System Security
Page 3 of 4 • 
1, 2, 3, 4 
System Security
by ocjimmy on Sun 28 Jun 2009, 9:33 pm
First topic message reminder :
I have been reading and trying help already posted. Nothing is working and my computer is continually freezing up and closing, I can not download anything, nor am I able to run any programs. A window appears prior to my Internet explorer closing which is "403 Forbidden". When I try to close it, it closes internet explorer as well. Very Frustrating! Also when I run my computer in safe mode I am unable to access the internet. HELP!!!!!!!! PLEASE!!!!!!!!!
I have been reading and trying help already posted. Nothing is working and my computer is continually freezing up and closing, I can not download anything, nor am I able to run any programs. A window appears prior to my Internet explorer closing which is "403 Forbidden". When I try to close it, it closes internet explorer as well. Very Frustrating! Also when I run my computer in safe mode I am unable to access the internet. HELP!!!!!!!! PLEASE!!!!!!!!!
ocjimmy
Newbie Surfer
- Posts: 31
Joined: 2009-06-28
Operating System: XP 
Re: System Security
by ocjimmy on Tue 30 Jun 2009, 4:57 pm
Hello.....Unfortunately I am still unable to open McAfee security center to disable the anti-virus, The is no "exit" when I right click on the icon in the tray, as instructed.
ocjimmy
Newbie Surfer- Posts: 31
Joined: 2009-06-28
Operating System: XP -
Re: System Security
by Belahzur on Tue 30 Jun 2009, 4:59 pm
Can you do the following in Safe Mode with Networking, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.
Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then try Combofix from there, even if it says Mcafee is active.
Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then try Combofix from there, even if it says Mcafee is active.
From now on, I will no longer answer any requests for help via PM, please post in the forum.
If I have helped, please consider a [You must be registered and logged in to see this link.] to help keep us alive.
"Faith through unity. Unity through faith."
Belahzur
Super Moderator | Tech Officer
- Posts: 30030
Joined: 2008-08-03
Operating System: XP SP3 Media Centre -
Re: System Security
by ocjimmy on Tue 30 Jun 2009, 5:12 pm
I'm in safe mode McAfee still won't open. When I click on it the McAfee title flashes on the screen and then disappears. The AV is still running and I can go no further with your instructions? I'm stuck!
ocjimmy
Newbie Surfer- Posts: 31
Joined: 2009-06-28
Operating System: XP -
Re: System Security
by Belahzur on Wed 01 Jul 2009, 7:19 am
Combofix should give you an option to carry on even though the AV is switched on?
If not, temporarily uninstall Mcafee.
If not, temporarily uninstall Mcafee.
From now on, I will no longer answer any requests for help via PM, please post in the forum.
If I have helped, please consider a [You must be registered and logged in to see this link.] to help keep us alive.
"Faith through unity. Unity through faith."
Belahzur
Super Moderator | Tech Officer- Posts: 30030
Joined: 2008-08-03
Operating System: XP SP3 Media Centre -
Re: System Security
by ocjimmy on Wed 01 Jul 2009, 7:56 am
Last night I was able to run Spyware Dr. Would you like me to send that log to you?
ocjimmy
Newbie Surfer- Posts: 31
Joined: 2009-06-28
Operating System: XP -
Re: System Security
by Belahzur on Wed 01 Jul 2009, 8:01 am
Nope, Spyware Doctor isn't all that powerful and I doubt it helped.
We need to get Combofix going, so uninstall Mcafee.
We need to get Combofix going, so uninstall Mcafee.
From now on, I will no longer answer any requests for help via PM, please post in the forum.
If I have helped, please consider a [You must be registered and logged in to see this link.] to help keep us alive.
"Faith through unity. Unity through faith."
Belahzur
Super Moderator | Tech Officer- Posts: 30030
Joined: 2008-08-03
Operating System: XP SP3 Media Centre -
Re: System Security
by ocjimmy on Wed 01 Jul 2009, 1:09 pm
ComboFix 09-06-30.03 - Owner 07/01/2009 11:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.617 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\14025934
c:\documents and settings\All Users\Application Data\14025934\14025934.exe
c:\documents and settings\All Users\Application Data\14025934\14025934.glu
c:\documents and settings\All Users\Application Data\14025934\pc14025934cnf
c:\documents and settings\All Users\Application Data\14025934\pc14025934ins
c:\documents and settings\All Users\Application Data\94035926
c:\documents and settings\All Users\Application Data\94035926\94035926.exe
c:\documents and settings\Owner\err.log
c:\documents and settings\Owner\ResErrors.log
C:\EXCEL.EXE
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\drivers\SKYNETwonipxmk.sys
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\mfc45.dll
c:\windows\system32\SKYNEThaodmltw.dll
c:\windows\system32\SKYNEThpjucorm.dat
c:\windows\system32\SKYNETmujnkeih.dat
c:\windows\system32\SKYNETowkmxdqp.dll
c:\windows\winhelp.ini
D:\Autorun.inf
D:\Desktop.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETvkbgoeyf
-------\Legacy_WASFSD
((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.
2009-06-27 23:42 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-27 23:42 . 2009-07-01 14:44 -------- d-----w- c:\program files\Spyware Doctor
2009-06-27 23:42 . 2009-06-27 23:42 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2009-06-27 23:42 . 2009-06-27 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-26 16:34 . 2009-06-26 16:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-06-26 16:34 . 2009-06-26 16:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\COMCASTTOOLBAR
2009-06-26 03:49 . 2009-06-26 03:49 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-25 16:51 . 1601-01-21 17:33 372777 ----a-w- c:\windows\system32\javactln.exe
2009-06-21 21:34 . 2009-06-21 21:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-21 17:12 . 2009-06-21 17:12 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-06-15 03:07 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-15 03:07 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-15 03:06 . 2009-06-15 03:06 -------- d-----w- c:\windows\ie8updates
2009-06-15 03:06 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-15 03:01 . 2009-06-21 16:58 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 15:00 . 2009-06-27 23:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-01 14:52 . 2008-07-15 13:37 -------- d-----w- c:\documents and settings\Owner\Application Data\ComcastToolbar
2009-07-01 14:20 . 2008-05-11 21:21 -------- d-----w- c:\program files\TomTom HOME 2
2009-07-01 14:17 . 2009-07-01 14:04 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-01 14:04 . 2009-06-27 23:42 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-30 19:01 . 2003-08-23 14:25 -------- d-----w- c:\program files\Quicken
2009-06-29 19:48 . 2009-06-29 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-29 19:48 . 2009-06-29 19:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 19:48 . 2009-06-29 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-29 19:09 . 2009-06-29 19:09 -------- d-----w- c:\program files\Trend Micro
2009-06-26 23:59 . 2008-07-13 23:08 518 ----a-w- c:\documents and settings\Owner\Application Data\iolo\Registry\Last\restore.bat
2009-06-26 03:52 . 2003-11-02 03:05 -------- d-----w- c:\program files\Google
2009-06-22 18:34 . 2008-07-13 23:08 1527 ----a-w- c:\documents and settings\Owner\Application Data\iolo\restore.bat
2009-06-17 15:27 . 2009-06-29 19:48 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-06-29 19:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-29 19:40 . 2008-07-13 22:15 940896 ----a-w- c:\windows\system32\Incinerator.dll
2009-05-26 14:50 . 2003-08-23 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-13 05:15 . 2004-08-24 00:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2003-08-08 16:23 345600 ------w- c:\windows\system32\localspl.dll
2009-05-05 17:42 . 2009-05-05 17:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-05 17:41 . 2008-05-24 01:25 38208 -c--a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-05 17:36 . 2009-05-05 17:36 -------- d-----w- c:\documents and settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-04-17 12:26 . 2003-08-08 15:35 1847168 ------w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-06-15 04:40 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-12 18:32 . 2003-11-06 03:15 45056 -c--a-w- c:\windows\NCUNINST.EXE
2009-04-08 04:36 . 2008-05-22 02:10 2815 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys
2007-01-02 19:27 . 2007-01-02 19:27 31002 -c--a-w- c:\program files\Quicken.QIF
2004-01-01 22:16 . 2004-01-01 22:16 0 -csha-w- c:\windows\SMINST\HPCD.sys
2003-11-12 23:56 . 2003-11-09 11:50 56 -csh--r- c:\windows\system32\BC2C6383F0.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-08-27 200704]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-12-01 69709]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-06-15 114688]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-15 29744]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-02 32768]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2004-6-14 53248]
c:\documents and settings\Administrator.JIM_MOORE\Start Menu\Programs\Startup\
AutoTBar.exe [2004-6-14 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
WkCalRem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk.disabled
backup=c:\windows\pss\ATI CATALYST System Tray.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk.disabled
backup=c:\windows\pss\Image Transfer.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk.disabled
backup=c:\windows\pss\Quicken Scheduled Updates.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk.disabled
backup=c:\windows\pss\Updates from HP.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk.disabled
backup=c:\windows\pss\Verizon Online Support Center.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk.disabled]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk.disabled
backup=c:\windows\pss\HP Organize.lnk.disabledStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk.disabled]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk.disabled
backup=c:\windows\pss\spamsubtract.lnk.disabledStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=3 (0x3)
"MDM"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Juno_uoltray"=c:\program files\Juno6\exec.exe regrun
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe"
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook
"spc_w"="c:\program files\JUSearch\juspc.exe" -w
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"eMailEncryption"=c:\progra~1\ACCELE~1\VELOZD~1\velozsys.exe runstart
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"WT GameChannel"=c:\program files\WildTangent\Apps\GameChannel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IMSI\\TCW90\\Program\\FindNews.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\javactln.exe"=
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.617 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\14025934
c:\documents and settings\All Users\Application Data\14025934\14025934.exe
c:\documents and settings\All Users\Application Data\14025934\14025934.glu
c:\documents and settings\All Users\Application Data\14025934\pc14025934cnf
c:\documents and settings\All Users\Application Data\14025934\pc14025934ins
c:\documents and settings\All Users\Application Data\94035926
c:\documents and settings\All Users\Application Data\94035926\94035926.exe
c:\documents and settings\Owner\err.log
c:\documents and settings\Owner\ResErrors.log
C:\EXCEL.EXE
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\drivers\SKYNETwonipxmk.sys
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\mfc45.dll
c:\windows\system32\SKYNEThaodmltw.dll
c:\windows\system32\SKYNEThpjucorm.dat
c:\windows\system32\SKYNETmujnkeih.dat
c:\windows\system32\SKYNETowkmxdqp.dll
c:\windows\winhelp.ini
D:\Autorun.inf
D:\Desktop.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETvkbgoeyf
-------\Legacy_WASFSD
((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.
2009-06-27 23:42 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-27 23:42 . 2009-07-01 14:44 -------- d-----w- c:\program files\Spyware Doctor
2009-06-27 23:42 . 2009-06-27 23:42 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2009-06-27 23:42 . 2009-06-27 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-26 16:34 . 2009-06-26 16:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-06-26 16:34 . 2009-06-26 16:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\COMCASTTOOLBAR
2009-06-26 03:49 . 2009-06-26 03:49 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-25 16:51 . 1601-01-21 17:33 372777 ----a-w- c:\windows\system32\javactln.exe
2009-06-21 21:34 . 2009-06-21 21:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-21 17:12 . 2009-06-21 17:12 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-06-15 03:07 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-15 03:07 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-15 03:06 . 2009-06-15 03:06 -------- d-----w- c:\windows\ie8updates
2009-06-15 03:06 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-15 03:01 . 2009-06-21 16:58 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 15:00 . 2009-06-27 23:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-01 14:52 . 2008-07-15 13:37 -------- d-----w- c:\documents and settings\Owner\Application Data\ComcastToolbar
2009-07-01 14:20 . 2008-05-11 21:21 -------- d-----w- c:\program files\TomTom HOME 2
2009-07-01 14:17 . 2009-07-01 14:04 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-01 14:04 . 2009-06-27 23:42 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-30 19:01 . 2003-08-23 14:25 -------- d-----w- c:\program files\Quicken
2009-06-29 19:48 . 2009-06-29 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-29 19:48 . 2009-06-29 19:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 19:48 . 2009-06-29 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-29 19:09 . 2009-06-29 19:09 -------- d-----w- c:\program files\Trend Micro
2009-06-26 23:59 . 2008-07-13 23:08 518 ----a-w- c:\documents and settings\Owner\Application Data\iolo\Registry\Last\restore.bat
2009-06-26 03:52 . 2003-11-02 03:05 -------- d-----w- c:\program files\Google
2009-06-22 18:34 . 2008-07-13 23:08 1527 ----a-w- c:\documents and settings\Owner\Application Data\iolo\restore.bat
2009-06-17 15:27 . 2009-06-29 19:48 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-06-29 19:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-29 19:40 . 2008-07-13 22:15 940896 ----a-w- c:\windows\system32\Incinerator.dll
2009-05-26 14:50 . 2003-08-23 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-13 05:15 . 2004-08-24 00:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2003-08-08 16:23 345600 ------w- c:\windows\system32\localspl.dll
2009-05-05 17:42 . 2009-05-05 17:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-05 17:41 . 2008-05-24 01:25 38208 -c--a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-05 17:36 . 2009-05-05 17:36 -------- d-----w- c:\documents and settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-04-17 12:26 . 2003-08-08 15:35 1847168 ------w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-06-15 04:40 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-12 18:32 . 2003-11-06 03:15 45056 -c--a-w- c:\windows\NCUNINST.EXE
2009-04-08 04:36 . 2008-05-22 02:10 2815 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys
2007-01-02 19:27 . 2007-01-02 19:27 31002 -c--a-w- c:\program files\Quicken.QIF
2004-01-01 22:16 . 2004-01-01 22:16 0 -csha-w- c:\windows\SMINST\HPCD.sys
2003-11-12 23:56 . 2003-11-09 11:50 56 -csh--r- c:\windows\system32\BC2C6383F0.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-08-27 200704]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-12-01 69709]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-06-15 114688]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-15 29744]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-02 32768]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2004-6-14 53248]
c:\documents and settings\Administrator.JIM_MOORE\Start Menu\Programs\Startup\
AutoTBar.exe [2004-6-14 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
WkCalRem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk.disabled
backup=c:\windows\pss\ATI CATALYST System Tray.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk.disabled
backup=c:\windows\pss\Image Transfer.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk.disabled
backup=c:\windows\pss\Quicken Scheduled Updates.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk.disabled
backup=c:\windows\pss\Updates from HP.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk.disabled
backup=c:\windows\pss\Verizon Online Support Center.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk.disabled]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk.disabled
backup=c:\windows\pss\HP Organize.lnk.disabledStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk.disabled]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk.disabled
backup=c:\windows\pss\spamsubtract.lnk.disabledStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=3 (0x3)
"MDM"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Juno_uoltray"=c:\program files\Juno6\exec.exe regrun
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe"
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook
"spc_w"="c:\program files\JUSearch\juspc.exe" -w
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"eMailEncryption"=c:\progra~1\ACCELE~1\VELOZD~1\velozsys.exe runstart
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"WT GameChannel"=c:\program files\WildTangent\Apps\GameChannel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IMSI\\TCW90\\Program\\FindNews.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\javactln.exe"=
ocjimmy
Newbie Surfer- Posts: 31
Joined: 2009-06-28
Operating System: XP -
Re: System Security
by ocjimmy on Wed 01 Jul 2009, 1:10 pm
Part 2
R0 fwcore;fwcore;c:\windows\system32\drivers\fwcore.sys [9/12/2005 12:22 AM 91904]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/1/2009 10:04 AM 130936]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/13/2008 6:15 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/13/2008 6:15 PM 600944]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2/28/2008 5:57 PM 18944]
S2 0306401240918628mcinstcleanup;McAfee Application Installer Cleanup (0306401240918628);c:\windows\TEMP\030640~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\030640~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/21/2008 9:40 PM 29744]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [12/30/2005 11:24 AM 32384]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/27/2009 7:42 PM 348752]
S4 FWService;FWService;c:\program files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe -Service --> c:\program files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe -Service [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-25 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-08-08 00:12]
2009-06-30 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2008-02-28 21:57]
2008-12-09 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-09 18:32]
2009-04-11 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-09 18:32]
2009-06-30 c:\windows\Tasks\User_Feed_Synchronization-{0E469181-9466-49B6-82F6-49D9985A6DC3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
HKLM-Run-ccRegVfy - c:\program files\Common Files\Symantec Shared\ccRegVfy.exe
HKLM-Run-RegistryMechanic - (no file)
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Display All Images with Full Quality - c:\program files\Juno6\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\Juno6\qsacc\appres.dll/227
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kkoaglk.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJPI150_14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-01 11:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,73,d6,1d,b4,a5,ac,48,93,28,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,73,d6,1d,b4,a5,ac,48,93,28,7c,\
[HKEY_USERS\S-1-5-21-3758288341-3322377931-353374403-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2456)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
c:\program files\Softex\OmniPass\omniServ.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
.
**************************************************************************
.
Completion time: 2009-07-01 11:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-01 15:52
Pre-Run: 78,785,114,112 bytes free
Post-Run: 78,769,594,368 bytes free
329
This is everything I got from the scan. Hope it is what you wanted!
R0 fwcore;fwcore;c:\windows\system32\drivers\fwcore.sys [9/12/2005 12:22 AM 91904]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/1/2009 10:04 AM 130936]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/13/2008 6:15 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/13/2008 6:15 PM 600944]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2/28/2008 5:57 PM 18944]
S2 0306401240918628mcinstcleanup;McAfee Application Installer Cleanup (0306401240918628);c:\windows\TEMP\030640~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\030640~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/21/2008 9:40 PM 29744]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [12/30/2005 11:24 AM 32384]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/27/2009 7:42 PM 348752]
S4 FWService;FWService;c:\program files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe -Service --> c:\program files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe -Service [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-25 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-08-08 00:12]
2009-06-30 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2008-02-28 21:57]
2008-12-09 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-09 18:32]
2009-04-11 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-09 18:32]
2009-06-30 c:\windows\Tasks\User_Feed_Synchronization-{0E469181-9466-49B6-82F6-49D9985A6DC3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
HKLM-Run-ccRegVfy - c:\program files\Common Files\Symantec Shared\ccRegVfy.exe
HKLM-Run-RegistryMechanic - (no file)
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Display All Images with Full Quality - c:\program files\Juno6\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\Juno6\qsacc\appres.dll/227
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kkoaglk.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJPI150_14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-01 11:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,73,d6,1d,b4,a5,ac,48,93,28,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,73,d6,1d,b4,a5,ac,48,93,28,7c,\
[HKEY_USERS\S-1-5-21-3758288341-3322377931-353374403-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2456)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
c:\program files\Softex\OmniPass\omniServ.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
.
**************************************************************************
.
Completion time: 2009-07-01 11:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-01 15:52
Pre-Run: 78,785,114,112 bytes free
Post-Run: 78,769,594,368 bytes free
329
This is everything I got from the scan. Hope it is what you wanted!
ocjimmy
Newbie Surfer- Posts: 31
Joined: 2009-06-28
Operating System: XP -
Re: System Security
by Origin on Wed 01 Jul 2009, 1:31 pm
Submit a file for analysis.
Also please run another quick scan in Malwarebytes for me and post the log back here.
- Please visit this website: [You must be registered and logged in to see this link.]
- Press the "Browse" button and locate the following file in bold:
C:\WINDOWS\system32\BC2C6383F0.sys - Press the "Submit File button to submit the file for analysis.
- Allow it to be scanned, it could take a few minutes depending on server load.
- Copy and paste the result back here.
Also please run another quick scan in Malwarebytes for me and post the log back here.
While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
Origin
Tech Staff- Posts: 2685
Joined: 2009-05-06
Operating System: Windows Xp Sp3 -
Re: System Security
by ocjimmy on Thu 02 Jul 2009, 10:15 am
I have been unable to locate the line you asked me to submit to Jotti's for analysis. Not sure what I'm doing wrong?
Also received a notice from COMBOFIX that an updated version was available so I ran a second scan. Here is that LOG also.
Log part 1
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-08-27 200704]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-12-01 69709]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-06-15 114688]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-15 29744]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-02 32768]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2004-6-14 53248]
c:\documents and settings\Administrator.JIM_MOORE\Start Menu\Programs\Startup\
AutoTBar.exe [2004-6-14 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
WkCalRem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk.disabled
backup=c:\windows\pss\ATI CATALYST System Tray.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk.disabled
backup=c:\windows\pss\Image Transfer.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk.disabled
backup=c:\windows\pss\Quicken Scheduled Updates.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk.disabled
backup=c:\windows\pss\Updates from HP.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk.disabled
backup=c:\windows\pss\Verizon Online Support Center.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk.disabled]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk.disabled
backup=c:\windows\pss\HP Organize.lnk.disabledStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk.disabled]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk.disabled
backup=c:\windows\pss\spamsubtract.lnk.disabledStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=3 (0x3)
"MDM"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Juno_uoltray"=c:\program files\Juno6\exec.exe regrun
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe"
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook
"spc_w"="c:\program files\JUSearch\juspc.exe" -w
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"eMailEncryption"=c:\progra~1\ACCELE~1\VELOZD~1\velozsys.exe runstart
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"WT GameChannel"=c:\program files\WildTangent\Apps\GameChannel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IMSI\\TCW90\\Program\\FindNews.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\javactln.exe"=
R0 fwcore;fwcore;c:\windows\system32\drivers\fwcore.sys [9/12/2005 12:22 AM 91904]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/13/2008 6:15 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/13/2008 6:15 PM 600944]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2/28/2008 5:57 PM 18944]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/21/2008 9:40 PM 29744]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [12/30/2005 11:24 AM 32384]
S4 FWService;FWService;c:\program files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe -Service --> c:\program files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe -Service [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-25 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-08-08 00:12]
2009-07-01 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2008-02-28 21:57]
2009-07-02 c:\windows\Tasks\User_Feed_Synchronization-{0E469181-9466-49B6-82F6-49D9985A6DC3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
Also received a notice from COMBOFIX that an updated version was available so I ran a second scan. Here is that LOG also.
Log part 1
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-08-27 200704]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-12-01 69709]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 68856]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-06-15 114688]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-15 29744]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-02 32768]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2004-6-14 53248]
c:\documents and settings\Administrator.JIM_MOORE\Start Menu\Programs\Startup\
AutoTBar.exe [2004-6-14 53248]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
WkCalRem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk.disabled
backup=c:\windows\pss\ATI CATALYST System Tray.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk.disabled
backup=c:\windows\pss\Image Transfer.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk.disabled
backup=c:\windows\pss\Quicken Scheduled Updates.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk.disabled
backup=c:\windows\pss\Updates from HP.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk.disabled
backup=c:\windows\pss\Verizon Online Support Center.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk.disabled]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk.disabled
backup=c:\windows\pss\HP Organize.lnk.disabledStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk.disabled]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk.disabled
backup=c:\windows\pss\spamsubtract.lnk.disabledStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=3 (0x3)
"MDM"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Juno_uoltray"=c:\program files\Juno6\exec.exe regrun
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe"
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"NVIEW"=rundll32.exe nview.dll,nViewLoadHook
"spc_w"="c:\program files\JUSearch\juspc.exe" -w
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"eMailEncryption"=c:\progra~1\ACCELE~1\VELOZD~1\velozsys.exe runstart
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"WT GameChannel"=c:\program files\WildTangent\Apps\GameChannel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IMSI\\TCW90\\Program\\FindNews.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\system32\\javactln.exe"=
R0 fwcore;fwcore;c:\windows\system32\drivers\fwcore.sys [9/12/2005 12:22 AM 91904]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/13/2008 6:15 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/13/2008 6:15 PM 600944]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2/28/2008 5:57 PM 18944]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/21/2008 9:40 PM 29744]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [12/30/2005 11:24 AM 32384]
S4 FWService;FWService;c:\program files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe -Service --> c:\program files\Acceleration Software\StopSignProducts\Firewall\fwservice.exe -Service [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-25 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-08-08 00:12]
2009-07-01 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2008-02-28 21:57]
2009-07-02 c:\windows\Tasks\User_Feed_Synchronization-{0E469181-9466-49B6-82F6-49D9985A6DC3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
ocjimmy
Newbie Surfer- Posts: 31
Joined: 2009-06-28
Operating System: XP -
Re: System Security
by ocjimmy on Thu 02 Jul 2009, 10:16 am
Log Part 2
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Display All Images with Full Quality - c:\program files\Juno6\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\Juno6\qsacc\appres.dll/227
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kkoaglk.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJPI150_14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-02 12:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,73,d6,1d,b4,a5,ac,48,93,28,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,73,d6,1d,b4,a5,ac,48,93,28,7c,\
[HKEY_USERS\S-1-5-21-3758288341-3322377931-353374403-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-07-02 13:00
ComboFix-quarantined-files.txt 2009-07-02 16:59
ComboFix2.txt 2009-07-01 15:52
Pre-Run: 78,877,691,904 bytes free
Post-Run: 78,867,017,728 bytes free
520
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Display All Images with Full Quality - c:\program files\Juno6\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\Juno6\qsacc\appres.dll/227
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kkoaglk.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPJPI150_14.dll
FF - plugin: c:\program files\Java\jre1.5.0_14\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-02 12:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,73,d6,1d,b4,a5,ac,48,93,28,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,73,d6,1d,b4,a5,ac,48,93,28,7c,\
[HKEY_USERS\S-1-5-21-3758288341-3322377931-353374403-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-07-02 13:00
ComboFix-quarantined-files.txt 2009-07-02 16:59
ComboFix2.txt 2009-07-01 15:52
Pre-Run: 78,877,691,904 bytes free
Post-Run: 78,867,017,728 bytes free
520
ocjimmy
Newbie Surfer- Posts: 31
Joined: 2009-06-28
Operating System: XP -
Re: System Security
by Belahzur on Thu 02 Jul 2009, 10:16 am
Hello.
Please download the [You must be registered and logged in to see this link.].
Please post the OTMoveIt log.
Please download the [You must be registered and logged in to see this link.].
- Save it to your desktop.
- Please double-click OTM.exe to run it.
- Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:files
c:\documents and settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe
c:\documents and settings\Administrator.JIM_MOORE\Start Menu\Programs\Startup\AutoTBar.exe - Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt
Please post the OTMoveIt log.
From now on, I will no longer answer any requests for help via PM, please post in the forum.
If I have helped, please consider a [You must be registered and logged in to see this link.] to help keep us alive.
"Faith through unity. Unity through faith."
Belahzur
Super Moderator | Tech Officer- Posts: 30030
Joined: 2008-08-03
Operating System: XP SP3 Media Centre -
Re: System Security
by ocjimmy on Thu 02 Jul 2009, 11:55 am
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
OTM by OldTimer - Version 3.0.0.2 log created on 07022009_145330
Error: Unable to interpret
OTM by OldTimer - Version 3.0.0.2 log created on 07022009_145330
ocjimmy
Newbie Surfer- Posts: 31
Joined: 2009-06-28
Operating System: XP -
Re: System Security
by Origin on Thu 02 Jul 2009, 12:04 pm
Hello did you copy everything in the script including the :?
While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
Origin
Tech Staff- Posts: 2685
Joined: 2009-05-06
Operating System: Windows Xp Sp3 -
Re: System Security
by ocjimmy on Thu 02 Jul 2009, 12:17 pm
========== FILES ==========
c:\documents and settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe moved successfully.
c:\documents and settings\Administrator.JIM_MOORE\Start Menu\Programs\Startup\AutoTBar.exe moved successfully.
OTM by OldTimer - Version 3.0.0.2 log created on 07022009_151701
c:\documents and settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe moved successfully.
c:\documents and settings\Administrator.JIM_MOORE\Start Menu\Programs\Startup\AutoTBar.exe moved successfully.
OTM by OldTimer - Version 3.0.0.2 log created on 07022009_151701
ocjimmy
Newbie Surfer- Posts: 31
Joined: 2009-06-28
Operating System: XP -
Page 3 of 4 • 1, 2, 3, 4
Permissions of this forum:
You cannot reply to topics in this forum