CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 934
Comments: 25
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

[IN PROGRESS]Computer is infected please help with Hijackthis log
Goto page 1, 2  Next
 
Post new topic   Reply to topic       All -> FavForums -> Trend Micro HijackThis Logs [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
cyberbear2

Trooper
Trooper


Joined: Jun 23, 2008
Posts: 14
Location: USA
PostPosted: Tue Jun 24, 2008 12:22 am    Post subject: Computer is infected please help with Hijackthis log
Reply with quote

A friend gave me his computer to take a look at and I believe it's infected. I have run several scans and removed some files but it is still running very slow and the internet explorer browser is trying to add advertising sites to the trusted zones (shdoclc.dll). Please help.

I have run scans wih the following programs.
AVG
Ad-Aware
Spybot
Malware bytes
Combofix
Trojan Hunter
Super Anti-Spyware

Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 19:57:32, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {E6E01B02-A6F9-4EFE-A0EC-0A9666764C5C} - C:\WINDOWS\system32\jkkkhfCU.dll (file missing)
O2 - BHO: {3ed552a3-2b36-50d9-87d4-e8016d6f165f} - {f561f6d6-108e-4d78-9d05-63b23a255de3} - C:\WINDOWS\System32\jkjhsphk.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Malwarebytes log
Malwarebytes' Anti-Malware 1.18
Database version: 873

5:29:52 PM 6/23/2008
mbam-log-6-23-2008 (17-29-52).txt

Scan type: Quick Scan
Objects scanned: 42199
Time elapsed: 11 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Combofix Log

Paul Par‚ - 08-06-23 17:30:32.57 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Paul Par‚\Desktop\SWI"

((((((((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))))))


2008-06-23 14:39 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-22 20:45 <DIR> d-------- C:\Documents and Settings\Paul Par‚\Application Data\TrojanHunter
2008-06-22 20:43 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-06-20 20:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-20 20:59 <DIR> d-------- C:\Documents and Settings\Paul Par‚\Application Data\SUPERAntiSpyware.com
2008-06-20 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-20 17:56 <DIR> d-------- C:\Documents and Settings\Paul Par‚\Application Data\Malwarebytes
2008-06-20 17:55 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-06-20 17:55 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-06-20 17:55 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 20:16 1,722 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-06-18 19:48 <DIR> d-------- C:\VundoFix Backups
2008-06-18 16:52 <DIR> d-------- C:\Program Files\Softwin
2008-06-18 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-18 16:51 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-06-18 16:39 <DIR> d-------- C:\WINDOWS\Prefetch
2008-06-18 14:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-18 14:16 <DIR> d-------- C:\SDFix
2008-06-17 18:13 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-06-17 18:13 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-06-17 18:13 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-06-17 18:13 33,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-06-17 18:13 201,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2008-06-17 18:12 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-06-17 18:11 <DIR> d-------- C:\Program Files\McAfee.com
2008-06-17 18:11 <DIR> d-------- C:\Program Files\McAfee
2008-06-17 18:11 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-06-17 17:38 <DIR> d-------- C:\Documents and Settings\Paul Par‚\Application Data\Mozilla
2008-06-17 17:32 110,336 --a------ C:\WINDOWS\SYSTEM32\jkjhsphk.dll
2008-06-17 17:12 <DIR> d-------- C:\Documents and Settings\Paul Par‚\.housecall6.6
2008-06-17 16:27 <DIR> d-------- C:\Program Files\Panda Security
2008-06-17 15:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-17 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-17 15:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 15:04 <DIR> d-------- C:\Documents and Settings\Paul Par‚\Application Data\Lavasoft
2008-06-17 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-17 13:40 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-06-17 13:39 <DIR> d-------- C:\Program Files\Grisoft
2008-06-17 10:19 <DIR> d-------- C:\Program Files\hijackthis
2008-06-16 16:36 182,880 --a------ C:\WINDOWS\SYSTEM32\iuenginenew.dll
2008-06-16 16:06 <DIR> d-------- C:\Documents and Settings\Paul Par‚\Application Data\McAfee
2008-06-15 18:17 81,920 --a------ C:\WINDOWS\SYSTEM32\isign32.dll
2008-06-15 18:17 81,920 --a------ C:\WINDOWS\SYSTEM32\ils.dll
2008-06-15 18:17 73,728 --a------ C:\WINDOWS\SYSTEM32\icwdial.dll
2008-06-15 18:17 73,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sr.sys
2008-06-15 18:17 69,632 --a------ C:\WINDOWS\SYSTEM32\msconf.dll
2008-06-15 18:17 678,400 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2008-06-15 18:17 67,584 --a------ C:\WINDOWS\SYSTEM32\srclient.dll
2008-06-15 18:17 65,536 --a------ C:\WINDOWS\SYSTEM32\icwphbk.dll
2008-06-15 18:17 48,128 --a------ C:\WINDOWS\SYSTEM32\inetres.dll
2008-06-15 18:17 45,568 --a------ C:\WINDOWS\SYSTEM32\safrslv.dll
2008-06-15 18:17 43,520 --a------ C:\WINDOWS\SYSTEM32\safrcdlg.dll
2008-06-15 18:17 43,520 --a------ C:\WINDOWS\SYSTEM32\racpldlg.dll
2008-06-15 18:17 382,464 --a------ C:\WINDOWS\SYSTEM32\qmgr.dll
2008-06-15 18:17 34,560 --a------ C:\WINDOWS\SYSTEM32\mnmdd.dll
2008-06-15 18:17 32,768 --a------ C:\WINDOWS\SYSTEM32\mnmsrvc.exe
2008-06-15 18:17 32,768 --a------ C:\WINDOWS\SYSTEM32\isrdbg32.dll
2008-06-15 18:17 29,696 --a------ C:\WINDOWS\SYSTEM32\safrdm.dll
2008-06-15 18:17 28,672 --a------ C:\WINDOWS\SYSTEM32\nmmkcert.dll
2008-06-15 18:17 274,944 --a------ C:\WINDOWS\SYSTEM32\mstask.dll
2008-06-15 18:17 274,432 --a------ C:\WINDOWS\SYSTEM32\inetcfg.dll
2008-06-15 18:17 252,928 --a------ C:\WINDOWS\SYSTEM32\msoeacct.dll
2008-06-15 18:17 239,104 --a------ C:\WINDOWS\SYSTEM32\srrstr.dll
2008-06-15 18:17 190,976 --a------ C:\WINDOWS\SYSTEM32\schedsvc.dll
2008-06-15 18:17 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2008-06-15 18:17 170,496 --a------ C:\WINDOWS\SYSTEM32\srsvc.dll
2008-06-15 18:17 12,288 --a------ C:\WINDOWS\SYSTEM32\mstinit.exe
2008-06-15 18:17 105,984 --a------ C:\WINDOWS\SYSTEM32\msoert2.dll
2008-06-15 18:15 949,248 --a------ C:\WINDOWS\SYSTEM32\msdtctm.dll
2008-06-15 18:15 93,696 --a------ C:\WINDOWS\SYSTEM32\tscfgwmi.dll
2008-06-15 18:15 90,112 --a------ C:\WINDOWS\SYSTEM32\mtxoci.dll
2008-06-15 18:15 87,176 --a------ C:\WINDOWS\SYSTEM32\rdpwsx.dll
2008-06-15 18:15 85,504 --a------ C:\WINDOWS\SYSTEM32\catsrvps.dll
2008-06-15 18:15 82,432 --a------ C:\WINDOWS\SYSTEM32\comrepl.dll
2008-06-15 18:15 8,704 --a------ C:\WINDOWS\SYSTEM32\fxsperf.dll
2008-06-15 18:15 72,192 --a------ C:\WINDOWS\SYSTEM32\fxscom.dll
2008-06-15 18:15 67,072 --a------ C:\WINDOWS\SYSTEM32\rdshost.exe
2008-06-15 18:15 655,360 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2008-06-15 18:15 628,224 --a------ C:\WINDOWS\SYSTEM32\catsrvut.dll
2008-06-15 18:15 62,464 --a------ C:\WINDOWS\SYSTEM32\rdpclip.exe
2008-06-15 18:15 62,464 --a------ C:\WINDOWS\SYSTEM32\colbact.dll
2008-06-15 18:15 60,416 --a------ C:\WINDOWS\SYSTEM32\remotepg.dll
2008-06-15 18:15 6,656 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll
2008-06-15 18:15 6,656 --a------ C:\WINDOWS\SYSTEM32\fxsres.dll
2008-06-15 18:15 6,144 --a------ C:\WINDOWS\SYSTEM32\msdtc.exe
2008-06-15 18:15 58,880 --a------ C:\WINDOWS\SYSTEM32\msdtclog.dll
2008-06-15 18:15 58,880 --a------ C:\WINDOWS\SYSTEM32\licwmi.dll
2008-06-15 18:15 562,176 --a------ C:\WINDOWS\SYSTEM32\fxsst.dll
2008-06-15 18:15 56,320 --a------ C:\WINDOWS\SYSTEM32\servdeps.dll
2008-06-15 18:15 55,296 --a------ C:\WINDOWS\SYSTEM32\fxsevent.dll
2008-06-15 18:15 540,160 --a------ C:\WINDOWS\SYSTEM32\comuid.dll
2008-06-15 18:15 538,624 --a------ C:\WINDOWS\SYSTEM32\spider.exe
2008-06-15 18:15 53,080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-06-15 18:15 501,248 --a------ C:\WINDOWS\SYSTEM32\clbcatq.dll
2008-06-15 18:15 452,096 --a------ C:\WINDOWS\SYSTEM32\fxsapi.dll
2008-06-15 18:15 44,544 --a------ C:\WINDOWS\SYSTEM32\tscupgrd.exe
2008-06-15 18:15 425,472 --a------ C:\WINDOWS\SYSTEM32\msdtcprx.dll
2008-06-15 18:15 407,552 --a------ C:\WINDOWS\SYSTEM32\mstsc.exe
2008-06-15 18:15 400,384 --a------ C:\WINDOWS\SYSTEM32\fxsxp32.dll
2008-06-15 18:15 397,312 --a------ C:\WINDOWS\SYSTEM32\fxstiff.dll
2008-06-15 18:15 38,912 --a------ C:\WINDOWS\SYSTEM32\cfgbkend.dll
2008-06-15 18:15 345,088 --a------ C:\WINDOWS\SYSTEM32\hypertrm.dll
2008-06-15 18:15 343,040 --a------ C:\WINDOWS\SYSTEM32\mspaint.exe
2008-06-15 18:15 295,424 --a------ C:\WINDOWS\SYSTEM32\termsrv.dll
2008-06-15 18:15 285,184 --a------ C:\WINDOWS\SYSTEM32\fxscomex.dll
2008-06-15 18:15 27,136 --a------ C:\WINDOWS\SYSTEM32\fxsdrv.dll
2008-06-15 18:15 267,776 --a------ C:\WINDOWS\SYSTEM32\fxssvc.exe
2008-06-15 18:15 246,272 --a------ C:\WINDOWS\SYSTEM32\fxst30.dll
2008-06-15 18:15 23,552 --a------ C:\WINDOWS\SYSTEM32\fxsmon.dll
2008-06-15 18:15 23,552 --a------ C:\WINDOWS\SYSTEM32\fxsext32.dll
2008-06-15 18:15 229,888 --a------ C:\WINDOWS\SYSTEM32\catsrv.dll
2008-06-15 18:15 229,376 --a------ C:\WINDOWS\SYSTEM32\fxscover.exe
2008-06-15 18:15 21,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tdtcp.sys
2008-06-15 18:15 20,480 --a------ C:\WINDOWS\SYSTEM32\qprocess.exe
2008-06-15 18:15 196,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys
2008-06-15 18:15 192,512 --a------ C:\WINDOWS\SYSTEM32\fxswzrd.dll
2008-06-15 18:15 19,968 --a------ C:\WINDOWS\SYSTEM32\rdpsnd.dll
2008-06-15 18:15 185,344 --a------ C:\WINDOWS\SYSTEM32\cmprops.dll
2008-06-15 18:15 183,808 --a------ C:\WINDOWS\SYSTEM32\accwiz.exe
2008-06-15 18:15 17,408 --a------ C:\WINDOWS\SYSTEM32\mmfutil.dll
2008-06-15 18:15 161,280 --a------ C:\WINDOWS\SYSTEM32\msdtcuiu.dll
2008-06-15 18:15 154,112 --a------ C:\WINDOWS\SYSTEM32\fxsui.dll
2008-06-15 18:15 147,968 --a------ C:\WINDOWS\SYSTEM32\rdchost.dll
2008-06-15 18:15 143,360 --a------ C:\WINDOWS\SYSTEM32\fxsclnt.exe
2008-06-15 18:15 140,800 --a------ C:\WINDOWS\SYSTEM32\sessmgr.exe
2008-06-15 18:15 139,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdpwd.sys
2008-06-15 18:15 131,584 --a------ C:\WINDOWS\SYSTEM32\sndrec32.exe
2008-06-15 18:15 13,824 --a------ C:\WINDOWS\SYSTEM32\rdsaddin.exe
2008-06-15 18:15 123,392 --a------ C:\WINDOWS\SYSTEM32\mplay32.exe
2008-06-15 18:15 12,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tdpipe.sys
2008-06-15 18:15 110,080 --a------ C:\WINDOWS\SYSTEM32\clbcatex.dll
2008-06-15 18:15 11,776 --a------ C:\WINDOWS\SYSTEM32\xolehlp.dll
2008-06-15 18:15 11,264 --a------ C:\WINDOWS\SYSTEM32\icaapi.dll
2008-06-15 18:15 102,912 --a------ C:\WINDOWS\SYSTEM32\clipbrd.exe
2008-06-15 18:15 1,712,984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-06-15 18:15 1,251,840 --a------ C:\WINDOWS\SYSTEM32\comsvcs.dll
2008-06-15 18:12 6,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
2008-06-15 18:12 52,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
2008-06-15 18:09 57,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2008-06-15 18:08 40,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2008-06-15 18:06 74,752 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2008-06-15 18:06 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2008-06-15 18:06 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2008-06-15 18:06 11,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
2008-06-15 13:51 <DIR> d-------- C:\WINDOWS\msapps
2008-06-15 13:51 <DIR> d-------- C:\WINDOWS\java
2008-06-01 11:07 <DIR> d-------- C:\WINDOWS\pss
2008-05-31 16:36 240,619 --ahs---- C:\WINDOWS\SYSTEM32\UCfhkkkj.ini2


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-06-23 14:37 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-20 16:26 -------- d-------- C:\Program Files\Google
2008-06-18 16:51 -------- d-------- C:\Program Files\Common Files
2008-06-18 16:38 -------- d-------- C:\Program Files\Internet Explorer
2008-06-18 16:21 -------- d-------- C:\Program Files\Windows Media Player
2008-06-18 16:14 -------- d-------- C:\Program Files\NetMeeting
2008-06-18 16:14 -------- d-------- C:\Program Files\Movie Maker
2008-06-18 16:13 -------- d-------- C:\Program Files\Windows NT
2008-06-18 16:13 -------- d-------- C:\Program Files\Outlook Express
2008-06-18 16:13 -------- d-------- C:\Program Files\Common Files\System
2008-06-17 17:37 -------- d-------- C:\Program Files\Mozilla Firefox
2008-06-16 17:01 -------- d--h----- C:\Program Files\WindowsUpdate
2008-06-15 18:41 -------- d---s---- C:\Documents and Settings\Paul Par‚\Application Data\Microsoft
2008-05-31 16:33 -------- d-------- C:\Documents and Settings\Paul Par‚\Application Data\WeatherBug
2008-05-16 16:22 -------- d--h----- C:\Program Files\InstallShield Installation Information
2008-05-16 11:58 12632 --a------ C:\WINDOWS\SYSTEM32\lsdelete.exe
2008-05-08 08:28 202752 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rmcast.sys
2008-05-04 10:25 -------- d-------- C:\Documents and Settings\Paul Par‚\Application Data\Adobe
2008-04-30 16:54 -------- d-------- C:\Program Files\Apple Software Update
2008-04-29 11:20 15648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\NSDriver.sys
2008-04-29 11:19 15648 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Awrtrd.sys
2008-04-29 11:19 12960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Awrtpd.sys
2008-03-27 05:24 60416 --a------ C:\WINDOWS\SYSTEM32\tzchange.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"THGuard"="\"C:\\Program Files\\TrojanHunter 5.0\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 8.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 8.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 8.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Billminder.lnk"
"backup"="C:\\WINDOWS\\pss\\Billminder.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\QUICKENW\\BILLMIND.EXE -startup"
"item"="Billminder"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Startup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\QUICKENW\\QWDLLS.EXE "
"item"="Quicken Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Paul Paré^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk]
"path"="C:\\Documents and Settings\\Paul Paré\\Start Menu\\Programs\\Startup\\TextBridge Instant Access OCR.lnk"
"backup"="C:\\WINDOWS\\pss\\TextBridge Instant Access OCR.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\TEXTBR~1\\Bin\\TBMenu.exe /h"
"item"="TextBridge Instant Access OCR"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2839a195]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qmydewfx"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\System32\\qmydewfx.dll\",b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCMSMMSG"
"hkey"="HKLM"
"command"="BCMSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2b0a9209]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="btjxyxon"
"hkey"="HKLM"
"command"="Rundll32.exe \"C:\\WINDOWS\\System32\\btjxyxon.dll\",s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSAgnt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSentry"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\DSentry.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMEKRMIG"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe /runkey"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Verizon\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pptd40nt"
"hkey"="HKLM"
"command"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegistryController"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ScanSoft\\PDF Converter 2.0 Professional\\PDFConv\\\\RegistryController.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPWebCap"
"hkey"="HKCU"
"command"="C:\\Program Files\\ScanSoft\\PaperPort\\PPWebCap.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RxMon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EngUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SM1BG"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SM1BG.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSBkgdupdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mcmscsvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WebReg 20040416000105.job
C:\WINDOWS\tasks\WebReg 20040502155641.job
C:\WINDOWS\tasks\WebReg 20040517183925.job

Completion time: 08-06-23 17:32:20.28
C:\ComboFix.txt ... 08-06-23 17:32
C:\ComboFix2.txt ... 08-06-17 13:01
Back to top
View users profile Send private message
Prince_Serendip

Site Moderator


Joined: Sep 07, 2002
Posts: 17155

1st Responders MIRT Moderators MVP Premium RootKit Detection Hosts Rootkit Experts Rootkit Responders

PostPosted: Tue Jun 24, 2008 9:24 am    Post subject:
Reply with quote

Your version of HijackThis is out-of-date. Please uninstall your old copy of HJT with Add/Remove Programs.

Please follow the instructions >>>HERE<<< at #5. Thanks.

Note: The current version is HijackThis 2.0.2.

Please do not post any other log except a HijackThis log. If your helper wants other types of logs, they'll ask for them.


_________________
image
Microsoft MVP Consumer Security 2006, 2007 & 2008
Back to top
View users profile Send private message
cyberbear2

Trooper
Trooper


Joined: Jun 23, 2008
Posts: 14
Location: USA
PostPosted: Tue Jun 24, 2008 4:58 pm    Post subject: Hijackthis updated and new log
Reply with quote

Sorry. Here is the updated log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:46:56, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {E6E01B02-A6F9-4EFE-A0EC-0A9666764C5C} - C:\WINDOWS\system32\jkkkhfCU.dll (file missing)
O2 - BHO: {3ed552a3-2b36-50d9-87d4-e8016d6f165f} - {f561f6d6-108e-4d78-9d05-63b23a255de3} - C:\WINDOWS\System32\jkjhsphk.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7129 bytes
Back to top
View users profile Send private message
Prince_Serendip

Site Moderator


Joined: Sep 07, 2002
Posts: 17155

1st Responders MIRT Moderators MVP Premium RootKit Detection Hosts Rootkit Experts Rootkit Responders

PostPosted: Wed Jun 25, 2008 11:24 am    Post subject:
Reply with quote

You're Ready for cleaning. Thumbs Up

At CastleCops we screen all HijackThis logs for errors, out-of-date versions, unupdated operating systems, omissions and P2P applications; getting you [READY] for cleaning by our 1st Responders and Security Experts. Now you wait for one of them to come help you.


_________________
image
Microsoft MVP Consumer Security 2006, 2007 & 2008
Back to top
View users profile Send private message
Prince_Serendip

Site Moderator


Joined: Sep 07, 2002
Posts: 17155

1st Responders MIRT Moderators MVP Premium RootKit Detection Hosts Rootkit Experts Rootkit Responders

PostPosted: Tue Jul 01, 2008 6:05 pm    Post subject:
Reply with quote

Now that you've made an entry at the Unhandled Logs topic, you need to post a fresh log here (below this post).


**NOTE: You have a week to post the updated log. Do not post it as a new topic. If your new updated log is not posted, this topic will be locked and your post removed from the Unhandled Logs topic list.


_________________
image
Microsoft MVP Consumer Security 2006, 2007 & 2008
Back to top
View users profile Send private message
cyberbear2

Trooper
Trooper


Joined: Jun 23, 2008
Posts: 14
Location: USA
PostPosted: Tue Jul 01, 2008 8:01 pm    Post subject: Updated Log
Reply with quote

Here is the updated log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:09, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word (PDF Converter 2.0) - res://C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6856 bytes
Back to top
View users profile Send private message
cyberbear2

Trooper
Trooper


Joined: Jun 23, 2008
Posts: 14
Location: USA
PostPosted: Tue Jul 01, 2008 8:26 pm    Post subject:
Reply with quote

I have fixed the following entries in the original log. I am rescanning with malware bytes.


O2 - BHO: (no name) - {E6E01B02-A6F9-4EFE-A0EC-0A9666764C5C} - C:\WINDOWS\system32\jkkkhfCU.dll (file missing)
O2 - BHO: {3ed552a3-2b36-50d9-87d4-e8016d6f165f} - {f561f6d6-108e-4d78-9d05-63b23a255de3} - C:\WINDOWS\System32\jkjhsphk.dll
Back to top
View users profile Send private message
cyberbear2

Trooper
Trooper


Joined: Jun 23, 2008
Posts: 14
Location: USA
PostPosted: Tue Jul 01, 2008 11:34 pm    Post subject:
Reply with quote

So Malware bytes didn't detecy MS Juan but the internet explorer browser is still messed up (It loads the homepage but when I try to go to a different page it just returns to the original page (it's almost like it's looping back and forth except I never see it change. I just see the addresses change down the bottom of the screen) and the system is still running slow.

Please help.
Back to top
View users profile Send private message
SpotCheckBilly

1st Responder


Joined: Jul 13, 2004
Posts: 158

1st Responders

PostPosted: Mon Jul 07, 2008 12:12 am    Post subject:
Reply with quote

Hello cyberbear2,

Welcome to the cC forums. I'm SpotCheckBilly (SCB for short) and if you still need assistance I will be happy to help you.

===Very Important===
The instructions in this thread have been specifically designed for THIS USER'S MACHINE ONLY . You should not use these instructions to clean your machine. Doing so could cause irreparable damage to your machine. If you need assistance, please start your own thread.

=================

A couple of important things to keep in mind during our fix.

  • Please >> DO NOT<< run any scans/tools or other fixes unless I ask you to.
  • If you are running P2P filesharing program(s). they must be uninstalled before proceeding.
  • If you are running any cracked/pirated software, REMOVE it before proceeding. Many helpers -- myself included -- will not assist you if you are using such software.
Remember, we are in this process together. We must cooperate with each other or the fix will surely fail. If there is something you don't understand or or are unsure of -- Please Do not skip it. Instead, take a moment to ask. With some infections skipping a step can be disastrous.That being said, let's get started. Smile

Part of the slow performance is probably due to the fact that you have too many real-time protection programs running. These programs seldom get along and most always cause conflicts. Since it appears that you are running McAfee Security Suite, I would suggest that you disable all other real-time protection. You most certainly can keep the other programs as on-demand scanner's. NOTE: AVG Antispyware is outdated and no longer supported. I would just uninstall that one.

Since your HijackThis log is several days old, I would like to start with some fresh information. Please do the following:

Update and rescan with Malwarebytes Anti-Malware (current version 1.19, current database version 924).

Please do the following EXACTLY as directed:

Follow this link to the How to Use Combofix tutorial at bleepingcomputer.com.

>>>If you already have Combofix, delete previous copy(s) and download the latest version.<<<

Read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

***If you have an always on Internet connection, unplug from your DSL/cable modem before proceeding. Reconnect only after Combofix has finished its scan.***

Please continue with the scan as follows:
  • Very Important! Temporarily >>disable<< your anti-virus, script blocking and any anti-malware real-time protection before continuing the scan. They can interfere with ComboFix and may cause unpredictable results. Note: Combofix will disconnect you from the Internet, then restore your connection as it finishes.

  • Click Yes and follow the prompts to allow ComboFix to continue scanning for malware. This can take a while, so please be patient.
  • When finished, it will produce a report for you at C:\ComboFix.txt.

***Do not mouseclick combofix's window while it's running. That may cause it to stall***

In your next post, please include
  • The results of the Malwarebytes Anti-Malware scan.
  • A new Hijackthis log.
  • C.:\Combofix.txt.

Use multiple posts if necessary to ensure the entire contents of the logs gets posted. To prevent loss of information during a copy/paste operation:
Open the desired log.
Hit Ctrl+a to select the entire contents.
Hit Ctrl+c copy the entire contents.
Hit Ctrl+v paste the entire contents into the message body box in your reply.

We'll take it from there. Hello SCB
Back to top
View users profile Send private message AIM Address
cyberbear2

Trooper
Trooper


Joined: Jun 23, 2008
Posts: 14
Location: USA
PostPosted: