOWS\KB955839.log
12/10/2008 5:41:53 AM 13841 32 C:\WINDOWS\KB956802.log
12/11/2008 3:09:26 AM 26987 32 C:\WINDOWS\KB958215-IE7.log
12/18/2008 3:00:55 AM 121342 32 C:\WINDOWS\KB960714-IE7.log
12/11/2008 4:26:50 PM 9572 32 C:\WINDOWS\Wdf01005Inst.log
12/22/2008 1:29:13 PM 77824 32 C:\WINDOWS\SYSTEM32\u2bk7mM4.exe
12/22/2008 1:29:13 PM 0 32 C:\WINDOWS\SYSTEM32\u2bk7mM4.exe.a_a
====== Files under "\Administrator\Startup" Last 30 Days======
====== Files under "\All Users\Startup" Last 30 Days======
====== Folders under "\Program Files" Last 30 Days======
12/22/2008 3:58:34 PM 40857012 C:\Program Files\NoAdware
12/22/2008 3:58:34 PM 17456 C:\Program Files\NoAdware\logs
12/23/2008 2:59:35 PM 1363 C:\Program Files\NoAdware\logs\ScanLogs
12/22/2008 6:17:31 PM 518031 C:\Program Files\NoAdware\NoAdwareBackup
12/27/2008 7:24:11 AM 33752 C:\Program Files\NOS
12/27/2008 7:24:11 AM 33752 C:\Program Files\NOS\bin
12/24/2008 11:53:02 AM 1911015 C:\Program Files\Security Solutions Antispyware
12/24/2008 11:54:12 AM 9688 C:\Program Files\Security Solutions Antispyware\backups
12/27/2008 2:16:02 PM 407316 C:\Program Files\Trend Micro
12/27/2008 2:16:02 PM 407316 C:\Program Files\Trend Micro\HijackThis
====== Files under "\System32\Drivers" Last 30 Days======
12/11/2008 4:26:43 PM 21504 32 C:\WINDOWS\SYSTEM32\DRIVERS\hidserv.dll
12/11/2008 4:28:06 PM 0 34 C:\WINDOWS\SYSTEM32\DRIVERS\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
12/11/2008 4:28:11 PM 0 34 C:\WINDOWS\SYSTEM32\DRIVERS\Msft_Kernel_NuidFltr_01005.Wdf
====== Files under "\User\Local Settings\Temp" Last 30 Days======
12/31/2008 8:37:46 AM 0 34 C:\Documents and Settings\Allan Parker\Local Settings\Temp\etilqs_2QPCwjMixkLLCk5Cl8gT
12/31/2008 8:47:44 AM 14658 33 C:\Documents and Settings\Allan Parker\Local Settings\Temp\FileLister.zip
12/30/2008 8:19:57 AM 16384 32 C:\Documents and Settings\Allan Parker\Local Settings\Temp\~DF47A4.tmp
====== Files and Folders under "All Users\Application Data" Last 30 Days======
12/27/2008 7:24:11 AM 299 C:\Documents and Settings\All Users\Application Data\NOS
12/27/2008 11:54:48 AM 15360 C:\Documents and Settings\All Users\Application Data\SITEguard
12/27/2008 11:50:15 AM 580162 C:\Documents and Settings\All Users\Application Data\STOPzilla!
12/27/2008 11:50:15 AM 0 C:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine
====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======
====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======
====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}
RoboForm
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
scriptproxy
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
====== Services ( Services that are Whitelisted are not shown) ======
Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe" - Disabled
CarboniteService (CarboniteService) "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" - Auto
DSBrokerService (DSBrokerService) "C:\Program Files\DellSupport\brkrsvc.exe" - Disabled
getPlus(R) Helper (getPlus(R) Helper) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe - Manual
McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" - Auto
Intel(R) NMS (NMSSvc) C:\WINDOWS\System32\NMSSvc.exe - Manual
NVIDIA Display Driver Service (NVSvc) C:\WINDOWS\system32\nvsvc32.exe - Auto
====== Running Processes ======
System Idle Process [0]
System [4]
smss.exe [552] \SystemRoot\System32\smss.exe
csrss.exe [604]
winlogon.exe [628] winlogon.exe
services.exe [672] C:\WINDOWS\system32\services.exe
lsass.exe [684] C:\WINDOWS\system32\lsass.exe
svchost.exe [836] C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe [944]
svchost.exe [1048] C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe [1112]
svchost.exe [1284]
spoolsv.exe [1516] C:\WINDOWS\system32\spoolsv.exe
explorer.exe [1564] C:\WINDOWS\Explorer.EXE
CarboniteService.exe [184] "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe"
McSACore.exe [220] "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"
mcmscsvc.exe [356] C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
McNASvc.exe [508] "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"
McProxy.exe [872] c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
Mcshield.exe [1076] C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
MpfSrv.exe [1224] "C:\Program Files\McAfee\MPF\MPFSrv.exe"
mcagent.exe [1320] c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
nvsvc32.exe [1452] C:\WINDOWS\system32\nvsvc32.exe
HPZipm12.exe [1640] C:\WINDOWS\system32\HPZipm12.exe
svchost.exe [1712] C:\WINDOWS\System32\svchost.exe -k imgsvc
alg.exe [2780]
mcsysmon.exe [2976] C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
CarboniteUI.exe [3620] "C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe"
robotaskbaricon.exe [3700] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
ctfmon.exe [3708] "C:\WINDOWS\system32\ctfmon.exe"
spambutcher.exe [3804] "C:\Program Files\SpamButcher\spambutcher.exe"
msmsgs.exe [1336] "C:\Program Files\Messenger\msmsgs.exe" -Embedding
dllhost.exe [1756] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
msdtc.exe [2260]
AcroRd32.exe [10144] "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe" /o /eo /l /b
msimn.exe [6932] "C:\Program Files\Outlook Express\msimn.exe"
wmplayer.exe [11848] "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:7 /Open "C:\Documents and Settings\Allan Parker\Local Settings\Temporary Internet Files\Content.IE5\S31PK9IR\Champions.wmv"
u2bk7mM4.exe [8356] "C:\WINDOWS\system32\u2bk7mM4.exe"
firefox.exe [11232] "C:\Program Files\Mozilla Firefox\firefox.exe"
vssvc.exe [5392] C:\WINDOWS\System32\vssvc.exe
dllhost.exe [9576] C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3}
WINZIP32.EXE [988] "C:\PROGRA~1\WINZIP\winzip32.exe" "C:\DOCUME~1\ALLANP~1\LOCALS~1\Temp\FileLister.zip"
iexplore.exe [12276]
wscript.exe [6148] "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Allan Parker\Desktop\FileLister.vbe"
wmiprvse.exe [9820]
wmiprvse.exe [6048]
====== Uninstall List From Registry ======
Adobe Flash Player ActiveX
Adobe Flash Player 10 Plugin
AI RoboForm (All Users)
Atomic Clock Sync
Canon Camera Access Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Carbonite
MetaFrame Presentation Server Web Client for Win32
Conexant SmartHSFi V92 56K DF PCI Modem
Conexant D850 56K V.9x DFVc Modem
Canon Camera Support Core Library
Canon Utilities EOS Utility
HijackThis 2.0.2
Microsoft Office Home and Student 2007
HP Document Viewer 5.3
HP Imaging Device Functions 5.3
HP Image Zone 5.3
HP Solution Center & Imaging Support Tools 5.3
HP Extended Capabilities 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internet Explorer 5 Web Accessories
Windows Internet Explorer 7
Maxtor OneTouch
Microsoft Data Access Components KB870669
Windows Media Format SDK Hotfix - KB891122
Windows Genuine Advantage Validation Tool (KB892130)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Internet Explorer 7 (KB928090)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows Internet Explorer 7 (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941569)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows Internet Explorer 7 (KB960714)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework (English) v1.0.3705
Canon MovieEdit Task for ZoomBrowser EX
Mozilla Firefox (3.0.5)
McAfee SecurityCenter
Microsoft Compression Client Pack 1.0 for Windows XP
USB Storage Adapter FX (MXO)
Microsoft National Language Support Downlevel APIs
NVIDIA Display Driver
NVIDIA Drivers
Canon Utilities PhotoStitch
Intel(R) PRO Ethernet Adapter and Software
LiveUpdate (Symantec Corporation)
Canon RAW Image Task for ZoomBrowser EX
RealPlayer
Registry Mechanic 7.0
Canon RemoteCapture Task for ZoomBrowser EX
Security Solutions Antispyware 3.0.0
Adobe Flash Player 9 ActiveX
SpamButcher 2.1
TaxACT 2003
TaxACT 2004
TaxACT 2005
TaxACT 2006
TaxACT 2007
TaxACT 2008
TaxACT Virginia 2003
TaxACT Virginia 2004
TaxACT Virginia 2005
TaxACT Virginia 2006
TaxACT Virginia 2007
ThumbsPlus 7.0 SP1 Build 2234
ThumbsPlus Digicam Raw Plug-in
ThumbsPlus version 7 SP2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Live Safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft Works 2003 Setup Launcher
Microsoft User-Mode Driver Framework Feature Pack 1.0
Canon Utilities ZoomBrowser EX
Intel(R) PROSet II
PhotoGallery
CP_Package_Variety1
Destinations
Qualxserve Service Agreement
Dell Solution Center
Windows Installer Clean Up
3100_3200_3300trb
Dell Picture Studio - Dell Image Expert
DocumentViewer
CP_Package_Variety3
Sonic_PrimoSDK
Rhapsody Player Engine
Maxtor OneTouch
CP_Panorama1Config
Unload
TrayApp
J2SE Runtime Environment 5.0 Update 6
InstantShareDevices
WebFldrs XP
Microsoft Picture It! Photo 7.0
CP_CalendarTemplates1
MSXML 4.0 SP2 (KB927978)
HP PSC & OfficeJet 5.3.A
Microsoft Windows Journal Viewer
Dell Support
MUSICMATCH® Jukebox
3300
ProductContextNPI
FullDPAppQFolder
NewCopy_CDA
RandMap
WebReg
Aura
CP_Package_Basic1
MarketResearch
DeviceFunctionQFolder
Windows Genuine Advantage v1.3.0254.0
SkinsHP1
eSupportQFolder
Symantec Network Driver Update
DocProc
CustomerResearchQFolder
MSXML 4.0 SP2 Parser and SDK
Microsoft Visual C++ 2005 Redistributable
ParetoLogic Privacy Controls
Microsoft Works 7.0
Windows Backup Utility
DocumentViewerQFolder
CP_AtenaShokunin1Config
Microsoft Works Suite Add-in for Microsoft Word
DellSupport
MSXML 4.0 SP2 (KB954430)
HP Update
Microsoft Software Update for Web Folders (English) 12
Microsoft Office Excel MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office PowerPoint MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Word MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (French) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (Spanish) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Compatibility Pack for the 2007 Office system
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office OneNote MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Shared Setup Metadata MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Help and Support Customization
Microsoft Office Home and Student 2007
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Visio 2007 (KB947590)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft Office system 2007 (KB956828)
Update for Office 2007 (KB946691)
Security Update for 2007 Microsoft Office System (KB951550)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Readme
ScannerCopy
CueTour
Windows Defender Signatures
MSXML 4.0 SP2 (KB925672)
DeviceManagementQFolder
Adobe Reader 8.1.3
AiO_Scan_CDA
Spybot - Search & Destroy
Microsoft .NET Framework (English)
PanoStandAlone
Microsoft .NET Framework 2.0 Service Pack 1
Fax_CDA
AiOSoftwareNPI
CP_Package_Variety2
BufferChm
MSXML 4.0 SP2 (KB936181)
Scan
Dr Watson for Microsoft Windows OneCare Live v1.0.0971.12
Microsoft .NET Framework 1.1
GearDrvs
Works Suite OS Pack
Dell ResourceCD
HPProductAssistant
SolutionCenter
Microsoft IntelliPoint 5.4
3100_3200_3300_Help
Status
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
======== Other Info ========
TOTAL PHYSICAL RAM: 1073 MB
bamajim
10.4K Posts
0
December 31st, 2008 11:00
1. Please download The Avenger by Swandog46 to your Desktop.
2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):
Files to delete:
C:\WINDOWS\SYSTEM32\u2bk7mM4.exe
C:\WINDOWS\SYSTEM32\u2bk7mM4.exe.a_a
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
4. The Avenger will automatically do the following:
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log
allanparker1
4 Posts
0
January 1st, 2009 05:00
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\SYSTEM32\u2bk7mM4.exe" deleted successfully.
File "C:\WINDOWS\SYSTEM32\u2bk7mM4.exe.a_a" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Fresh HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:16 AM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpamButcher\spambutcher.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.3.13&build=Symantec&a=00000082.00000003.00000008&b=00000082.00000006.0000000c&c=00000082.00000007.0000000f&d=00000082.00000045.00000119&e=00000082.00000045.0000011b&f=00000083.00000028.000000D8&g=00000083.0000002C.000000E2.DMTemp
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10964 bytes
allanparker1
4 Posts
0
January 2nd, 2009 11:00
That did it, I haven't seen a stray pop up or obnoxious audio in a couple of days. Thank You very much. You folks are
terrific and God bless.
Al Parker
bamajim
10.4K Posts
0
January 5th, 2009 07:00
That's good news
You may now remove/delete/uninstall the tools we used to clean your PC
Now that your log is clean
There are some final notes:
the instructions are here
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
Java Runtime Environment (JRE) 6.u11.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the " Download" button to the right.
Check the box that says: " Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.
Update your Anti Virus Software
Use and maintain a Firewall
Visit Microsoft's Windows Update Site Frequently for critical updates
Backup your Important Documents and Files on a regular basis
You may want to read this article" So how did I get infected in the first place" by Tony Klein
surf safe