Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

bbasar

8 Posts

1289

December 2nd, 2007 13:00

Need Help with removing "webcry" google search redirect

Here is my hijack this log file:
� 
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:15:51 AM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\bbasar\Desktop\HiJackThis_v2.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/local/USSC0003?from=recentsearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {158A95B4-1F79-3B06-78BF-0424CDB17C2E} - C:\Program Files\Joexccjv\hfvqfuuo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ktobcvcv] rundll32.exe "C:\Program Files\ktobcvcv\krkzqtox.dll",Init
O4 - HKLM\..\Run: [dkpizupm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dkpizupm.dll"
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/2005/avalon/key_features/ext360.html?noreloadredir
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://70.148.218.162/cab/OCXChecker_6110.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://tomleis.info/voyager/activexviewer9.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://192.168.0.5/ConnectComputer/nshelp.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://tomleis.info/Remote/msrdp.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://70.148.218.162/cab/DownloadFile_6110.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BasarGroup.local
O17 - HKLM\Software\..\Telephony: DomainName = BasarGroup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BasarGroup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BasarGroup.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
--
End of file - 10599 bytes

bamajim

10.4K Posts

December 3rd, 2007 15:00


bbasar

It will take a few runs at this to completely remove, so please be patient

1. Click here to download FindAWF.exe and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to Press any key to continue.

Select 1 and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
It may take a few minutes to complete so be patient.
When the scan is finished, a text file in notepad called AWF.txt will automatically be saved to your desktop or whatever location you ran the file from.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.














Microsoft MVP Windows-Security



"The world is what you make of it"





bbasar

8 Posts

December 3rd, 2007 16:00

Hi Bamajim,
 
Here is the new log...   unfortunately it didn't seem to find anything...
 

  Find AWF report by noahdfear �2006
               Version 1.40
The current date is: Mon 12/03/2007
The current time is: 12:54:13.46

  bak folders found
  ~~~~~~~~~~~
 
  Duplicate files of bak directory contents
  ~~~~~~~~~~~~~~~~~~~~~~~
 
  end of report

bamajim

10.4K Posts

December 3rd, 2007 17:00

bbasar

Good.

Please download Combofix and save to your desktop:
  • Note: It is important that it is saved directly to your desktop
    Close any open browsers.
    Double click on combofix.exe and follow the prompts.
    When it's finished it will produce a log.
    Post the contents of the C:\ComboFix.txt into your next reply.
    Note: Do not mouseclick combofix's window whilst it's running.
    That may cause the program to freeze/hang.
















Microsoft MVP Windows-Security



"The world is what you make of it"




bbasar

8 Posts

December 3rd, 2007 19:00

Ok here's the "combofix" log....   looks like it found some items...
 
ComboFix 07-12-02.7 - bbasar 2007-12-03 16:14:30.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.342 [GMT -5:00]
Running from: C:\Documents and Settings\bbasar\Desktop\ComboFix.exe
 * Created a new restore point
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\dkpizupm.dll
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\SecCenter\scprot4.exe.bak
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~1\?dobe\
C:\WINDOWS\Downloaded Program Files\Odyssey4
C:\WINDOWS\Downloaded Program Files\Odyssey4\dataset.dat
C:\WINDOWS\Downloaded Program Files\Odyssey4\odysseycam.exe
C:\WINDOWS\Downloaded Program Files\Odyssey4\odysseychat.dll
C:\WINDOWS\Downloaded Program Files\Odyssey4\Version.ini
C:\WINDOWS\Downloaded Program Files\Odyssey4\xcl.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\tnrtmwuk
C:\WINDOWS\system32\tnrtmwuk\bg1.gif
C:\WINDOWS\system32\tnrtmwuk\bgtop.gif
C:\WINDOWS\system32\tnrtmwuk\bottom1.gif
C:\WINDOWS\system32\tnrtmwuk\essentials.gif
C:\WINDOWS\system32\tnrtmwuk\icon1.ico
C:\WINDOWS\system32\tnrtmwuk\install1.gif
C:\WINDOWS\system32\tnrtmwuk\left1.gif
C:\WINDOWS\system32\tnrtmwuk\li.gif
C:\WINDOWS\system32\tnrtmwuk\logo.gif
C:\WINDOWS\system32\tnrtmwuk\main.htm
C:\WINDOWS\system32\tnrtmwuk\mainframe.htm
C:\WINDOWS\system32\tnrtmwuk\reinstall1.gif
C:\WINDOWS\system32\tnrtmwuk\right1.gif
C:\WINDOWS\system32\tnrtmwuk\s1.htm
C:\WINDOWS\system32\tnrtmwuk\s2.htm
C:\WINDOWS\system32\tnrtmwuk\s3.htm
C:\WINDOWS\system32\tnrtmwuk\SMTop1.gif
C:\WINDOWS\system32\tnrtmwuk\SMTop2.gif
C:\WINDOWS\system32\tnrtmwuk\SMTop3.gif
C:\WINDOWS\system32\tnrtmwuk\SMTop4.gif
C:\WINDOWS\system32\tnrtmwuk\soft1_off.gif
C:\WINDOWS\system32\tnrtmwuk\soft1_off_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft1_on.gif
C:\WINDOWS\system32\tnrtmwuk\soft1_on_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft2_off.gif
C:\WINDOWS\system32\tnrtmwuk\soft2_off_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft2_on.gif
C:\WINDOWS\system32\tnrtmwuk\soft2_on_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft3_off.gif
C:\WINDOWS\system32\tnrtmwuk\soft3_off_ext.gif
C:\WINDOWS\system32\tnrtmwuk\soft3_on.gif
C:\WINDOWS\system32\tnrtmwuk\soft3_on_ext.gif
C:\WINDOWS\system32\tnrtmwuk\softbottom_off.gif
C:\WINDOWS\system32\tnrtmwuk\softbottom_on.gif
C:\WINDOWS\system32\tnrtmwuk\softleft_off.gif
C:\WINDOWS\system32\tnrtmwuk\softleft_on.gif
C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk1.exe
C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk2.exe
C:\WINDOWS\system32\tnrtmwuk\tnrtmwuk3.exe
C:\WINDOWS\system32\tnrtmwuk\top1.gif
C:\WINDOWS\system32\tnrtmwuk\top2.gif
C:\WINDOWS\system32\tnrtmwuk\turnoff1.gif
C:\WINDOWS\system32\tnrtmwuk\turnon1.gif
.
(((((((((((((((((((((((((   Files Created from 2007-11-03 to 2007-12-03  )))))))))))))))))))))))))))))))
.
2007-12-01 21:43 . 2007-12-01 21:43   d-------- C:\WINDOWS\SDFIX
2007-12-01 19:47 . 2007-12-01 19:47   d-------- C:\VundoFix Backups
2007-12-01 19:39 . 2007-12-02 21:40   d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-27 16:22 . 2007-11-27 16:22   d-------- C:\WINDOWS\system32\DRM
2007-11-25 00:30 . 2007-12-01 22:58   d-------- C:\Program Files\Spyware Doctor
2007-11-25 00:30 . 2007-11-25 00:30   d-------- C:\Documents and Settings\bbasar\Application Data\PC Tools
2007-11-25 00:30 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-25 00:30 . 2007-11-28 10:51 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-25 00:30 . 2007-11-28 10:51 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-25 00:30 . 2007-11-28 10:51 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-25 00:30 . 2007-11-28 10:51 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-25 00:14 . 2007-12-01 19:12   d-------- C:\Program Files\Enigma Software Group
2007-11-24 14:46 . 2007-11-24 14:46   d-------- C:\Program Files\MSBuild
2007-11-24 14:41 . 2007-11-24 15:27   d-------- C:\WINDOWS\system32\XPSViewer
2007-11-24 14:40 . 2007-11-24 14:40   d-------- C:\Program Files\Reference Assemblies
2007-11-24 14:39 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-11-24 14:38 . 2007-11-24 14:38   d-------- C:\Program Files\MSXML 6.0
2007-11-24 14:30 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-11-24 14:30 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-11-24 14:30 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-11-23 18:09 . 2007-11-23 18:09   d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2007-11-23 18:08 . 2007-11-23 18:08   d-------- C:\Program Files\Siber Systems
2007-11-23 18:06 . 2007-11-23 18:06   d-------- C:\Program Files\Digital Locker Assistant
2007-11-23 10:01 . 2007-11-23 10:01   d-------- C:\Program Files\Joexccjv
2007-11-22 23:03 . 2007-11-22 23:03   d-------- C:\Program Files\Mrtcfmcr
2007-11-22 23:03 . 2007-11-22 23:03   d-------- C:\Program Files\ktobcvcv
2007-11-22 22:53 . 2007-11-22 22:53   d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-21 18:24 . 2007-11-21 18:24   d-------- C:\Program Files\BitTorrent
2007-11-21 17:55 . 2007-11-21 18:00   d-------- C:\Program Files\KaZaA
2007-11-14 17:54 . 2007-07-26 17:13 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2007-11-14 17:54 . 2007-07-26 17:13 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2007-11-05 11:41 . 2007-11-10 07:04   d-------- C:\WINDOWS\SxsCaPendDel
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 21:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-03 21:32 21 ----a-w C:\qpmd8376.bin
2007-12-03 02:30 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-02 00:41 --------- d-----w C:\Program Files\Google
2007-12-02 00:14 --------- d-----w C:\Program Files\Common Files\Cloudmark
2007-11-25 05:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 22:01 --------- d-----w C:\Documents and Settings\bbasar\Application Data\BitTorrent
2007-11-23 20:15 --------- d-----w C:\Program Files\SpeedBid
2007-11-23 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 01:08 --------- d-----w C:\Program Files\Quicken
2007-11-14 15:46 --------- d-----w C:\Program Files\SecondLife
2007-11-05 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-10-28 06:08 --------- d-----w C:\Documents and Settings\bbasar\Application Data\AdobeUM
2007-10-24 20:29 --------- d-----w C:\Program Files\Avery Dennison
2007-10-24 19:16 --------- d-----w C:\Program Files\Common Files\HP
2007-10-23 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2007-10-23 15:30 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-23 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-10-12 04:23 --------- d-----w C:\Program Files\Java
2007-10-05 02:12 --------- d-----w C:\Program Files\iTunes
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{158A95B4-1F79-3B06-78BF-0424CDB17C2E}]
2007-11-23 10:01 106496 --a------ C:\Program Files\Joexccjv\hfvqfuuo.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 21:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS\system32\nwiz.exe]
"RegistryMechanic"="" []
"LogMeIn GUI"="C:\Program Files\LogMeIn\LogMeInSystray.exe" [2006-10-06 20:55]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 C:\WINDOWS\KHALMNPR.Exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 20:34]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2007-11-30 13:47]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-11-28 10:52]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-01 19:39:41]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2006-10-06 20:56 11504 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent"
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\RaInfo.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
S3 gtermddo;gtermddo;\??\C:\DOCUME~1\bbasar\LOCALS~1\Temp\gtermddo.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{648bda7c-5a73-11db-b706-0080adc1923c}]
\Shell\AutoRun\command - G:\PdtGuide.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a3eecf9-4a79-11db-b6ff-0080adc1923c}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-02 00:59:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-03 09:15:00 C:\WINDOWS\Tasks\SpyHunter Scanner.job"
- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 16:34:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-03 16:38:49 - machine was rebooted
.
 --- E O F ---

bamajim

10.4K Posts

December 4th, 2007 18:00


bbasar

1. Open NotePad (not wordpad). Copy and paste the following into Notepad


File::
C:\qpmd8376.bin

Folder::
C:\Program Files\Joexccjv
C:\Program Files\Mrtcfmcr
C:\Program Files\ktobcvcv
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe
user posted image
  • You will be prompted to run Combofix again, Do so
    Following the same rules as indicated in my first post
    Then post the contents of the C:\ComboFix.txt log in your reply



Microsoft MVP Windows-Security



"The world is what you make of it"

bbasar

8 Posts

December 4th, 2007 19:00

Hi Bamajim...
 
Here's the new combofix log...
 
ComboFix 07-12-02.7 - bbasar 2007-12-04 15:47:09.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.462 [GMT -5:00]
Running from: C:\Documents and Settings\bbasar\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\bbasar\Desktop\CFScript.txt
 * Created a new restore point
FILE
C:\qpmd8376.bin
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Joexccjv
C:\Program Files\Joexccjv\hfvqfuuo.dll
C:\Program Files\ktobcvcv
C:\Program Files\ktobcvcv\krkzqtox.dll
C:\Program Files\Mrtcfmcr
C:\Program Files\Mrtcfmcr\fumqgmzh.dll
C:\qpmd8376.bin
.
(((((((((((((((((((((((((   Files Created from 2007-11-04 to 2007-12-04  )))))))))))))))))))))))))))))))
.
2007-12-01 21:43 . 2007-12-01 21:43   d-------- C:\WINDOWS\SDFIX
2007-12-01 19:47 . 2007-12-01 19:47   d-------- C:\VundoFix Backups
2007-12-01 19:39 . 2007-12-03 22:40   d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-27 16:22 . 2007-11-27 16:22   d-------- C:\WINDOWS\system32\DRM
2007-11-25 00:30 . 2007-12-01 22:58   d-------- C:\Program Files\Spyware Doctor
2007-11-25 00:30 . 2007-11-25 00:30   d-------- C:\Documents and Settings\bbasar\Application Data\PC Tools
2007-11-25 00:30 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-25 00:30 . 2007-11-28 10:51 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-25 00:30 . 2007-11-28 10:51 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-25 00:30 . 2007-11-28 10:51 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-25 00:30 . 2007-11-28 10:51 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-25 00:14 . 2007-12-01 19:12   d-------- C:\Program Files\Enigma Software Group
2007-11-24 14:46 . 2007-11-24 14:46   d-------- C:\Program Files\MSBuild
2007-11-24 14:41 . 2007-11-24 15:27   d-------- C:\WINDOWS\system32\XPSViewer
2007-11-24 14:40 . 2007-11-24 14:40   d-------- C:\Program Files\Reference Assemblies
2007-11-24 14:39 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-11-24 14:38 . 2007-11-24 14:38   d-------- C:\Program Files\MSXML 6.0
2007-11-24 14:30 . 2006-11-13 01:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-11-24 14:30 . 2006-11-13 01:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-11-24 14:30 . 2006-11-13 01:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-11-23 18:09 . 2007-11-23 18:09   d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2007-11-23 18:08 . 2007-11-23 18:08   d-------- C:\Program Files\Siber Systems
2007-11-23 18:06 . 2007-11-23 18:06   d-------- C:\Program Files\Digital Locker Assistant
2007-11-22 22:53 . 2007-11-22 22:53   d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-21 18:24 . 2007-11-21 18:24   d-------- C:\Program Files\BitTorrent
2007-11-21 17:55 . 2007-11-21 18:00   d-------- C:\Program Files\KaZaA
2007-11-14 17:54 . 2007-07-26 17:13 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll
2007-11-14 17:54 . 2007-07-26 17:13 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2007-11-05 11:41 . 2007-11-10 07:04   d-------- C:\WINDOWS\SxsCaPendDel
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 20:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-03 02:30 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-02 00:41 --------- d-----w C:\Program Files\Google
2007-12-02 00:14 --------- d-----w C:\Program Files\Common Files\Cloudmark
2007-11-25 05:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 22:01 --------- d-----w C:\Documents and Settings\bbasar\Application Data\BitTorrent
2007-11-23 20:15 --------- d-----w C:\Program Files\SpeedBid
2007-11-23 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 01:08 --------- d-----w C:\Program Files\Quicken
2007-11-14 15:46 --------- d-----w C:\Program Files\SecondLife
2007-11-05 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-10-28 06:08 --------- d-----w C:\Documents and Settings\bbasar\Application Data\AdobeUM
2007-10-24 20:29 --------- d-----w C:\Program Files\Avery Dennison
2007-10-24 19:16 --------- d-----w C:\Program Files\Common Files\HP
2007-10-23 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2007-10-23 15:30 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-23 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-10-12 04:23 --------- d-----w C:\Program Files\Java
2007-10-05 02:12 --------- d-----w C:\Program Files\iTunes
.
(((((((((((((((((((((((((((((   snapshot@2007-12-03_16.36.02.23   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-02 17:10:47 72,140 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-03 21:37:25 72,140 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-02 17:10:47 443,190 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-03 21:37:25 443,190 ----a-w C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 21:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 12:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"nwiz"="nwiz.exe" [2003-07-28 15:19 C:\WINDOWS\system32\nwiz.exe]
"RegistryMechanic"="" []
"LogMeIn GUI"="C:\Program Files\LogMeIn\LogMeInSystray.exe" [2006-10-06 20:55]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 C:\WINDOWS\KHALMNPR.Exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 20:34]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2007-11-30 13:47]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-01 19:39:41]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2006-10-06 20:56 11504 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;C:\CFusionMX\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent"
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\RaInfo.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
S3 gtermddo;gtermddo;\??\C:\DOCUME~1\bbasar\LOCALS~1\Temp\gtermddo.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{648bda7c-5a73-11db-b706-0080adc1923c}]
\Shell\AutoRun\command - G:\PdtGuide.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a3eecf9-4a79-11db-b6ff-0080adc1923c}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-02 00:59:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-04 09:15:00 C:\WINDOWS\Tasks\SpyHunter Scanner.job"
- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 15:54:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-04 15:57:16 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-03 16:38
.
 --- E O F ---

bamajim

10.4K Posts

December 4th, 2007 19:00

bbasar
 
Good work. Post a fresh Hijackthis log
 



Microsoft MVP Windows-Security



"The world is what you make of it"



bbasar

8 Posts

December 4th, 2007 20:00

Thanks Bamajim....    the redirect seems to be gone now....   You Da Man!
 
Here's the new Hijack This Log....
 
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:27, on 2007-12-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\bbasar\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/local/USSC0003?from=recentsearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/2005/avalon/key_features/ext360.html?noreloadredir
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://70.148.218.162/cab/OCXChecker_6110.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://tomleis.info/voyager/activexviewer9.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://192.168.0.5/ConnectComputer/nshelp.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://tomleis.info/Remote/msrdp.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://70.148.218.162/cab/DownloadFile_6110.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BasarGroup.local
O17 - HKLM\Software\..\Telephony: DomainName = BasarGroup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BasarGroup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BasarGroup.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
--
End of file - 9459 bytes

bamajim

10.4K Posts

December 4th, 2007 23:00

bbsar

You are most welcome. Let's look at one more thing

Please perform an Ewido Online Malware Scan


  • When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
  • Click on Start Scan.
  • after the scan completes i twill produce a log for you, copy and paste the results of that scan as a reply to this thread
  • If any infections are found, (After you save the logfile), Click on Remove Infections.









Microsoft MVP Windows-Security



"The world is what you make of it"




bbasar

8 Posts

December 5th, 2007 22:00

Name: TrackingCookie.2o7
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@2o7[1].txt
Risk: Medium
Name: TrackingCookie.Falkag
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@a.as-us.falkag[1].txt
Risk: Medium
Name: TrackingCookie.Addynamix
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@addynamix[2].txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@ads.pointroll[1].txt
Risk: Medium
Name: TrackingCookie.Specificpop
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@ads.specificpop[2].txt
Risk: Medium
Name: TrackingCookie.X10
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@ads.x10[2].txt
Risk: Medium
Name: TrackingCookie.Falkag
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@as-us.falkag[2].txt
Risk: Medium
Name: TrackingCookie.Falkag
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@as1.falkag[2].txt
Risk: Medium
Name: TrackingCookie.Bluestreak
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@bluestreak[1].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@.serving-sys[1].txt
Risk: Medium
Name: TrackingCookie.Centrport
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@centrport[2].txt
Risk: Medium
Name: TrackingCookie.Bridgetrack
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@citi.bridgetrack[2].txt
Risk: Medium
Name: TrackingCookie.Clickbank
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@clickbank[1].txt
Risk: Medium
Name: TrackingCookie.Dealtime
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@dealtime[2].txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@edge.ru4[1].txt
Risk: Medium
Name: TrackingCookie.Findwhat
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@findwhat[1].txt
Risk: Medium
Name: TrackingCookie.Hotlog
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@hotlog[1].txt
Risk: Medium
Name: TrackingCookie.Info
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@msxml.us.info[1].txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@pointroll[1].txt
Risk: Medium
Name: TrackingCookie.Questionmarket
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@questionmarket[2].txt
Risk: Medium
Name: TrackingCookie.Bridgetrack
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@rccl.bridgetrack[1].txt
Risk: Medium
Name: TrackingCookie.Real
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@realguide.real[1].txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@realmedia[1].txt
Risk: Medium
Name: TrackingCookie.Real
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@real[2].txt
Risk: Medium
Name: TrackingCookie.Revenue
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@revenue[1].txt
Risk: Medium
Name: TrackingCookie.Msn
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@search.msn[1].txt
Risk: Medium
Name: TrackingCookie.Info
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@search.us.info[1].txt
Risk: Medium
Name: TrackingCookie.Liveperson
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@server.iad.liveperson[1].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@serving-sys[2].txt
Risk: Medium
Name: TrackingCookie.Spylog
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@spylog[1].txt
Risk: Medium
Name: TrackingCookie.Dealtime
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@stat.dealtime[2].txt
Risk: Medium
Name: TrackingCookie.Onestat
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@stat.onestat[2].txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@statcounter[1].txt
Risk: Medium
Name: TrackingCookie.Trafficmp
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@trafficmp[1].txt
Risk: Medium
Name: TrackingCookie.Tribalfusion
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@tribalfusion[1].txt
Risk: Medium
Name: TrackingCookie.Info
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@us.info[2].txt
Risk: Medium
Name: TrackingCookie.Realtracker
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@web4.realtracker[1].txt
Risk: Medium
Name: TrackingCookie.Adobe
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@www.adobe[1].txt
Risk: Medium
Name: TrackingCookie.Myaffiliateprogram
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@www.myaffiliateprogram[2].txt
Risk: Medium
Name: TrackingCookie.Real
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@www.real[2].txt
Risk: Medium
Name: TrackingCookie.Enigmasoftwaregroup
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@www2.enigmasoftwaregroup[1].txt
Risk: Medium
Name: TrackingCookie.Adserver
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@z1.adserver[1].txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: G:\Tomlinson-Leis Laptop\Cookies\administrator@zedo[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@112.2o7[1].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@2o7[2].txt
Risk: Medium
Name: TrackingCookie.Abetterinternet
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@abetterinternet[1].txt
Risk: Medium
Name: TrackingCookie.Addynamix
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@ads.addynamix[1].txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@ads.pointroll[2].txt
Risk: Medium
Name: TrackingCookie.X10
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@ads.x10[1].txt
Risk: Medium
Name: TrackingCookie.Falkag
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@as-us.falkag[2].txt
Risk: Medium
Name: TrackingCookie.Bluestreak
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@bluestreak[2].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@.serving-sys[1].txt
Risk: Medium
Name: TrackingCookie.Burstnet
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@burstnet[1].txt
Risk: Medium
Name: TrackingCookie.Porngraph
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@c.porngraph[2].txt
Risk: Medium
Name: TrackingCookie.Casalemedia
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@casalemedia[2].txt
Risk: Medium
Name: TrackingCookie.Centrport
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@centrport[1].txt
Risk: Medium
Name: TrackingCookie.Bridgetrack
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@citi.bridgetrack[1].txt
Risk: Medium
Name: TrackingCookie.Cliks
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@cliks[1].txt
Risk: Medium
Name: TrackingCookie.Connextra
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@connextra[2].txt
Risk: Medium
Name: TrackingCookie.Sexcounter
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@cs.sexcounter[2].txt
Risk: Medium
Name: TrackingCookie.Valuead
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@cs.valuead[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@e-2dj6wjnyomajcep.stats.esomniture[1].txt
Risk: Medium
Name: TrackingCookie.Ru4
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@edge.ru4[1].txt
Risk: Medium
Name: TrackingCookie.Fortunecity
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@fortunecity[2].txt
Risk: Medium
Name: TrackingCookie.Gator
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@gator[2].txt
Risk: Medium
Name: TrackingCookie.Hotlog
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@hotlog[1].txt
Risk: Medium
Name: TrackingCookie.Hypertracker
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@hypertracker[1].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@overture[1].txt
Risk: Medium
Name: TrackingCookie.Paypopup
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@paypopup[2].txt
Risk: Medium
Name: TrackingCookie.Overture
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@perf.overture[1].txt
Risk: Medium
Name: TrackingCookie.Pro-market
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@pro-market[2].txt
Risk: Medium
Name: TrackingCookie.Qksrv
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@qksrv[1].txt
Risk: Medium
Name: TrackingCookie.Questionmarket
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@questionmarket[1].txt
Risk: Medium
Name: TrackingCookie.Realmedia
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@realmedia[2].txt
Risk: Medium
Name: TrackingCookie.Revenue
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@revenue[2].txt
Risk: Medium
Name: TrackingCookie.Liveperson
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@server.iad.liveperson[2].txt
Risk: Medium
Name: TrackingCookie.Serving-sys
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@serving-sys[2].txt
Risk: Medium
Name: TrackingCookie.Spylog
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@spylog[2].txt
Risk: Medium
Name: TrackingCookie.Starware
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@starware[2].txt
Risk: Medium
Name: TrackingCookie.Statcounter
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@statcounter[1].txt
Risk: Medium
Name: TrackingCookie.Reliablestats
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@stats1.reliablestats[2].txt
Risk: Medium
Name: TrackingCookie.Trafficmp
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@trafficmp[2].txt
Risk: Medium
Name: TrackingCookie.Tribalfusion
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@tribalfusion[1].txt
Risk: Medium
Name: TrackingCookie.Valuead
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@valuead[1].txt
Risk: Medium
Name: TrackingCookie.Realtracker
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@web4.realtracker[1].txt
Risk: Medium
Name: TrackingCookie.Adobe
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@www.adobe[1].txt
Risk: Medium
Name: TrackingCookie.Burstbeacon
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@www.burstbeacon[1].txt
Risk: Medium
Name: TrackingCookie.Paypopup
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@www4.paypopup[1].txt
Risk: Medium
Name: TrackingCookie.Paypopup
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@www6.paypopup[1].txt
Risk: Medium
Name: TrackingCookie.Paypopup
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@www7.paypopup[1].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlocidjeeog6dj6x9ny-1seq-2-2.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Adserver
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@z1.adserver[1].txt
Risk: Medium
Name: TrackingCookie.Zedo
Path: G:\Tomlinson-Leis Laptop\Cookies\bbasar@zedo[2].txt
Risk: Medium
Name: TrackingCookie.2o7
Path: G:\Tomlinson-Leis Laptop\Cookies\brad@2o7[1].txt
Risk: Medium
Name: TrackingCookie.Pointroll
Path: G:\Tomlinson-Leis Laptop\Cookies\brad@ads.pointroll[2].txt
Risk: Medium
Name: TrackingCookie.Questionmarket
Path: G:\Tomlinson-Leis Laptop\Cookies\brad@questionmarket[1].txt
Risk: Medium
Name: TrackingCookie.Liveperson
Path: G:\Tomlinson-Leis Laptop\Cookies\brad@server.iad.liveperson[1].txt
Risk: Medium
Name: Adware.Background
Path: G:\STORAGE FILES\Program Files\Applications\virtualmo.exe/WIN32/DSSAGENT.EXE
Risk: Medium

bbasar

8 Posts

December 5th, 2007 22:00

wow...   that one found 150 infections...   here's the log.   Guess I hadn't checked my external hard drive (G:) in a while.
 
__________________________________________________
ewido anti-spyware online scanner
  http://www.ewido.net
__________________________________________________

Name: TrackingCookie.Euroclick
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@adopt.euroclick[2].txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@anad.tacoda[1].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@e-2dj6wfk4snczebo.stats.esomniture[1].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@e-2dj6wgkyupcjmgo.stats.esomniture[1].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@e-2dj6wjk4ogcjskp.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@e-2dj6wjkyumazacp.stats.esomniture[1].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@e-2dj6wjkyuodpsgp.stats.esomniture[1].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@e-2dj6wjl4ogdjslo.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@e-2dj6wjl4wod5ilp.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@e-2dj6wjloomcjwco.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@e-2dj6wjlyqhazikp.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@e-2dj6wjmyegdjecp.stats.esomniture[1].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@e-2dj6wjnycic5mep.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@e-2dj6wjnyqncpklp.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Real
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@guide.real[2].txt
Risk: Medium
Name: TrackingCookie.Masterstats
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@image.masterstats[2].txt
Risk: Medium
Name: TrackingCookie.Info
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@info[2].txt
Risk: Medium
Name: TrackingCookie.Intelli-direct
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@intelli-direct[1].txt
Risk: Medium
Name: TrackingCookie.Real
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@realguide.real[2].txt
Risk: Medium
Name: TrackingCookie.Real
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@realsearch.real[1].txt
Risk: Medium
Name: TrackingCookie.Real
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@real[1].txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@revsci[2].txt
Risk: Medium
Name: TrackingCookie.Skype
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@skype[1].txt
Risk: Medium
Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@ssl-hints.netflame[1].txt
Risk: Medium
Name: TrackingCookie.Real
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@superpass.real[2].txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@tacoda[1].txt
Risk: Medium
Name: TrackingCookie.Web-stat
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@webstat[1].txt
Risk: Medium
Name: TrackingCookie.Adobe
Path: C:\Documents and Settings\bbasar\Cookies\bbasar@www.adobe[1].txt
Risk: Medium
Name: TrackingCookie.Co
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@ads.guardian.co[1].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@e-2dj6wflieid5kkq.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@e-2dj6wfliklcjohp.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@e-2dj6wjk4gldpkgp.stats.esomniture[1].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@e-2dj6wjmicmazoeq.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Esomniture
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@e-2dj6wjny-1iczol.stats.esomniture[2].txt
Risk: Medium
Name: TrackingCookie.Real
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@guide.real[2].txt
Risk: Medium
Name: TrackingCookie.Idot
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@idot[1].txt
Risk: Medium
Name: TrackingCookie.Masterstats
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@image.masterstats[1].txt
Risk: Medium
Name: TrackingCookie.Real
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@realguide.real[1].txt
Risk: Medium
Name: TrackingCookie.Real
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@real[2].txt
Risk: Medium
Name: TrackingCookie.Revsci
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@revsci[1].txt
Risk: Medium
Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@tacoda[2].txt
Risk: Medium
Name: TrackingCookie.Web-stat
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@webstat[1].txt
Risk: Medium
Name: TrackingCookie.Real
Path: C:\Documents and Settings\bbasar\Cookies\brad basar@www.real[1].txt
Risk: Medium
Name: Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a
Path: [512] C:\WINDOWS\system32\LMIinit.dll
Risk: Low
Name: TrackingCookie.Doubleclick
Path: :mozilla.10:C:\Documents and Settings\bbasar\Application Data\SecondLife\browser_profile\cookies.txt
Risk: Medium
Name: Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a
Path: C:\Program Files\LogMeIn\LMIinit.dll
Risk: Low
Name: Downloader.Zlob.ejm
Path: C:\qoobox\Quarantine\C\Program Files\ktobcvcv\krkzqtox.dll.vir
Risk: High
Name: Not-A-Virus.Downloader.Win32.UltimateFix.d
Path: C:\qoobox\Quarantine\C\WINDOWS\system32\tnrtmwuk\tnrtmwuk3.exe.vir
Risk: Low
Name: Not-A-Virus.Downloader.Win32.UltimateFix.d
Path: C:\System Volume Information\_restore{AA0677C8-4BF2-4D88-99E3-5586D22BD2B2}\RP16\A0011384.exe
Risk: Low
Name: Downloader.Zlob.ejm
Path: C:\System Volume Information\_restore{AA0677C8-4BF2-4D88-99E3-5586D22BD2B2}\RP17\A0011584.dll
Risk: High
Name: Not-A-Virus.Downloader.Win32.SpyGame
Path: C:\WINDOWS\Downloaded Program Files\gsda.dll
Risk: Low
Name: Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a
Path: C:\WINDOWS\system32\LMIinit.dll
Risk: Low
 
 

bamajim

10.4K Posts

December 5th, 2007 22:00

bbsar
 
Good job. Post a fresh Hijackthis log
 
And in your reply give me an update on how your pc is running now?
 



Microsoft MVP Windows-Security



"The world is what you make of it"



bbasar

8 Posts

December 8th, 2007 23:00

Hi Bamajim,
 
Sorry for the delay...   here is the new Hijack This Log.  As far as the computer....   I no longer get the web search redirect, however some of my programs seem to run a little slower lately...  not sure if that has anything to do with this or not...   other than that all is good.   Very happy to have the redirect fixed...  that was becoming very frusterating.   Thanks.
 
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:43:08 PM, on 12/08/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\bbasar\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/local/USSC0003?from=recentsearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://www.toyota.com/vehicles/2005/avalon/key_features/ext360.html?noreloadredir
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://70.148.218.162/cab/OCXChecker_6110.cab
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - http://tomleis.info/voyager/activexviewer9.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://192.168.0.5/ConnectComputer/nshelp.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - https://tomleis.info/Remote/msrdp.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://70.148.218.162/cab/DownloadFile_6110.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BasarGroup.local
O17 - HKLM\Software\..\Telephony: DomainName = BasarGroup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BasarGroup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BasarGroup.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
--
End of file - 9900 bytes

bamajim

10.4K Posts

December 10th, 2007 12:00


bbasar

Running slow can be caused by serval things, most of them not infection related, let's do this.

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.


  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced." deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.

Then reboot your PC. And let me know how that works




















Microsoft MVP Windows-Security



"The world is what you make of it"




Was this post helpful?

View All

0 events found

No Events found!

Top