Jump to content

Brooke

Sponsor
  • Content Count

    15
  • Joined

  • Last visited

About Brooke

  • Rank
    Lunar Novice

Personal Information

  • Country
    Nothing Selected
  • OS
    None specified
  1. Brooke

    Brooke - Log 01

    Uh, duh...Thanks. I'll check HJT for leads on dealing with the red items and try to digest the others as well. Obviously you've considered adding boilerplate recommendations for these things but decided against including them. A little later.......Reading returns from googling your log analysis implies all items (red and blue) should be removed with HJT. Please confirm and thanks, again.
  2. Brooke

    Brooke - Log 01

    Thanks, no, no new issues. Those odd files are still in root C: two exes: rhlj and lcfdx, and another -858939365, no extension. The file modified dates are identical and right about when I became infected. Direct virus and spyware scans of them show nothing. Unless you advise otherwise I will delete. I was hoping you would look at the jht log file below if you did not look at the one above. But I really don't know what that entails and it is long and I am having no known issues. Logfile of HijackThis v1.99.1 Scan saved at 5:51:48 PM, on 2/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\BCMSMMSG.exe C:\Programs - added\AVG AntiSpyware 7.5\guard.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Programs - added\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Programs - added\iTunes 7\iTunesHelper.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Programs - added\DoubleSafety - backup program\DoubleSafety.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programs - added\AVG AntiSpyware 7.5\avgas.exe C:\Programs - added\Folder Size 2.3\FolderSizeSvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Programs - added\SWFPrinterPro\swfpagent.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programs - added\RougeRemoverPRO 1.05\RogueRemoverPRO.exe C:\Programs - added\utilities\ProcessLibrary\qaccess.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Programs - added\ClipMate 5\ClipMate5\ClipMt50.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\Program Files\TM1184\ControlUtility\ControlUtility.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Programs - added\NaviScope\naviscope.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe C:\WINDOWS\system32\cidaemon.exe C:\Programs - added\EditPad 5.2\EditPad.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis 1.99.0.1\analyze.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:81 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {31065C7D-466B-E9D6-E5D7-01E29F863683} - C:\WINDOWS\System32\zaxkeak.dll O2 - BHO: bxNewFolder - {51C8BCA8-2524-4523-BF09-738C4EEBFC58} - C:\PROGRA~2\NEWFOL~1\BXNEWF~1\BXNEWF~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1.4\SDHelper.dll O2 - BHO: (no name) - {562D1B44-9B98-D678-E704-01358FB718F6} - C:\WINDOWS\System32\hcvleb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programs - added\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programs - added\iTunes 7\iTunesHelper.exe" O4 - HKLM\..\Run: [DoubleSafety] "C:\Programs - added\DoubleSafety - backup program\DoubleSafety.exe" /logon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programs - added\AVG AntiSpyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SWF Printer Agent] "C:\Programs - added\SWFPrinterPro\swfpagent.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RogueMonitor] C:\Programs - added\RougeRemoverPRO 1.05\RogueRemoverPRO.exe /monitor O4 - HKCU\..\Run: [Uniblue Quick Access] "C:\Programs - added\utilities\ProcessLibrary\qaccess.exe" /startup O4 - Startup: naviscope.lnk = C:\Programs - added\NaviScope\naviscope.exe O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ClipMate5.lnk = C:\Programs - added\ClipMate 5\ClipMate5\ClipMt50.exe O4 - Global Startup: Dell Control Utility.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\System32\page.htm O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\System32\link.htm O8 - Extra context menu item: Download using LeechGet - file://C:\Programs - added\LeechGet 1.1\LeechGet 2004\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Programs - added\LeechGet 1.1\LeechGet 2004\\Wizard.html O8 - Extra context menu item: Parse with LeechGet - file://C:\Programs - added\LeechGet 1.1\LeechGet 2004\\Parser.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: *.musicmatch.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url="http://go.microsoft.com/fwlink/?linkid=39204"]http://go.microsoft.com/fwlink/?linkid=39204[/url] O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - [url="https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab"]https://secure.stamps.com/download/us/regis...55/sdcregie.cab[/url] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url="http://www.snapfish.com/SnapfishActivia.cab"]http://www.snapfish.com/SnapfishActivia.cab[/url] O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url="http://download.bitdefender.com/resources/scan8/oscan8.cab"]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107468058468"]http://v5.windowsupdate.microsoft.com/v5co...b?1107468058468[/url] O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - [url="http://www.costcophotocenter.com/CostcoUpload.cab"]http://www.costcophotocenter.com/CostcoUpload.cab[/url] O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - [url="https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB"]https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB[/url] O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [url="http://web1.shutterfly.com/downloads/Uploader.cab"]http://web1.shutterfly.com/downloads/Uploader.cab[/url] O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - [url="http://www.crucial.com/controls/cpcScanner.cab"]http://www.crucial.com/controls/cpcScanner.cab[/url] O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - [url="http://www.o2c.de/download/o2cplayer.cab"]http://www.o2c.de/download/o2cplayer.cab[/url] O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - [url="http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab"]http://us.dl1.yimg.com/download.yahoo.com/...ropper1_4us.cab[/url] O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - [url="http://www.o2c.de/download/O2CPlayer.CAB"]http://www.o2c.de/download/O2CPlayer.CAB[/url] O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - [url="http://www.photoworks.com/pixami/DragDropUploader.cab"]http://www.photoworks.com/pixami/DragDropUploader.cab[/url] O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - [url="https://www-secure.symantec.com/techsupp/activedata/SymAData.cab"]https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab[/url] O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} (Easy Photo Uploader) - [url="http://preview.digiphoart4evergreen.photosite.com/~site/UploadBox/UploadBox_live.cab"]http://preview.digiphoart4evergreen.photos...oadBox_live.cab[/url] O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: bt848rom - bt848rom.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programs - added\AVG AntiSpyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Programs - added\Folder Size 2.3\FolderSizeSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe Thanks very much for your help.
  3. Brooke

    Brooke - Log 01

    I did the rustbfix since I saw it at TC for a similar (to the ignorant) huy32 issue. Current pelog.txt: ************************* Rustock.b-fix -- By ejvindh ************************* Wed 02/07/2007 15:27:09.43 ******************* Pre-run Status of system ******************* Rootkit driver huy32 is found. Starting the unload-procedure.... Rustock.b-ADS attached to the System32-folder: :huy32.sys 70570 Total size: 70570 bytes. Attempting to remove ADS... system32: deleted 70570 bytes in 1 streams. Looking for Rustock.b-files in the System32-folder: No Rustock.b-files found in system32 ******************* Post-run Status of system ******************* Rustock.b-driver on the system: NONE! Rustock.b-ADS attached to the System32-folder: No System32-ADS found. Looking for Rustock.b-files in the System32-folder: No Rustock.b-files found in system32 ******************************* End of Logfile ******************************** Current avenger.txt: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\kkecmjqx ******************* Script file located at: \??\C:\Documents and Settings\lkudutco.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Driver huy32 unloaded successfully. Program C:\Rustbfix\2run.bat successfully set up to run once on reboot. Completed script processing. ******************* Finished! Terminate. Current hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 3:49:22 PM, on 2/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Programs - added\AVG AntiSpyware 7.5\guard.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Programs - added\Folder Size 2.3\FolderSizeSvc.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Programs - added\iTunes 7\iTunesHelper.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\Programs - added\DoubleSafety - backup program\DoubleSafety.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Programs - added\AVG AntiSpyware 7.5\avgas.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Programs - added\RougeRemoverPRO 1.04\RogueRemoverPRO.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Programs - added\ClipMate 5\ClipMate5\ClipMt50.exe C:\Program Files\TM1184\ControlUtility\ControlUtility.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Programs - added\NaviScope\naviscope.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\WINDOWS\system32\wuauclt.exe C:\Programs - added\IrView 3.95\i_view32.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\SurMixer.exe C:\Programs - added\EditPad 5.2\EditPad.exe C:\Program Files\HijackThis 1.99.0.1\analyze.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:81 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {31065C7D-466B-E9D6-E5D7-01E29F863683} - C:\WINDOWS\System32\zaxkeak.dll O2 - BHO: bxNewFolder - {51C8BCA8-2524-4523-BF09-738C4EEBFC58} - C:\PROGRA~2\NEWFOL~1\BXNEWF~1\BXNEWF~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1.4\SDHelper.dll O2 - BHO: (no name) - {562D1B44-9B98-D678-E704-01358FB718F6} - C:\WINDOWS\System32\hcvleb.dll O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programs - added\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programs - added\iTunes 7\iTunesHelper.exe" O4 - HKLM\..\Run: [DoubleSafety] "C:\Programs - added\DoubleSafety - backup program\DoubleSafety.exe" /logon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programs - added\AVG AntiSpyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [RogueMonitor] C:\Programs - added\RougeRemoverPRO 1.04\RogueRemoverPRO.exe /monitor O4 - Startup: naviscope.lnk = C:\Programs - added\NaviScope\naviscope.exe O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ClipMate5.lnk = C:\Programs - added\ClipMate 5\ClipMate5\ClipMt50.exe O4 - Global Startup: Dell Control Utility.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\System32\page.htm O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\System32\link.htm O8 - Extra context menu item: Download using LeechGet - file://C:\Programs - added\LeechGet 1.1\LeechGet 2004\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Programs - added\LeechGet 1.1\LeechGet 2004\\Wizard.html O8 - Extra context menu item: Parse with LeechGet - file://C:\Programs - added\LeechGet 1.1\LeechGet 2004\\Parser.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: *.musicmatch.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url=http://go.microsoft.com/fwlink/?linkid=39204]http://go.microsoft.com/fwlink/?linkid=39204[/url] O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - [url=https://secure.stamps.com/download/us/registration/2_0_0_755/sdcregie.cab]https://secure.stamps.com/download/us/regis...55/sdcregie.cab[/url] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url=http://www.snapfish.com/SnapfishActivia.cab]http://www.snapfish.com/SnapfishActivia.cab[/url] O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url=http://download.bitdefender.com/resources/scan8/oscan8.cab]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url=http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107468058468]http://v5.windowsupdate.microsoft.com/v5co...b?1107468058468[/url] O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - [url=https://java.sun.com/products/plugin/autodl/jinstall-1_4-windows-i586.cab]https://java.sun.com/products/plugin/autodl...indows-i586.cab[/url] O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - [url=http://www.costcophotocenter.com/CostcoUpload.cab]http://www.costcophotocenter.com/CostcoUpload.cab[/url] O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - [url=https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB]https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB[/url] O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [url=http://web1.shutterfly.com/downloads/Uploader.cab]http://web1.shutterfly.com/downloads/Uploader.cab[/url] O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - [url=http://www.crucial.com/controls/cpcScanner.cab]http://www.crucial.com/controls/cpcScanner.cab[/url] O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - [url=http://www.o2c.de/download/o2cplayer.cab]http://www.o2c.de/download/o2cplayer.cab[/url] O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - [url=http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab]http://us.dl1.yimg.com/download.yahoo.com/...ropper1_4us.cab[/url] O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - [url=http://www.o2c.de/download/O2CPlayer.CAB]http://www.o2c.de/download/O2CPlayer.CAB[/url] O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - [url=http://www.photoworks.com/pixami/DragDropUploader.cab]http://www.photoworks.com/pixami/DragDropUploader.cab[/url] O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - [url=https://www-secure.symantec.com/techsupp/activedata/SymAData.cab]https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab[/url] O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} (Easy Photo Uploader) - [url=http://preview.digiphoart4evergreen.photosite.com/~site/UploadBox/UploadBox_live.cab]http://preview.digiphoart4evergreen.photos...oadBox_live.cab[/url] O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: bt848rom - bt848rom.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programs - added\AVG AntiSpyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Programs - added\Folder Size 2.3\FolderSizeSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe Through due diligence, perhaps a brighter tomorrow.
  4. Brooke

    Brooke - Log 01

    Will do. Gmer finished the second time. Log: GMER 1.0.12.12027 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2007-02-07 13:43:36 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \??\C:\Programs - added\AVG AntiSpyware 7.5\guard.sys ZwOpenProcess SSDT \??\C:\Programs - added\AVG AntiSpyware 7.5\guard.sys ZwTerminateProcess INT 0x06 \??\C:\WINDOWS\System32\drivers\Haspnt.sys A944416D INT 0x0E \??\C:\WINDOWS\System32\drivers\Haspnt.sys A9443FC2 SYSENTER \??\C:\WINDOWS\System32:huy32.sys A9D66BCC Code \??\C:\WINDOWS\System32:huy32.sys pIofCallDriver ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!Kei386EoiHelper + 4E0 804DF53C 3 Bytes [ BD, C5, 6C ] .text tcpip.sys!IPTransmit + 10B7 A9C48CFA 6 Bytes CALL A9D68995 \??\C:\WINDOWS\System32:huy32.sys .text tcpip.sys!IPTransmit + 24D9 A9C4A11C 6 Bytes CALL A9D68995 \??\C:\WINDOWS\System32:huy32.sys .text tcpip.sys!IPTransmit + 4662 A9C4C2A5 6 Bytes CALL A9D68995 \??\C:\WINDOWS\System32:huy32.sys .text wanarp.sys BA76F3FD 7 Bytes CALL A9D6899F \??\C:\WINDOWS\System32:huy32.sys ---- User code sections - GMER 1.0.12 ---- .text C:\WINDOWS\explorer.exe[1768] SHELL32.dll!SHFileOperationW 7CA6FB3E 5 Bytes JMP 00B31102 C:\Program Files\Unlocker\UnlockerHook.dll ---- Devices - GMER 1.0.12 ---- Device \Driver\aksusb \Device000007f IRP_MJ_CREATE [A9AE825F] AKSCLASS.SYS Device \Driver\aksusb \Device000007f IRP_MJ_CLOSE [A9AE825F] AKSCLASS.SYS Device \Driver\aksusb \Device000007f IRP_MJ_DEVICE_CONTROL [A9AE73FD] AKSCLASS.SYS Device \Driver\aksusb \Device000007f IRP_MJ_INTERNAL_DEVICE_CONTROL [A9AE7573] AKSCLASS.SYS Device \Driver\aksusb \Device000007f IRP_MJ_POWER [A9AE847F] AKSCLASS.SYS Device \Driver\aksusb \Device000007f IRP_MJ_SYSTEM_CONTROL [A9AE8061] AKSCLASS.SYS Device \Driver\aksusb \Device000007f IRP_MJ_PNP [A9AE8F15] AKSCLASS.SYS ---- Services - GMER 1.0.12 ---- Service C:\WINDOWS\System32:huy32.sys (*** hidden *** ) [SYSTEM] huy32 <-- ROOTKIT !!! ---- Registry - GMER 1.0.12 ---- Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Start 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@ErrorControl 0 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@ImagePath \??\C:\WINDOWS\System32:huy32.sys Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@DisplayName Win23 lzx files loader Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Group Base Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@ExtParam 0xB0 0xFE 0x46 0x1A ... Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Checked 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Start 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@ErrorControl 0 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@ImagePath \??\C:\WINDOWS\System32:huy32.sys Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@DisplayName Win23 lzx files loader Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Group Base Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@ExtParam 0xB0 0xFE 0x46 0x1A ... Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Checked 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32\Security Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Start 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@ErrorControl 0 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@ImagePath \??\C:\WINDOWS\System32:huy32.sys Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@DisplayName Win23 lzx files loader Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Group Base Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@ExtParam 0xB0 0xFE 0x46 0x1A ... Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Checked 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32\Enum Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Start 1 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@ErrorControl 0 Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@ImagePath \??\C:\WINDOWS\System32:huy32.sys Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@DisplayName Win23 lzx files loader Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Group Base Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@ExtParam 0xB0 0xFE 0x46 0x1A ... Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\huy32@Checked 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@Start 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@ErrorControl 0 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@ImagePath \??\C:\WINDOWS\System32:huy32.sys Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@DisplayName Win23 lzx files loader Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@Group Base Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@ExtParam 0xB0 0xFE 0x46 0x1A ... Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@Checked 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@Start 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@ErrorControl 0 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@ImagePath \??\C:\WINDOWS\System32:huy32.sys Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@DisplayName Win23 lzx files loader Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@Group Base Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@ExtParam 0xB0 0xFE 0x46 0x1A ... Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@Checked 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32\Security Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@Type 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@Start 1 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@ErrorControl 0 Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@ImagePath \??\C:\WINDOWS\System32:huy32.sys Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@DisplayName Win23 lzx files loader Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@Group Base Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@ExtParam 0xB0 0xFE 0x46 0x1A ... Reg \Registry\MACHINE\SYSTEM\ControlSet002\Services\huy32@Checked 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Type 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Start 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@ErrorControl 0 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@ImagePath \??\C:\WINDOWS\System32:huy32.sys Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@DisplayName Win23 lzx files loader Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Group Base Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@ExtParam 0xB0 0xFE 0x46 0x1A ... Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Checked 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Type 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Start 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@ErrorControl 0 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@ImagePath \??\C:\WINDOWS\System32:huy32.sys Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@DisplayName Win23 lzx files loader Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Group Base Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@ExtParam 0xB0 0xFE 0x46 0x1A ... Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Checked 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32\Security Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Type 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Start 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@ErrorControl 0 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@ImagePath \??\C:\WINDOWS\System32:huy32.sys Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@DisplayName Win23 lzx files loader Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Group Base Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@ExtParam 0xB0 0xFE 0x46 0x1A ... Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Checked 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32\Enum Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Type 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Start 1 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@ErrorControl 0 Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@ImagePath \??\C:\WINDOWS\System32:huy32.sys Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@DisplayName Win23 lzx files loader Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Group Base Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@ExtParam 0xB0 0xFE 0x46 0x1A ... Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\huy32@Checked 1 ---- Files - GMER 1.0.12 ---- ADS C:\WINDOWS\SYSTEM32:huy32.sys <-- ROOTKIT !!! ---- EOF - GMER 1.0.12 ----
  5. Brooke

    Brooke - Log 01

    RootkitRevealer hung twice on cleanup, or appeared to. Second run got further and exited OK. Allowed a log save, as follows: HKU\S-1-5-21-4275444482-3655707654-1986034232-1005\RemoteAccess\InternetProfile 8/2/2004 1:16 PM 21 bytes Data mismatch between Windows API and raw hive data. HKLM\SECURITY\Policy\Secrets\SAC* 9/3/2002 5:55 PM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 9/3/2002 5:55 PM 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 2/7/2007 10:26 AM 80 bytes Data mismatch between Windows API and raw hive data. C:\System Volume Information\catalog.wci0010001.ci 2/7/2007 10:32 AM 44.00 KB Visible in directory index, but not Windows API or MFT. C:\System Volume Information\catalog.wci0010001.dir 2/7/2007 10:32 AM 682 bytes Visible in directory index, but not Windows API or MFT. C:\System Volume Information\catalog.wci\CiFLfffc.000 2/7/2007 9:46 AM 240 bytes Visible in Windows API, MFT, but not in directory index. C:\System Volume Information\catalog.wci\CiFLfffc.001 2/7/2007 9:46 AM 64.00 KB Visible in Windows API, MFT, but not in directory index. C:\System Volume Information\catalog.wci\CiFLfffc.002 2/7/2007 9:46 AM 64.00 KB Visible in Windows API, MFT, but not in directory index. C:\System Volume Information\catalog.wci\CiFLfffd.000 2/7/2007 10:32 AM 240 bytes Visible in directory index, but not Windows API or MFT. C:\System Volume Information\catalog.wci\CiFLfffd.001 2/7/2007 10:32 AM 64.00 KB Visible in directory index, but not Windows API or MFT. C:\System Volume Information\catalog.wci\CiFLfffd.002 2/7/2007 10:32 AM 64.00 KB Visible in directory index, but not Windows API or MFT. Also ran gmer, which showed huy32sys presence and was scanning when came the blue screen: "BAD_POOL_HEADER"
  6. Brooke

    Brooke - Log 01

    OK, Back to where I was, fairly clean...still wondering about those c:\ files. They remain. Re-deleted offender ctpmon at boot and ran smitfraudfix search and then clean at safe boot. It sems to have edited the hosts file as you advised, so that is done. RougeRemover Pro has been updated and a scan done, both automatically and manually: it says the system is immunized. Looking for a rootkit scanner as per smitfraudfix advice: "huy32 detected, use a Rootkit scanner." Thoughts on that one? Searches turn up "gmer." http://www.gmer.net/index.php
  7. Brooke

    Brooke - Log 01

    Well...I may have re-opened some door. My malady has returned. I remembered running smitfraudfix and it having said it found nothing, but I went to root c: to see if I could find its report (rapport.txt). It was not there but two unknown exe files were: rhlj and lcfdx, and another -858939365, no extension.. In the process of searching for info on them I may have dbl clicked one. The file modified dates are identical and right about when I became infected. I'll try to get back to where I was moments ago......
  8. Brooke

    Brooke - Log 01

    My prescription: 1. run smitfraudfix. 2. replace hosts file as below. 3. reimmunize with RogueRemover. 4. edit hosts file, changing all 127.0.0.1 entries to 0.0.0.0 except for the localhost entry. Meanwhile, thanks very much, Tarun. I won't gush about the lump in my gut, still present, which this issue has given me, and from which you have at some future point I hope, set me free.
  9. Brooke

    Brooke - Log 01

    It's possible the file was hidden or certain search parameters were not able to find it as they may not have been selected. You found it though. I only mentioned that because I have probs with Windows search. There were no params listed, just find the file.ext on C: looking everywhere. Sometimes I do a search for files modified in some time period up to present, then do some work and do the search again assuming it would return previously listed files plus newly modified ones but it says no files found.. just a wee bit off-topic. Was Unlocker able to delete it? Unlocker nailed it on re-boot!!!! I can't find it in the directory; the icon is not there. Whoooppeeee. FYI: When I tried to fileassassin it before, it seemed to replicate itself, apparently unnecessarily as it never was assassinated...until reboot. Paste your Hosts file contents here in a codebox using the codebox BBCode. I pasted the new hosts file below. I had run smitfraudfix before. Did you see recurring signs of smitfraud? Brooke-hosts-01: 127.0.0.1 localhost 127.0.0.1 bleepingcomputer.com 127.0.0.1 www.bleepingcomputer.com 127.0.0.1 boskak.za.net 127.0.0.1 bullguard.com 127.0.0.1 www.bullguard.com 127.0.0.1 castlecops.com 127.0.0.1 www.castlecops.com 127.0.0.1 cleanup.stevengould.org 127.0.0.1 compu-docs.com 127.0.0.1 www.compu-docs.com 127.0.0.1 depannetonpc.net 127.0.0.1 www.depannetonpc.net 127.0.0.1 download.bleepingcomputer.com 127.0.0.1 ewido.net 127.0.0.1 www.ewido.net 127.0.0.1 fileinfo.prevx.com 127.0.0.1 forum.arovax.com 127.0.0.1 forum.idg.pl 127.0.0.1 forums.digitaltrends.com 127.0.0.1 forums.spybot.info 127.0.0.1 forums.techguy.org 127.0.0.1 forums.tomcoyote.org 127.0.0.1 forums.us.dell.com 127.0.0.1 greyknight17.com 127.0.0.1 www.greyknight17.com 127.0.0.1 help.lockergnome.com 127.0.0.1 infos-du-net.com 127.0.0.1 www.infos-du-net.com 127.0.0.1 innovative-sol.com 127.0.0.1 www.innovative-sol.com 127.0.0.1 mytechsupport.ca 127.0.0.1 www.mytechsupport.ca 127.0.0.1 research.sunbelt-software.com 127.0.0.1 siri.urz.free.fr 127.0.0.1 spywareinfo.dk 127.0.0.1 www.spywareinfo.dk 127.0.0.1 stevengould.org 127.0.0.1 www.stevengould.org 127.0.0.1 superantispyware.com 127.0.0.1 www.superantispyware.com 127.0.0.1 www.techsupportforum.com #RogueRemover PRO Immunization Start # [b]about 1409 entries here [/b]# #RogueRemover PRO Immunization End # Start of entries inserted by Spybot - Search & Destroy # End of entries inserted by Spybot - Search & Destroy
  10. Brooke

    Brooke - Log 01

    DONE - uninstall AVG Free Anti-Virus. YES - you've run all of the scans in the Anti-Malware package? This file could be a source of problems. O4 - HKCU\..\Run: [ctpmon] ctpmon.exe Though Windows search failed to find it (why often so unreliable?), it was there, in: C:\WINDOWS\SYSTEM32 Do a search for ctpmon and once found you should delete it. If you are unable to delete it; you should use a program like Unlocker or FileASSASSIN. Fileassassin failed to delete it. (In fact I've got 2 of the icons (white X on red shield) now in my sys tray.) Unlocker found no locking handle. You should also check your Hosts file. it can be found in %SystemRoot%\system32\drivers\etc\ and you may need to right-click it and remove the Read-Only status. What do I do with the hosts file?
  11. Brooke

    Brooke - Log 01

    Tarun, Since I followed your procedures rather than those prescribed at Malwarebytes, I'm posting here. My thread there is http://www.malwarebytes.org/forums/index.p...&#entry2172. (Would you prefer these logfiles as attachments?) Logfile of HijackThis v1.99.1 Scan saved at 8:52:01 AM, on 2/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Programs - added\AVG AntiSpyware 7.5\guard.exe C:\PROGRA~2\AVG7~1.5AN\avgamsvr.exe C:\PROGRA~2\AVG7~1.5AN\avgupsvc.exe C:\PROGRA~2\AVG7~1.5AN\avgemc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programs - added\Folder Size 2.3\FolderSizeSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Programs - added\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Programs - added\iTunes 7\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Programs - added\DoubleSafety - backup program\DoubleSafety.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~2\AVG7~1.5AN\avgcc.exe C:\Programs - added\AVG AntiSpyware 7.5\avgas.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctpmon.exe C:\Programs - added\RougeRemoverPRO 1.04\RogueRemoverPRO.exe C:\WINDOWS\system32\ctpmon.exe C:\Programs - added\ClipMate 5\ClipMate5\ClipMt50.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\TM1184\ControlUtility\ControlUtility.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Programs - added\NaviScope\naviscope.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\WINDOWS\system32\cidaemon.exe C:\Programs - added\SpyBot Search and Destroy 1.4\SpybotSD.exe C:\PROGRA~2\AVG7~1.5AN\avgw.exe C:\Program Files\HijackThis 1.99.0.1\analyze.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:81 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {31065C7D-466B-E9D6-E5D7-01E29F863683} - C:\WINDOWS\System32\zaxkeak.dll O2 - BHO: bxNewFolder - {51C8BCA8-2524-4523-BF09-738C4EEBFC58} - C:\PROGRA~2\NEWFOL~1\BXNEWF~1\BXNEWF~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1.4\SDHelper.dll O2 - BHO: (no name) - {562D1B44-9B98-D678-E704-01358FB718F6} - C:\WINDOWS\System32\hcvleb.dll O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programs - added\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programs - added\iTunes 7\iTunesHelper.exe" O4 - HKLM\..\Run: [DoubleSafety] "C:\Programs - added\DoubleSafety - backup program\DoubleSafety.exe" /logon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~2\AVG7~1.5AN\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programs - added\AVG AntiSpyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctpmon] ctpmon.exe O4 - HKCU\..\Run: [RogueMonitor] C:\Programs - added\RougeRemoverPRO 1.04\RogueRemoverPRO.exe /monitor O4 - Startup: naviscope.lnk = C:\Programs - added\NaviScope\naviscope.exe O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ClipMate5.lnk = C:\Programs - added\ClipMate 5\ClipMate5\ClipMt50.exe O4 - Global Startup: Dell Control Utility.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\System32\page.htm O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\System32\link.htm O8 - Extra context menu item: Download using LeechGet - file://C:\Programs - added\LeechGet 1.1\LeechGet 2004\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Programs - added\LeechGet 1.1\LeechGet 2004\\Wizard.html O8 - Extra context menu item: Parse with LeechGet - file://C:\Programs - added\LeechGet 1.1\LeechGet 2004\\Parser.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: *.musicmatch.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...55/sdcregie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107468058468 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/products/plugin/autodl...indows-i586.cab O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_4us.cab O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - http://www.o2c.de/download/O2CPlayer.CAB O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} (Easy Photo Uploader) - http://preview.digiphoart4evergreen.photos...oadBox_live.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: bt848rom - bt848rom.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programs - added\AVG AntiSpyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~2\AVG7~1.5AN\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~2\AVG7~1.5AN\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~2\AVG7~1.5AN\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Programs - added\Folder Size 2.3\FolderSizeSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
×