de6racha11 Posted July 6, 2008 Share Posted July 6, 2008 Dear Lunarsoft you helped me once before and I am afraid to say I am back yet again. Over the past week my PC has slowly ground to a halt and I am totally stressed I have been very careful not to download anything or visit dodgy sites so how this has happened I dont know. When trying to print documents the printer wont start although it states that docs are pending printing. I have recently been reading up on RootKit problems and have included a readout of what was found but there is no advice on how to remove the problems today I have 27 problems last night it found 76. I have also included my Hyjack this log. I have gone through all the cleaning processes from the PC Maintenance site but things are still just as bad. You were very very helpful to me last time my PC was spot on please could you take a look at my logs and advise what may have decided to start lodging with me again Rootkit logs HKLM\SECURITY\Policy\Secrets\SAC* 15/06/2008 18:30 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 15/06/2008 18:30 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 06/07/2008 16:36 80 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf40 06/07/2008 11:25 0 bytes Hidden from Windows API. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\GGQ8E9LG\down[1] 06/07/2008 18:39 3.33 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\GGQ8E9LG\favcenter[1] 06/07/2008 16:41 3.29 KB Visible in Windows API, MFT, but not in directory index. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\GGQ8E9LG\tools[1] 06/07/2008 16:43 3.48 KB Visible in directory index, but not Windows API or MFT. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\background_gradient[1] 06/07/2008 16:41 453 bytes Visible in Windows API, MFT, but not in directory index. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\background_gradient[2] 06/07/2008 18:39 453 bytes Visible in Windows API, directory index, but not in MFT. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\bullet[1] 06/07/2008 18:39 3.09 KB Visible in Windows API, directory index, but not in MFT. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\bullet[2] 06/07/2008 16:41 3.09 KB Visible in Windows API, MFT, but not in directory index. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\dnserror[1] 06/07/2008 18:39 6.38 KB Visible in Windows API, directory index, but not in MFT. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\dnserror[2] 06/07/2008 16:41 6.38 KB Visible in Windows API, MFT, but not in directory index. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\down[1] 06/07/2008 16:41 3.33 KB Visible in Windows API, MFT, but not in directory index. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\down[2] 06/07/2008 16:43 3.33 KB Visible in directory index, but not Windows API or MFT. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\errorPageStrings[1] 06/07/2008 18:39 1.21 KB Visible in Windows API, directory index, but not in MFT. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\errorPageStrings[2] 06/07/2008 16:41 1.21 KB Visible in Windows API, MFT, but not in directory index. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\ErrorPageTemplate[1] 06/07/2008 16:41 2.12 KB Visible in Windows API, MFT, but not in directory index. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\ErrorPageTemplate[2] 06/07/2008 18:39 2.12 KB Visible in Windows API, directory index, but not in MFT. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\favcenter[1] 06/07/2008 16:43 3.29 KB Visible in directory index, but not Windows API or MFT. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\favcenter[2] 06/07/2008 18:39 3.29 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\httpErrorPagesScripts[1] 06/07/2008 16:41 7.25 KB Visible in Windows API, MFT, but not in directory index. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\httpErrorPagesScripts[2] 06/07/2008 18:39 7.25 KB Visible in Windows API, directory index, but not in MFT. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\info_48[1] 06/07/2008 18:39 6.83 KB Visible in Windows API, directory index, but not in MFT. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\info_48[2] 06/07/2008 16:41 6.83 KB Visible in Windows API, MFT, but not in directory index. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\tools[1] 06/07/2008 18:39 3.48 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\DC\Local Settings\Temporary Internet Files\Content.IE5\VVGEWLQO\tools[2] 06/07/2008 16:41 3.48 KB Visible in Windows API, MFT, but not in directory index. Hyjack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:40:20, on 06/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svrhost.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\imapi.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\SiteAdvisor\6261\SAService.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youngbuds.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: adzgalore - {0693351f-f547-ada0-36f8-1027812b1a14} - C:\WINDOWS\system32\nsn7A.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: mysidesearch search enhancer - {210e3632-6963-a46f-0a2b-d63d3212b50f} - C:\WINDOWS\system32\dqvspxqbyqcosttq.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: cpmsky browser optimizer - {9d9547d9-0df3-511c-f971-f0792baa4fc7} - C:\WINDOWS\system32\ojijqgwvmbjvdyy.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Microsoft Windows Sound] svrhost.exe O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [{bd4b69c5-5367-a3f2-bb91-20c375c2217c}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\ojijqgwvmbjvdyy.dll" DllStart O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svrhost.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.q-serve.com/signup.htm O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1213842603531 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215213343687 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDD071DC-DD07-4BEB-A682-7DECDFC840AA}: NameServer = 195.92.195.95 195.92.195.94 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\MadeSafe\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\MadeSafe\Bin\Zanda.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe -- End of file - 9796 bytes Thankyou so very much for your help. Debra Link to comment Share on other sites More sharing options...
de6racha11 Posted July 6, 2008 Author Share Posted July 6, 2008 I had forgotten about the Malwarebytes program and have just run it, I told you last time I was a bimbo - 26 infections were found and removed so I have now included a fresh updated Hyjack log. Last time I was logged in you recommended the Avast program I did not get around to installing it but it seems that McAfee goes for a sleep when Trojans etc., just walk onto my system. I would be most grateful if you could take a look at the logs for me when its convenient I know it's Sunday. Also do I really have anything to worry about regarding Rootkits I had never really heard about them until just recently we all here of spyware and malaware threats but perhaps a detailed discussion on these cloaking problems would be very helpful to your members in time. Once again many many thanks Debra Hyjack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:16:02, on 06/07/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\MadeSafe\Bin\Zanda.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\MadeSafe\bin\NJEEVES.EXE C:\WINDOWS\system32\imapi.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youngbuds.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: adzgalore - {0693351f-f547-ada0-36f8-1027812b1a14} - C:\WINDOWS\system32\nsn7A.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: mysidesearch search enhancer - {210e3632-6963-a46f-0a2b-d63d3212b50f} - C:\WINDOWS\system32\dqvspxqbyqcosttq.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: cpmsky browser optimizer - {9d9547d9-0df3-511c-f971-f0792baa4fc7} - C:\WINDOWS\system32\ojijqgwvmbjvdyy.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [{bd4b69c5-5367-a3f2-bb91-20c375c2217c}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\ojijqgwvmbjvdyy.dll" DllStart O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.q-serve.com/signup.htm O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1213842603531 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215213343687 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\MadeSafe\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\MadeSafe\Bin\Zanda.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe -- End of file - 9305 bytes Link to comment Share on other sites More sharing options...
Administrator Tarun Posted July 6, 2008 Administrator Share Posted July 6, 2008 Hi de6racha11, Please download LunarDownloader and then select for download the Professional package. After that, scan your computer with the tools you downloaded with LunarDownloader and installed. Our wiki for PC Maintenance is going to be revised very soon to reflect the changes of applications which are in LunarDownloader. :) Link to comment Share on other sites More sharing options...
Recommended Posts