Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

allanparker1

4 Posts

1836

December 29th, 2008 12:00

Pop Ups and misc audio comercials playing

I ran hijackthis along with a few other malware program to get rid of random pop ups and random audios that

play on my computer all day long. The are always the same 2 or 3 audios and pop ups. The following find the log

from HJT:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:47 PM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpamButcher\spambutcher.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\u2bk7mM4.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.3.13&build=Symantec&a=00000082.00000003.00000008&b=00000082.00000006.0000000c&c=00000082.00000007.0000000f&d=00000082.00000045.00000119&e=00000082.00000045.0000011b&f=00000083.00000028.000000D8&g=00000083.0000002C.000000E2.DMTemp
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11026 bytes

bamajim

10.4K Posts

December 30th, 2008 07:00



allanparker1

1. Go HERE and download File Lister.
  • Save it to your Desktop
    Rt Click ->> Extract all ->> And extract it to your Desktop
    Additional help on extracting zip files can be found HERE
    Open the File Lister Folder.
    Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
    As the program runs, it will appear that nothing is happening.
    When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

allanparker1

4 Posts

December 31st, 2008 10:00

Per your request here is File.txt

 

+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.4
+
+  By bamajim / bamajim.com
+
+++++++++++++++++++++++++++++++++


Report ran on --->>>  12/31/2008 8:50:01 AM

====== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"mcagent_exe"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe /runkey"
"Carbonite Backup"="C:\\Program Files\\Carbonite\\Carbonite Backup\\CarboniteUI.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""


====== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"


====== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======

12/31/2008 8:50:01 AM    1059    32    C:\Files.txt
12/28/2008 2:42:50 PM    1072766976    38    C:\hiberfil.sys
12/11/2008 3:03:39 AM    4114976    C:\WINDOWS\$NtUninstallKB952069_WM9$
12/11/2008 3:03:39 AM    625184    C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst
12/11/2008 3:03:21 AM    871202    C:\WINDOWS\$NtUninstallKB954600$
12/11/2008 3:03:21 AM    624388    C:\WINDOWS\$NtUninstallKB954600$\spuninst
12/11/2008 3:11:30 AM    685582    C:\WINDOWS\$NtUninstallKB955839$
12/11/2008 3:11:30 AM    625166    C:\WINDOWS\$NtUninstallKB955839$\spuninst
12/11/2008 3:02:56 AM    909437    C:\WINDOWS\$NtUninstallKB956802$
12/11/2008 3:02:56 AM    624253    C:\WINDOWS\$NtUninstallKB956802$\spuninst
12/11/2008 4:27:55 PM    662204    C:\WINDOWS\$NtUninstallWdf01005$
12/11/2008 4:27:55 PM    662204    C:\WINDOWS\$NtUninstallWdf01005$\spuninst
12/11/2008 3:03:30 AM    11625    32    C:\WINDOWS\KB952069.log
12/11/2008 3:03:16 AM    7819    32    C:\WINDOWS\KB954600.log
12/10/2008 5:45:15 AM    34754    32    C:\WINDOWS\KB955839.log
12/10/2008 5:41:53 AM    13841    32    C:\WINDOWS\KB956802.log
12/11/2008 3:09:26 AM    26987    32    C:\WINDOWS\KB958215-IE7.log
12/18/2008 3:00:55 AM    121342    32    C:\WINDOWS\KB960714-IE7.log
12/11/2008 4:26:50 PM    9572    32    C:\WINDOWS\Wdf01005Inst.log
12/22/2008 1:29:13 PM    77824    32    C:\WINDOWS\SYSTEM32\u2bk7mM4.exe
12/22/2008 1:29:13 PM    0    32    C:\WINDOWS\SYSTEM32\u2bk7mM4.exe.a_a

====== Files under "\Administrator\Startup" Last 30 Days======


====== Files under "\All Users\Startup" Last 30 Days======


====== Folders under "\Program Files" Last 30 Days======

12/22/2008 3:58:34 PM    40857012    C:\Program Files\NoAdware
12/22/2008 3:58:34 PM    17456    C:\Program Files\NoAdware\logs
12/23/2008 2:59:35 PM    1363    C:\Program Files\NoAdware\logs\ScanLogs
12/22/2008 6:17:31 PM    518031    C:\Program Files\NoAdware\NoAdwareBackup
12/27/2008 7:24:11 AM    33752    C:\Program Files\NOS
12/27/2008 7:24:11 AM    33752    C:\Program Files\NOS\bin
12/24/2008 11:53:02 AM    1911015    C:\Program Files\Security Solutions Antispyware
12/24/2008 11:54:12 AM    9688    C:\Program Files\Security Solutions Antispyware\backups
12/27/2008 2:16:02 PM    407316    C:\Program Files\Trend Micro
12/27/2008 2:16:02 PM    407316    C:\Program Files\Trend Micro\HijackThis

====== Files under "\System32\Drivers" Last 30 Days======

12/11/2008 4:26:43 PM    21504    32    C:\WINDOWS\SYSTEM32\DRIVERS\hidserv.dll
12/11/2008 4:28:06 PM    0    34    C:\WINDOWS\SYSTEM32\DRIVERS\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
12/11/2008 4:28:11 PM    0    34    C:\WINDOWS\SYSTEM32\DRIVERS\Msft_Kernel_NuidFltr_01005.Wdf

====== Files under "\User\Local Settings\Temp" Last 30 Days======

12/31/2008 8:37:46 AM    0    34    C:\Documents and Settings\Allan Parker\Local Settings\Temp\etilqs_2QPCwjMixkLLCk5Cl8gT
12/31/2008 8:47:44 AM    14658    33    C:\Documents and Settings\Allan Parker\Local Settings\Temp\FileLister.zip
12/30/2008 8:19:57 AM    16384    32    C:\Documents and Settings\Allan Parker\Local Settings\Temp\~DF47A4.tmp

====== Files and Folders under "All Users\Application Data" Last 30 Days======

12/27/2008 7:24:11 AM    299    C:\Documents and Settings\All Users\Application Data\NOS
12/27/2008 11:54:48 AM    15360    C:\Documents and Settings\All Users\Application Data\SITEguard
12/27/2008 11:50:15 AM    580162    C:\Documents and Settings\All Users\Application Data\STOPzilla!
12/27/2008 11:50:15 AM    0    C:\Documents and Settings\All Users\Application Data\STOPzilla!\Quarantine

 ====== Possible Rootkit Scan (Note: Items listed here are not necessarily bad)======


====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

====== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}
RoboForm

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
scriptproxy

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}


====== Services ( Services that are Whitelisted are not shown) ======

 Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"  - Disabled

 CarboniteService (CarboniteService) "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe"  - Auto

 DSBrokerService (DSBrokerService) "C:\Program Files\DellSupport\brkrsvc.exe"  - Disabled

 getPlus(R) Helper (getPlus(R) Helper) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe  - Manual

 McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"  - Auto

 Intel(R) NMS (NMSSvc) C:\WINDOWS\System32\NMSSvc.exe  - Manual

 NVIDIA Display Driver Service (NVSvc) C:\WINDOWS\system32\nvsvc32.exe  - Auto


====== Running Processes ======

System Idle Process   [0]  
System   [4]  
smss.exe   [552]   \SystemRoot\System32\smss.exe
csrss.exe   [604]  
winlogon.exe   [628]   winlogon.exe
services.exe   [672]   C:\WINDOWS\system32\services.exe
lsass.exe   [684]   C:\WINDOWS\system32\lsass.exe
svchost.exe   [836]   C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe   [944]  
svchost.exe   [1048]   C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe   [1112]  
svchost.exe   [1284]  
spoolsv.exe   [1516]   C:\WINDOWS\system32\spoolsv.exe
explorer.exe   [1564]   C:\WINDOWS\Explorer.EXE
CarboniteService.exe   [184]   "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe"
McSACore.exe   [220]   "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"
mcmscsvc.exe   [356]   C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
McNASvc.exe   [508]   "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"
McProxy.exe   [872]   c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
Mcshield.exe   [1076]   C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
MpfSrv.exe   [1224]   "C:\Program Files\McAfee\MPF\MPFSrv.exe"
mcagent.exe   [1320]   c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
nvsvc32.exe   [1452]   C:\WINDOWS\system32\nvsvc32.exe
HPZipm12.exe   [1640]   C:\WINDOWS\system32\HPZipm12.exe
svchost.exe   [1712]   C:\WINDOWS\System32\svchost.exe -k imgsvc
alg.exe   [2780]  
mcsysmon.exe   [2976]   C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
CarboniteUI.exe   [3620]   "C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe"
robotaskbaricon.exe   [3700]   "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
ctfmon.exe   [3708]   "C:\WINDOWS\system32\ctfmon.exe"
spambutcher.exe   [3804]   "C:\Program Files\SpamButcher\spambutcher.exe"
msmsgs.exe   [1336]   "C:\Program Files\Messenger\msmsgs.exe" -Embedding
dllhost.exe   [1756]   C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
msdtc.exe   [2260]  
AcroRd32.exe   [10144]   "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe" /o /eo /l /b
msimn.exe   [6932]   "C:\Program Files\Outlook Express\msimn.exe"
wmplayer.exe   [11848]   "C:\Program Files\Windows Media Player\wmplayer.exe"  /prefetch:7 /Open "C:\Documents and Settings\Allan Parker\Local Settings\Temporary Internet Files\Content.IE5\S31PK9IR\Champions.wmv"
u2bk7mM4.exe   [8356]   "C:\WINDOWS\system32\u2bk7mM4.exe"
firefox.exe   [11232]   "C:\Program Files\Mozilla Firefox\firefox.exe"
vssvc.exe   [5392]   C:\WINDOWS\System32\vssvc.exe
dllhost.exe   [9576]   C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3}
WINZIP32.EXE   [988]   "C:\PROGRA~1\WINZIP\winzip32.exe" "C:\DOCUME~1\ALLANP~1\LOCALS~1\Temp\FileLister.zip"
iexplore.exe   [12276]  
wscript.exe   [6148]   "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Allan Parker\Desktop\FileLister.vbe"
wmiprvse.exe   [9820]  
wmiprvse.exe   [6048]  

====== Uninstall List From Registry ======


Adobe Flash Player ActiveX
Adobe Flash Player 10 Plugin
AI RoboForm (All Users)
Atomic Clock Sync
Canon Camera Access Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Carbonite
MetaFrame Presentation Server Web Client for Win32
Conexant SmartHSFi V92 56K DF PCI Modem
Conexant D850 56K V.9x DFVc Modem

Canon Camera Support Core Library



Canon Utilities EOS Utility

HijackThis 2.0.2
Microsoft Office Home and Student 2007
HP Document Viewer 5.3
HP Imaging Device Functions 5.3
HP Image Zone 5.3
HP Solution Center & Imaging Support Tools 5.3
HP Extended Capabilities 5.3

Microsoft Internationalized Domain Names Mitigation APIs



Microsoft Internet Explorer 5 Web Accessories
Windows Internet Explorer 7

Maxtor OneTouch
Microsoft Data Access Components KB870669








Windows Media Format SDK Hotfix - KB891122
Windows Genuine Advantage Validation Tool (KB892130)







Security Update for Step By Step Interactive Training (KB898458)




Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Internet Explorer 7 (KB928090)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows Internet Explorer 7 (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Security Update for Windows XP (KB941569)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows Internet Explorer 7 (KB960714)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework (English) v1.0.3705


Canon MovieEdit Task for ZoomBrowser EX
Mozilla Firefox (3.0.5)
McAfee SecurityCenter
Microsoft Compression Client Pack 1.0 for Windows XP









USB Storage Adapter FX (MXO)

Microsoft National Language Support Downlevel APIs
NVIDIA Display Driver
NVIDIA Drivers


Canon Utilities PhotoStitch
Intel(R) PRO Ethernet Adapter and Software
LiveUpdate (Symantec Corporation)
Canon RAW Image Task for ZoomBrowser EX
RealPlayer
Registry Mechanic 7.0
Canon RemoteCapture Task for ZoomBrowser EX

Security Solutions Antispyware 3.0.0
Adobe Flash Player 9 ActiveX
SpamButcher 2.1
TaxACT 2003
TaxACT 2004
TaxACT 2005
TaxACT 2006
TaxACT 2007
TaxACT 2008
TaxACT Virginia 2003
TaxACT Virginia 2004
TaxACT Virginia 2005
TaxACT Virginia 2006
TaxACT Virginia 2007
ThumbsPlus 7.0 SP1 Build 2234
ThumbsPlus Digicam Raw Plug-in



ThumbsPlus version 7 SP2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Notifications (KB905474)
Windows Live Safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft Works 2003 Setup Launcher
Microsoft User-Mode Driver Framework Feature Pack 1.0
Canon Utilities ZoomBrowser EX
Intel(R) PROSet II
PhotoGallery
CP_Package_Variety1
Destinations
Qualxserve Service Agreement
Dell Solution Center
Windows Installer Clean Up
3100_3200_3300trb
Dell Picture Studio - Dell Image Expert
DocumentViewer
CP_Package_Variety3
Sonic_PrimoSDK
Rhapsody Player Engine
Maxtor OneTouch
CP_Panorama1Config
Unload
TrayApp
J2SE Runtime Environment 5.0 Update 6
InstantShareDevices
WebFldrs XP
Microsoft Picture It! Photo 7.0
CP_CalendarTemplates1
MSXML 4.0 SP2 (KB927978)
HP PSC & OfficeJet 5.3.A
Microsoft Windows Journal Viewer
Dell Support
MUSICMATCH® Jukebox
3300
ProductContextNPI
FullDPAppQFolder
NewCopy_CDA
RandMap
WebReg
Aura
CP_Package_Basic1
MarketResearch
DeviceFunctionQFolder
Windows Genuine Advantage v1.3.0254.0
SkinsHP1
eSupportQFolder
Symantec Network Driver Update
DocProc
CustomerResearchQFolder
MSXML 4.0 SP2 Parser and SDK
Microsoft Visual C++ 2005 Redistributable
ParetoLogic Privacy Controls
Microsoft Works 7.0
Windows Backup Utility
DocumentViewerQFolder
CP_AtenaShokunin1Config
Microsoft Works Suite Add-in for Microsoft Word
DellSupport
MSXML 4.0 SP2 (KB954430)


HP Update
Microsoft Software Update for Web Folders  (English) 12
Microsoft Office Excel MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office PowerPoint MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Word MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (French) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (Spanish) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Compatibility Pack for the 2007 Office system
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office OneNote MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Shared Setup Metadata MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Help and Support Customization
Microsoft Office Home and Student 2007
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Visio 2007 (KB947590)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft Office system 2007 (KB956828)
Update for Office 2007 (KB946691)
Security Update for 2007 Microsoft Office System (KB951550)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Readme
ScannerCopy
CueTour
Windows Defender Signatures
MSXML 4.0 SP2 (KB925672)
DeviceManagementQFolder
Adobe Reader 8.1.3
AiO_Scan_CDA
Spybot - Search & Destroy
Microsoft .NET Framework (English)
PanoStandAlone
Microsoft .NET Framework 2.0 Service Pack 1
Fax_CDA
AiOSoftwareNPI
CP_Package_Variety2
BufferChm
MSXML 4.0 SP2 (KB936181)
Scan
Dr Watson for Microsoft Windows OneCare Live v1.0.0971.12
Microsoft .NET Framework 1.1
GearDrvs
Works Suite OS Pack
Dell ResourceCD
HPProductAssistant
SolutionCenter
Microsoft IntelliPoint 5.4
3100_3200_3300_Help
Status
HighMAT Extension to Microsoft Windows XP CD Writing Wizard

======== Other Info ========

TOTAL PHYSICAL RAM: 1073 MB

bamajim

10.4K Posts

December 31st, 2008 11:00


allanparker1

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop(How to extract (decompress) zipped or compressed files, help in the link here: )

2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\SYSTEM32\u2bk7mM4.exe
C:\WINDOWS\SYSTEM32\u2bk7mM4.exe.a_a

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Select Load Script
  • Select Paste from Clipboard
  • The information should now appear in the Open window
  • Select Execute
  • Answer Yes When prompted "Are you sure you want to execute the current script?"

4. The Avenger will automatically do the following:
  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log

allanparker1

4 Posts

January 1st, 2009 05:00

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\SYSTEM32\u2bk7mM4.exe" deleted successfully.
File "C:\WINDOWS\SYSTEM32\u2bk7mM4.exe.a_a" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Fresh HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:16 AM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpamButcher\spambutcher.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.3.13&build=Symantec&a=00000082.00000003.00000008&b=00000082.00000006.0000000c&c=00000082.00000007.0000000f&d=00000082.00000045.00000119&e=00000082.00000045.0000011b&f=00000083.00000028.000000D8&g=00000083.0000002C.000000E2.DMTemp
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Startup: SpamButcher.lnk = C:\Program Files\SpamButcher\spambutcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10964 bytes

allanparker1

4 Posts

January 2nd, 2009 11:00

That did it, I haven't seen a stray pop up or obnoxious audio in a couple of days. Thank You very much. You folks are

terrific and God bless.

 

Al Parker

bamajim

10.4K Posts

January 5th, 2009 07:00


allanparker1

That's good news

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:

  • Lets create a clean System Restore point
    the instructions are here

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of
    Java Runtime Environment (JRE) 6.u11.
    Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    Click the " Download" button to the right.
    Check the box that says: " Accept License Agreement".
    The page will refresh.
    Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    Close any programs you may have running - especially your web browser.
    Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    Click the Remove or Change/Remove button.
    Repeat as many times as necessary to remove each Java versions.
    Reboot your computer once all Java components are removed.
    Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.

Update your Anti Virus Software

Use and maintain a Firewall

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basis
  • To a disc or a USB key, not your Hardrive

You may want to read this article" So how did I get infected in the first place" by Tony Klein

surf safe

View More

View All

No Events found!

Top