system alert pop up in system tray

Computing.Net > Forums > Security and Virus > system alert pop up in system tray

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

system alert pop up in system tray

Name: shailu_2378
Date: November 10, 2007 at 12:29:01 Pacific
OS: win xp media 2005
CPU/Ram: 160gb
Product: w3503 emachines

Comment:

hi thr i have a problem since yesterday i have system alert popping up in sys tray to download some software i have run antivirus and aol spyware but no use i really wanna get out of it plzzzzzz help

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: November 10, 2007 at 12:41:38 Pacific

Reply:

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Please download and install the latest version of HijackThis v2.0.2:
Download the HijackThis Installer from this link: HijackThis
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

-1

Response Number 2

Name: shailu_2378
Date: November 10, 2007 at 12:46:27 Pacific

Reply:

hi this is the lof file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:53 PM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispa...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.as...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_c...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.as...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_c...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlay...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/n...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O22 - SharedTaskScheduler: bothrops - {1977ce08-a38f-43db-a856-f4aa6122131b} - C:\WINDOWS\system32\xovdzz.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
--
End of file - 10073 bytes

Response Number 3

Name: shailu_2378
Date: November 10, 2007 at 12:50:46 Pacific

Reply:

and yes when i triwed clickin on the first link "smitfraud" something it showed me some "prcviewer" and was removed automatically saying potentially unwanted program i dunno why but it was removed

Response Number 4

Name: jabuck
Date: November 10, 2007 at 13:14:40 Pacific

Reply:

I believe the McAfee realtime scanner is interfering with the fix.
Click The McAfee "M" in the systray, scroll down to "McAfee Real-time Scanner" and disable it. Leave it disabled untill we get your computer clean.
Then run Smitfruadfix again, remember Only option #1.
If Smitfruadfix will not run uninstall it and download it again then run it.

Response Number 5

Name: shailu_2378
Date: November 10, 2007 at 13:37:15 Pacific

Reply:

hi i dnt see anywhere realtime scanner plz plz give info in detail thnx in advance

activex pop up in outlook Microsoft LifeCam VX-700 security alert pop up	window pop ups on system tray system interrupt controller DATE AND TIME don't pop up in system tray
See More

Response Number 6

Name: shailu_2378
Date: November 10, 2007 at 13:48:25 Pacific

Reply:

well i tried a lot but to no avail i could open tht smitfruad folder any other way

Response Number 7

Name: shailu_2378
Date: November 10, 2007 at 13:52:14 Pacific

Reply:

the software tht is popping up is "antivirgear"

Response Number 8

Name: shailu_2378
Date: November 10, 2007 at 14:22:35 Pacific

Reply:

ComboFix 07-11-08.1 - Owner 2007-11-10 17:12:05.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KT4QECRT\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
.
2007-11-10 17:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 15:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-10 14:07 <DIR> d-------- C:\WINDOWS\pss
2007-11-10 01:07 <DIR> d-------- C:\Program Files\Video Add-on
2007-10-28 18:11 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-10-28 16:55 <DIR> d-------- C:\Program Files\Aimersoft
2007-10-24 10:21 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-10-24 10:21 <DIR> d-------- C:\Program Files\Winamp Remote
2007-10-24 10:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2007-10-24 10:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-10-24 10:20 <DIR> d-------- C:\Program Files\Winamp
2007-10-24 10:20 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2007-10-21 09:45 <DIR> d-------- C:\Program Files\XviD
2007-10-21 09:44 <DIR> d-------- C:\Program Files\Gabest
2007-10-21 09:44 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-10-20 20:08 158,456 --------- C:\WINDOWS\system32\pxwma.dll
2007-10-19 20:49 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-10-19 20:45 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-10-19 20:35 <DIR> d-------- C:\Program Files\Real
2007-10-19 20:31 338,944 --a------ C:\WINDOWS\rp11_Activator.exe
2007-10-18 10:15 <DIR> d-------- C:\Downloads
2007-10-17 17:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
2007-10-17 17:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Image Zone Express
2007-10-13 17:26 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-10-13 17:25 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-10-12 16:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-10-12 14:24 <DIR> d-------- C:\Documents and Settings\Owner\Shared
2007-10-12 14:24 <DIR> d-------- C:\Documents and Settings\Owner\Incomplete
2007-10-12 14:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-10-11 19:43 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll
2007-10-11 19:43 25,244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2007-10-11 19:43 5,600 --a------ C:\WINDOWS\system\winaspi.dll
2007-10-11 19:43 4,672 --a------ C:\WINDOWS\system\wowpost.exe
2007-10-10 21:50 2,560 --a------ C:\WINDOWS\_MSRSTRT.exe
2007-10-10 20:19 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-10 20:18 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 19:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2007-11-10 14:10 --------- d-----w C:\Program Files\McAfee
2007-11-01 02:19 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-20 01:45 --------- d-----w C:\Program Files\Common Files\Real
2007-10-20 01:35 --------- d-----w C:\Program Files\Google
2007-10-20 01:04 --------- d-----w C:\Program Files\Viewpoint
2007-10-20 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-18 15:20 --------- d-----w C:\Program Files\Yahoo!
2007-10-15 04:09 --------- d-----w C:\Program Files\Common Files\NSV
2007-10-13 22:25 --------- d-----w C:\Program Files\Realtek
2007-10-12 13:50 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-10-11 19:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Slide
2007-10-10 16:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\CyberLink
2007-10-09 20:22 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-09 18:31 --------- d-----w C:\Program Files\Zune
2007-10-09 18:31 --------- d-----w C:\Program Files\DIFX
2007-10-09 18:30 --------- d-----w C:\Program Files\Common Files\ComponentOne
2007-10-07 22:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\eFax Messenger
2007-10-07 18:15 --------- d-----w C:\Program Files\America Online 9.0
2007-10-05 04:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-10-05 04:00 --------- d-----w C:\Program Files\iTunes
2007-10-05 03:59 --------- d-----w C:\Program Files\iPod
2007-10-05 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-05 03:56 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-05 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-29 20:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2007-09-27 01:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\ppStream
2007-09-27 01:30 --------- d-----w C:\Program Files\MSN Messenger
2007-09-25 14:34 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-09-23 04:31 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-22 03:13 --------- d-----w C:\Program Files\Common Files\logishrd
2007-09-22 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-09-13 03:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\Talkback
2007-09-13 03:54 --------- d-----w C:\Program Files\DivX
2007-09-10 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-09-10 18:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 15:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BF8E0C-886D-4103-8DDB-2DFE0E8A0168}]
2007-11-10 14:29 12800 --a------ C:\Program Files\Video Add-on\isfmdl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 15:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 15:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-19 20:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1977ce08-a38f-43db-a856-f4aa6122131b}"= C:\WINDOWS\system32\xovdzz.dll [2007-11-04 09:13 12800]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RTHDCPL"=RTHDCPL.EXE
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{26AC2EC6-37B3-F6AA-28B0-9BE785507068}]
C:\WINDOWS:svhosts.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 22:18:54 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-08-15 05:43:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-11-01 05:00:19 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 17:15:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-10 17:17:31
.
--- E O F ---
well i tried this i have no idea wht it is?

Response Number 9

Name: jabuck
Date: November 10, 2007 at 14:36:44 Pacific

Reply:

Lets try a different method.
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
C:\Program Files\Video Add-on\isfmdl.dll
C:\WINDOWS\system32\xovdzz.dll
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\isfmm.exe
Folder::
C:\Program Files\Video Add-on
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1977ce08-a38f-43db-a856-f4aa6122131b}"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Hijack This log and a new Combofix log please.

Response Number 10

Name: shailu_2378
Date: November 10, 2007 at 15:06:04 Pacific

Reply:

ComboFix 07-11-08.1 - Owner 2007-11-10 17:53:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.84 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\cfscript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Video Add-on
C:\Program Files\Video Add-on\isfmdl.dll
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\isfun.exe
C:\Program Files\Video Add-on\uninst.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
.
2007-11-10 17:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 15:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-10 14:07 <DIR> d-------- C:\WINDOWS\pss
2007-10-28 18:11 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-10-28 16:55 <DIR> d-------- C:\Program Files\Aimersoft
2007-10-24 10:21 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-10-24 10:21 <DIR> d-------- C:\Program Files\Winamp Remote
2007-10-24 10:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2007-10-24 10:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-10-24 10:20 <DIR> d-------- C:\Program Files\Winamp
2007-10-24 10:20 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2007-10-21 09:45 <DIR> d-------- C:\Program Files\XviD
2007-10-21 09:44 <DIR> d-------- C:\Program Files\Gabest
2007-10-21 09:44 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-10-20 20:08 158,456 --------- C:\WINDOWS\system32\pxwma.dll
2007-10-19 20:49 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-10-19 20:45 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-10-19 20:35 <DIR> d-------- C:\Program Files\Real
2007-10-19 20:31 338,944 --a------ C:\WINDOWS\rp11_Activator.exe
2007-10-18 10:15 <DIR> d-------- C:\Downloads
2007-10-17 17:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
2007-10-17 17:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Image Zone Express
2007-10-13 17:26 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-10-13 17:25 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-10-12 16:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-10-12 14:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-10-11 19:43 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll
2007-10-11 19:43 25,244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2007-10-11 19:43 5,600 --a------ C:\WINDOWS\system\winaspi.dll
2007-10-11 19:43 4,672 --a------ C:\WINDOWS\system\wowpost.exe
2007-10-10 21:50 2,560 --a------ C:\WINDOWS\_MSRSTRT.exe
2007-10-10 20:19 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-10 20:18 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 19:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2007-11-10 14:10 --------- d-----w C:\Program Files\McAfee
2007-11-01 02:19 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-20 01:45 --------- d-----w C:\Program Files\Common Files\Real
2007-10-20 01:35 --------- d-----w C:\Program Files\Google
2007-10-20 01:04 --------- d-----w C:\Program Files\Viewpoint
2007-10-20 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-18 15:20 --------- d-----w C:\Program Files\Yahoo!
2007-10-15 04:09 --------- d-----w C:\Program Files\Common Files\NSV
2007-10-13 22:25 --------- d-----w C:\Program Files\Realtek
2007-10-12 13:50 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-10-11 19:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Slide
2007-10-10 16:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\CyberLink
2007-10-09 20:22 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-09 18:31 --------- d-----w C:\Program Files\Zune
2007-10-09 18:31 --------- d-----w C:\Program Files\DIFX
2007-10-09 18:30 --------- d-----w C:\Program Files\Common Files\ComponentOne
2007-10-07 22:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\eFax Messenger
2007-10-07 18:15 --------- d-----w C:\Program Files\America Online 9.0
2007-10-05 04:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-10-05 04:00 --------- d-----w C:\Program Files\iTunes
2007-10-05 03:59 --------- d-----w C:\Program Files\iPod
2007-10-05 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-05 03:56 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-05 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-29 20:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2007-09-27 01:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\ppStream
2007-09-27 01:30 --------- d-----w C:\Program Files\MSN Messenger
2007-09-25 14:34 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-09-23 04:31 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-22 03:13 --------- d-----w C:\Program Files\Common Files\logishrd
2007-09-22 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-09-13 03:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\Talkback
2007-09-13 03:54 --------- d-----w C:\Program Files\DivX
2007-09-10 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-09-10 18:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 15:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 15:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 15:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-19 20:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RTHDCPL"=RTHDCPL.EXE
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{26AC2EC6-37B3-F6AA-28B0-9BE785507068}]
C:\WINDOWS:svhosts.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 22:18:54 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-08-15 05:43:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-11-01 05:00:19 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 17:59:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-10 18:01:56 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-10 17:17
.
--- E O F ---
this is the new combofix log

Response Number 11

Name: shailu_2378
Date: November 10, 2007 at 15:10:41 Pacific

Reply:

hi well i dnt6 see tht icon anymore doea tht mean its removed or something well plz assist thnk u

Response Number 12

Name: jabuck
Date: November 10, 2007 at 15:44:26 Pacific

Reply:

One more baddie.
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\svhosts.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{26AC2EC6-37B3-F6AA-28B0-9BE785507068}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Hijack This log and a new Combofix log please.

Response Number 13

Name: shailu_2378
Date: November 10, 2007 at 18:33:31 Pacific

Reply:

ComboFix 07-11-08.1 - Owner 2007-11-10 21:27:53.5 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\svhosts.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.
2007-11-10 17:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 15:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-10 14:07 <DIR> d-------- C:\WINDOWS\pss
2007-10-28 18:11 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-10-28 16:55 <DIR> d-------- C:\Program Files\Aimersoft
2007-10-24 10:21 <DIR> d-------- C:\Program Files\Winamp Toolbar
2007-10-24 10:21 <DIR> d-------- C:\Program Files\Winamp Remote
2007-10-24 10:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2007-10-24 10:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-10-24 10:20 <DIR> d-------- C:\Program Files\Winamp
2007-10-24 10:20 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2007-10-21 09:45 <DIR> d-------- C:\Program Files\XviD
2007-10-21 09:44 <DIR> d-------- C:\Program Files\Gabest
2007-10-21 09:44 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-10-20 20:08 158,456 --------- C:\WINDOWS\system32\pxwma.dll
2007-10-19 20:49 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-10-19 20:45 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-10-19 20:35 <DIR> d-------- C:\Program Files\Real
2007-10-19 20:31 338,944 --a------ C:\WINDOWS\rp11_Activator.exe
2007-10-18 10:15 <DIR> d-------- C:\Downloads
2007-10-17 17:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
2007-10-17 17:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Image Zone Express
2007-10-13 17:26 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-10-13 17:25 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-10-12 16:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-10-12 14:24 <DIR> d-------- C:\Documents and Settings\Owner\Shared
2007-10-12 14:24 <DIR> d-------- C:\Documents and Settings\Owner\Incomplete
2007-10-12 14:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-10-11 19:43 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll
2007-10-11 19:43 25,244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2007-10-11 19:43 5,600 --a------ C:\WINDOWS\system\winaspi.dll
2007-10-11 19:43 4,672 --a------ C:\WINDOWS\system\wowpost.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 19:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2007-11-10 14:10 --------- d-----w C:\Program Files\McAfee
2007-11-04 14:13 12,800 --s-a-w C:\WINDOWS\system32\xovdzz.dll
2007-11-01 02:19 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-20 01:45 --------- d-----w C:\Program Files\Common Files\Real
2007-10-20 01:35 --------- d-----w C:\Program Files\Google
2007-10-20 01:04 --------- d-----w C:\Program Files\Viewpoint
2007-10-20 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-18 15:20 --------- d-----w C:\Program Files\Yahoo!
2007-10-15 04:09 --------- d-----w C:\Program Files\Common Files\NSV
2007-10-13 22:25 --------- d-----w C:\Program Files\Realtek
2007-10-12 13:50 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-10-11 19:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Slide
2007-10-11 01:19 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-10-11 01:17 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-10 16:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\CyberLink
2007-10-09 20:22 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-09 18:31 --------- d-----w C:\Program Files\Zune
2007-10-09 18:31 --------- d-----w C:\Program Files\DIFX
2007-10-09 18:30 --------- d-----w C:\Program Files\Common Files\ComponentOne
2007-10-07 22:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\eFax Messenger
2007-10-07 18:15 --------- d-----w C:\Program Files\America Online 9.0
2007-10-05 04:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-10-05 04:00 --------- d-----w C:\Program Files\iTunes
2007-10-05 03:59 --------- d-----w C:\Program Files\iPod
2007-10-05 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-05 03:56 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-05 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-29 20:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2007-09-27 01:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\ppStream
2007-09-27 01:30 --------- d-----w C:\Program Files\MSN Messenger
2007-09-25 14:34 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-09-23 04:31 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-22 03:13 --------- d-----w C:\Program Files\Common Files\logishrd
2007-09-22 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-09-13 03:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\Talkback
2007-09-13 03:54 --------- d-----w C:\Program Files\DivX
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 15:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 15:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 15:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-19 20:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RTHDCPL"=RTHDCPL.EXE
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 22:18:54 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-08-15 05:43:27 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-11-01 05:00:19 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 21:30:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-10 21:31:42
C:\ComboFix2.txt ... 2007-11-10 21:24
C:\ComboFix3.txt ... 2007-11-10 18:01
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:38 PM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.as...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_c...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlay...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/n...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
--
End of file - 9245 bytes

Response Number 14

Name: jabuck
Date: November 10, 2007 at 19:28:29 Pacific

Reply:

Looks a lot better, a few more things to do.
Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Exit Hijack This.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Navigate to and delete this file if found:
c:\windows\system32\BAE.dll
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Response Number 15

Name: shailu_2378
Date: November 11, 2007 at 16:08:29 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:06 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.as...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_c...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKCU\..\Run: [BigFix Client Application] C:\Program Files\BigFix\bigfix.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlay...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
--
End of file - 6308 bytes

Response Number 16

Name: jabuck
Date: November 11, 2007 at 16:52:19 Pacific

Reply:

Your Hijack This log is clean. How is the computer operating?

Response Number 17

Name: shailu_2378
Date: November 11, 2007 at 17:16:13 Pacific

Reply:

the computer is wrkin better then b4
well thank u so much i appreciate u for puting ur precious time and helping out solving the problem very grateful...

Response Number 18

Name: jabuck
Date: November 12, 2007 at 14:19:50 Pacific

Reply:

Glad we could help.

Sponsored Link

Ads by Google

Error Msgs & Random t...

Stop all traffic w/Vista ...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: system alert pop up in system tray

system alert pop up - help

Summary

www.computing.net/answers/security/system-alert-pop-up-help-/20103.html

system alert pop up

Summary

www.computing.net/answers/security/system-alert-pop-up/20478.html

system alert pop up

Summary

www.computing.net/answers/security/system-alert-pop-up/20542.html

From the Geek Dictionary
cock - In cockney dialect is a term of endearment, often used to an old and dear f...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
administrator login gone

Finding RAM for my old computer

making my tv the same screen as my monitor

screen saver

Getting off Windows XP Pro safe mode

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE