PLEASE HELP ASAP!!!!!!!
My PC Hell Forum
December 03, 2008, 05:39:55 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Moving to New Location Soon! Watch out for notification. 14th Dec 2007.
 
   Home   Help Search Calendar Login Register  
Pages: 1 [2] 3 4
« previous next »
  Print  
Author Topic: PLEASE HELP ASAP!!!!!!!  (Read 3475 times)
Essexboy
Administrator
*****
Posts: 899



View Profile WWW
« Reply #15 on: January 17, 2008, 06:07:18 PM »
Sorry for the delay in getting back to you

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Quote
File::
C:\Documents and Settings\Owner\.exe

Folder::
C:\Program Files\Enigma Software Group



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below.  This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
Logged
VISTA
XPsp2
Avast (of course)



http://spaces.msn.com/members/essexboymkn/

 If ignorance is bliss  why aren't more people happy?
mandy123
Contributor
**
Posts: 39


View Profile
« Reply #16 on: January 17, 2008, 08:23:38 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:08 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1152234957\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberDefender\AntiSpyware\cdas82.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\aol\1152234957\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1152234957\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\sssTbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [WebArmyKnife] C:\Documents and Settings\Owner\Desktop\WAK.exe q
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152234957\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas82.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ringo Launcher.lnk = C:\Program Files\Ringo\Hub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm492YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cervo.net
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.vectorvest.com/vvonline/ca/install/setup.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CW_CWDL_DownLoad.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

--
End of file - 11737 bytes
Logged
mandy123
Contributor
**
Posts: 39


View Profile
« Reply #17 on: January 17, 2008, 08:31:51 PM »
I DIDN"T DELETE any files but i accidently clicked continue or clicked it off. There may be some components of norton on there still, but i did save to chest after i read the last part.
Logged
mandy123
Contributor
**
Posts: 39


View Profile
« Reply #18 on: January 17, 2008, 08:43:57 PM »
ComboFix 08-01-17.5 - Owner 2008-01-17 20:35:59.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.457 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2007-12-18 to 2008-01-18  )))))))))))))))))))))))))))))))
.

2008-01-17 13:36 . 2008-01-17 13:36   <DIR>   d--------   C:\WINDOWS\LastGood
2008-01-17 10:03 . 2007-12-04 07:54   95,608   --a------   C:\WINDOWS\system32\AvastSS.scr
2008-01-17 10:03 . 2007-12-04 09:55   94,544   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-17 10:03 . 2007-12-04 09:56   93,264   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-17 10:03 . 2007-12-04 09:51   42,912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-17 10:03 . 2007-12-04 09:49   26,624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-17 10:03 . 2007-12-04 09:53   23,152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-17 10:02 . 2008-01-17 10:02   <DIR>   d--------   C:\Program Files\Alwil Software
2008-01-17 10:02 . 2007-12-04 08:04   837,496   --a------   C:\WINDOWS\system32\aswBoot.exe
2008-01-17 10:02 . 2004-01-09 04:13   380,928   --a------   C:\WINDOWS\system32\actskin4.ocx
2008-01-17 04:33 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2008-01-17 03:52 . 2008-01-17 04:24   0   --a------   C:\Documents and Settings\Owner\.exe
2008-01-15 22:36 . 2008-01-15 22:36   <DIR>   d--------   C:\Program Files\Trend Micro
2008-01-15 06:37 . 2008-01-15 08:58   <DIR>   d--------   C:\Program Files\Enigma Software Group
2008-01-15 01:48 . 2008-01-15 01:48   <DIR>   d--------   C:\Program Files\MSXML 4.0
2008-01-14 13:42 . 2008-01-14 13:46   <DIR>   d--------   C:\Program Files\AOL 9.0
2008-01-14 11:16 . 2008-01-14 11:16   <DIR>   d--------   C:\Program Files\Files-Secure
2008-01-14 10:38 . 2008-01-14 10:38   <DIR>   d--------   C:\Program Files\CyberDefender Online Backup
2008-01-14 10:38 . 2008-01-14 10:38   <DIR>   d--------   C:\Binaries
2008-01-14 03:21 . 2008-01-14 04:13   <DIR>   d--------   C:\Program Files\Advanced Registry Optimizer
2008-01-14 03:21 . 2008-01-14 03:21   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Sammsoft
2008-01-13 03:38 . 2008-01-13 03:38   47   --a------   C:\tmp.bat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 14:43   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-01-17 09:24   0   ----a-w   C:\Documents and Settings\Owner\.exe
2008-01-14 18:45   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\AOL
2008-01-14 18:44   ---------   d-----w   C:\Program Files\Common Files\aolshare
2008-01-14 18:44   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-01-14 18:42   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-01-14 18:41   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-09 02:07   ---------   d-----w   C:\Program Files\World of Warcraft
2007-12-26 18:27   ---------   d-----w   C:\Program Files\America Online 9.0
2007-12-12 08:41   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2007-12-12 07:02   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\MSN6
2007-12-10 19:28   60,968   ----a-w   C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
2007-12-10 06:23   ---------   d-----w   C:\Program Files\Common Files\Motive
2007-12-10 06:21   53,913   ----a-w   C:\Program Files\INSTALL.LOG
2007-12-10 06:21   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Motive
2007-12-10 06:20   ---------   d-----w   C:\Program Files\blstoolbar
2007-12-10 06:20   ---------   d-----w   C:\Program Files\BellSouth Application Management
2007-12-10 06:20   ---------   d-----w   C:\Program Files\BellSouth
2007-12-09 09:09   ---------   d--h--r   C:\Documents and Settings\Owner\Application Data\yahoo!
2007-12-07 06:56   ---------   d-----w   C:\Program Files\Common Files\Blizzard Entertainment
2007-12-06 08:35   67,424   ----a-w   C:\WINDOWS\system32\drivers\CDAVFS.sys
2007-12-05 11:09   ---------   d-----w   C:\Program Files\MSN Messenger
2007-12-05 08:37   ---------   d-----w   C:\Program Files\Java
2007-12-05 08:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-05 08:27   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2007-12-04 14:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Citrix
2007-12-04 14:36   ---------   d-----w   C:\Program Files\Citrix
2007-12-02 18:36   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-07 09:26   721,920   ----a-w   C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43   1,287,680   ----a-w   C:\WINDOWS\system32\quartz.dll
2007-10-27 22:39   230,912   ----a-w   C:\WINDOWS\system32\wmasf.dll
2007-10-22 07:39   267,272   ----a-w   C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 07:37   17,928   ----a-w   C:\WINDOWS\system32\X3DAudio1_2.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\cdas82.exe" [2008-01-14 11:00 542024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-04-18 01:49 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebArmyKnife"="C:\Documents and Settings\Owner\Desktop\WAK.exe" [2005-01-19 22:04 883724]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01 155648]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-12-27 22:23 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-16 23:05 98304]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-06 10:05 118784]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 10:05 53248]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"HostManager"="C:\Program Files\Common Files\AOL\1152234957\ee\AOLSoftware.exe" [2007-04-12 16:23 42032]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04 114741]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-12-15 18:01 40960]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [ ]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50 71216]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Ringo Launcher.lnk - C:\Program Files\Ringo\Hub.exe [2007-03-15 15:42:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-12-04 09:35 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-09-01 11:40]
R3 CDAVFS;CDAVFS;C:\WINDOWS\system32\DRIVERS\CDAVFS.sys [2007-12-06 03:35]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 12:53]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 12:53]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 01:33:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 20:38:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 20:39:47
ComboFix-quarantined-files.txt  2008-01-18 01:39:20
ComboFix2.txt  2008-01-18 01:02:24
ComboFix3.txt  2008-01-17 09:38:03
ComboFix4.txt  2008-01-16 03:26:25
.
2008-01-15 06:48:46   --- E O F --- 

ok here is the last of it...
Logged
mandy123
Contributor
**
Posts: 39


View Profile
« Reply #19 on: January 17, 2008, 08:46:30 PM »
next i will show you from your last post that i got too late sorry
Logged
mandy123
Contributor
**
Posts: 39


View Profile
« Reply #20 on: January 17, 2008, 09:06:11 PM »
ComboFix 08-01-17.5 - Owner 2008-01-17 20:59:28.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.428 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\Owner\.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\.exe
C:\Program Files\Enigma Software Group
C:\Program Files\Enigma Software Group\SpyHunter\AXList.txt
C:\Program Files\Enigma Software Group\SpyHunter\pgdata.dat
C:\Program Files\Enigma Software Group\SpyHunter\rgdata.dat
C:\Program Files\Enigma Software Group\SpyHunter\spyhunter.log
C:\Program Files\Enigma Software Group\SpyHunter\support.log

.
(((((((((((((((((((((((((   Files Created from 2007-12-18 to 2008-01-18  )))))))))))))))))))))))))))))))
.

2008-01-17 13:36 . 2008-01-17 13:36   <DIR>   d--------   C:\WINDOWS\LastGood
2008-01-17 10:03 . 2007-12-04 07:54   95,608   --a------   C:\WINDOWS\system32\AvastSS.scr
2008-01-17 10:03 . 2007-12-04 09:55   94,544   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-17 10:03 . 2007-12-04 09:56   93,264   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-17 10:03 . 2007-12-04 09:51   42,912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-17 10:03 . 2007-12-04 09:49   26,624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-17 10:03 . 2007-12-04 09:53   23,152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-17 10:02 . 2008-01-17 10:02   <DIR>   d--------   C:\Program Files\Alwil Software
2008-01-17 10:02 . 2007-12-04 08:04   837,496   --a------   C:\WINDOWS\system32\aswBoot.exe
2008-01-17 10:02 . 2004-01-09 04:13   380,928   --a------   C:\WINDOWS\system32\actskin4.ocx
2008-01-17 04:33 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2008-01-15 22:36 . 2008-01-15 22:36   <DIR>   d--------   C:\Program Files\Trend Micro
2008-01-15 01:48 . 2008-01-15 01:48   <DIR>   d--------   C:\Program Files\MSXML 4.0
2008-01-14 13:42 . 2008-01-14 13:46   <DIR>   d--------   C:\Program Files\AOL 9.0
2008-01-14 11:16 . 2008-01-14 11:16   <DIR>   d--------   C:\Program Files\Files-Secure
2008-01-14 10:38 . 2008-01-14 10:38   <DIR>   d--------   C:\Program Files\CyberDefender Online Backup
2008-01-14 10:38 . 2008-01-14 10:38   <DIR>   d--------   C:\Binaries
2008-01-14 03:21 . 2008-01-14 04:13   <DIR>   d--------   C:\Program Files\Advanced Registry Optimizer
2008-01-14 03:21 . 2008-01-14 03:21   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Sammsoft
2008-01-13 03:38 . 2008-01-13 03:38   47   --a------   C:\tmp.bat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 14:43   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-01-14 18:45   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\AOL
2008-01-14 18:44   ---------   d-----w   C:\Program Files\Common Files\aolshare
2008-01-14 18:44   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-01-14 18:42   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-01-14 18:41   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-09 02:07   ---------   d-----w   C:\Program Files\World of Warcraft
2007-12-26 18:27   ---------   d-----w   C:\Program Files\America Online 9.0
2007-12-12 08:41   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2007-12-12 07:02   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\MSN6
2007-12-10 19:28   60,968   ----a-w   C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
2007-12-10 06:23   ---------   d-----w   C:\Program Files\Common Files\Motive
2007-12-10 06:21   53,913   ----a-w   C:\Program Files\INSTALL.LOG
2007-12-10 06:21   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Motive
2007-12-10 06:20   ---------   d-----w   C:\Program Files\blstoolbar
2007-12-10 06:20   ---------   d-----w   C:\Program Files\BellSouth Application Management
2007-12-10 06:20   ---------   d-----w   C:\Program Files\BellSouth
2007-12-09 09:09   ---------   d--h--r   C:\Documents and Settings\Owner\Application Data\yahoo!
2007-12-07 06:56   ---------   d-----w   C:\Program Files\Common Files\Blizzard Entertainment
2007-12-06 08:35   67,424   ----a-w   C:\WINDOWS\system32\drivers\CDAVFS.sys
2007-12-05 11:09   ---------   d-----w   C:\Program Files\MSN Messenger
2007-12-05 08:37   ---------   d-----w   C:\Program Files\Java
2007-12-05 08:34   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-05 08:27   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2007-12-04 14:37   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Citrix
2007-12-04 14:36   ---------   d-----w   C:\Program Files\Citrix
2007-12-02 18:36   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-07 09:26   721,920   ----a-w   C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43   1,287,680   ----a-w   C:\WINDOWS\system32\quartz.dll
2007-10-27 22:39   230,912   ----a-w   C:\WINDOWS\system32\wmasf.dll
2007-10-22 07:39   267,272   ----a-w   C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 07:37   17,928   ----a-w   C:\WINDOWS\system32\X3DAudio1_2.dll
.

(((((((((((((((((((((((((((((   snapshot_2008-01-17_20.01.29.32   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 09:34:35   229,376   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 01:58:59   229,376   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-17 09:34:35   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 01:58:59   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 09:34:35   229,376   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 01:58:59   229,376   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-17 09:34:35   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 01:58:59   8,192   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 09:34:35   4,157,440   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-18 01:58:59   4,157,440   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-17 09:34:35   335,872   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 01:58:59   335,872   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\cdas82.exe" [2008-01-14 11:00 542024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.exe" [2007-04-18 01:49 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebArmyKnife"="C:\Documents and Settings\Owner\Desktop\WAK.exe" [2005-01-19 22:04 883724]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01 155648]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-12-27 22:23 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-16 23:05 98304]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-06 10:05 118784]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 10:05 53248]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"HostManager"="C:\Program Files\Common Files\AOL\1152234957\ee\AOLSoftware.exe" [2007-04-12 16:23 42032]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04 114741]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-12-15 18:01 40960]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [ ]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59 224248]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50 71216]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Ringo Launcher.lnk - C:\Program Files\Ringo\Hub.exe [2007-03-15 15:42:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2007-12-04 09:35 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-09-01 11:40]
R3 CDAVFS;CDAVFS;C:\WINDOWS\system32\DRIVERS\CDAVFS.sys [2007-12-06 03:35]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 12:53]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 12:53]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 01:33:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 21:02:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 21:03:21
ComboFix-quarantined-files.txt  2008-01-18 02:02:58
ComboFix2.txt  2008-01-18 01:39:48
ComboFix3.txt  2008-01-18 01:02:24
ComboFix4.txt  2008-01-17 09:38:03
ComboFix5.txt  2008-01-16 03:26:25
.
2008-01-15 06:48:46   --- E O F --- 
Logged
mandy123
Contributor
**
Posts: 39


View Profile
« Reply #21 on: January 17, 2008, 09:08:50 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:49 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1152234957\ee\AOLSoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberDefender\AntiSpyware\cdas82.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\aol\1152234957\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1152234957\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\Owner\Local Settings\Application Data\CyberDefender\sssTbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [WebArmyKnife] C:\Documents and Settings\Owner\Desktop\WAK.exe q
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152234957\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas82.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ringo Launcher.lnk = C:\Program Files\Ringo\Hub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm492YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cervo.net
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.vectorvest.com/vvonline/ca/install/setup.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CW_CWDL_DownLoad.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

--
End of file - 11770 bytes
Logged
Essexboy
Administrator
*****
Posts: 899



View Profile WWW
« Reply #22 on: January 18, 2008, 02:09:29 PM »
Looking better now Mandy..  What I would like to do now is a deep search to remove the remnants of Norton and any other garbage on your system.  On completion I will give you a free antispyware and Firewall, then I will give your system a wash and brush up to get it going a little faster    The report generated will be large so you may need to break it down into 2 or 3 parts

Download WinPFind3u.exe  to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
      Reg - BotCheck

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and attach the log. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
Logged
VISTA
XPsp2
Avast (of course)



http://spaces.msn.com/members/essexboymkn/

 If ignorance is bliss  why aren't more people happy?
mandy123
Contributor
**
Posts: 39


View Profile
« Reply #23 on: January 19, 2008, 11:10:35 AM »
WinPFind3 logfile created on: 1/19/2008 10:52:19 AM
WinPFind3U by OldTimer - Version 1.0.44   Folder = C:\Documents and Settings\Owner\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
 
766.00 Mb Total Physical Memory | 531.17 Mb Available Physical Memory | 69.34% Memory free
1.08 Gb Paging File | 0.70 Gb Available in Paging File | 64.96% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 45.07 Gb Free Space | 60.50% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: TIMTRADER2002
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
anotify.exe -> %CommonProgramFiles%\AOL\1152234957\ee\anotify.exe -> AOL, LLC [Ver = 1.4.16.3 | Size = 45056 bytes | Modified Date = 1/31/2007 4:32:14 PM | Attr =    ]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2               | Size = 46640 bytes | Modified Date = 10/23/2006 7:50:36 AM | Attr = R  ]
aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 2:17:28 AM | Attr =    ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1152234957\ee\AOLSoftware.exe -> AOL LLC [Ver = 15.4.1.2 | Size = 42032 bytes | Modified Date = 4/12/2007 4:23:32 PM | Attr =    ]
aolsoftware.exe -> %CommonProgramFiles%\AOL\1152234957\ee\aolsoftware.exe -> AOL LLC [Ver = 15.4.1.2 | Size = 42032 bytes | Modified Date = 4/12/2007 4:23:32 PM | Attr =    ]
aolsp scheduler.exe -> %CommonProgramFiles%\AOL\1152234957\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe ->  [Ver =  | Size = 1536 bytes | Modified Date = 10/23/2006 2:04:42 PM | Attr =    ]
aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 3:54:12 PM | Attr =    ]
aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 3:54:14 PM | Attr =    ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:24 AM | Attr =    ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:54 AM | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =    ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:02 AM | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:34 AM | Attr =    ]
bcmsmmsg.exe -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 3:59:24 AM | Attr =    ]
cdas82.exe -> %ProgramFiles%\CyberDefender\AntiSpyware\cdas82.exe -> CyberDefender Corp. [Ver = 3.12.20.07 | Size = 542024 bytes | Modified Date = 1/14/2008 11:00:26 AM | Attr =    ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 10/19/2005 8:59:12 AM | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr =    ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 2/25/2003 12:52:00 AM | Attr =    ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 2/25/2003 12:50:00 AM | Attr =    ]
mccicmservice.exe -> %CommonProgramFiles%\Motive\McciCMService.exe -> Motive Communications, Inc. [Ver = 6,1,0,218 | Size = 303104 bytes | Modified Date = 9/1/2007 11:40:16 AM | Attr =    ]
mmtask.exe -> %ProgramFiles%\MusicMatch\MusicMatch Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 10/6/2003 10:05:40 AM | Attr =    ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 6/16/2005 11:05:16 PM | Attr =    ]
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 12/27/2004 10:23:14 PM | Attr =    ]
searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 9:59:38 AM | Attr =    ]
shellmon.exe -> %ProgramFiles%\AOL 9.0\shellmon.exe -> AOL, LLC. [Ver = 9.05.001 | Size = 54832 bytes | Modified Date = 4/18/2007 1:49:06 AM | Attr =    ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 1:04:00 AM | Attr =    ]
vm_sti.exe -> %SystemRoot%\Vm_sti.exe -> Vimicro [Ver = 4, 2, 1225, 6 | Size = 40960 bytes | Modified Date = 12/15/2004 6:01:44 PM | Attr =    ]
waol.exe -> %ProgramFiles%\AOL 9.0\waol.exe -> AOL, LLC. [Ver = 9.05.001 | Size = 39472 bytes | Modified Date = 4/18/2007 1:49:08 AM | Attr =    ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
Logged
mandy123
Contributor
**
Posts: 39


View Profile
« Reply #24 on: January 19, 2008, 11:25:13 AM »
[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2               | Size = 46640 bytes | Modified Date = 10/23/2006 7:50:36 AM | Attr = R  ]
(AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 3:54:14 PM | Attr =    ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:34 AM | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:54 AM | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:02 AM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr =    ]
(GoToAssist) GoToAssist [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Citrix\GoToAssist\480\g2aservice.exe -> Citrix Online, a division of Citrix Systems, Inc. [Ver = 8.0 Build 480 | Size = 16936 bytes | Modified Date = 12/10/2007 2:28:52 PM | Attr =    ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 2/25/2003 12:52:00 AM | Attr =    ]
(McciCMService) McciCMService [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Motive\McciCMService.exe -> Motive Communications, Inc. [Ver = 6,1,0,218 | Size = 303104 bytes | Modified Date = 9/1/2007 11:40:16 AM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AOL Spyware Protection -> %SystemDrive%\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe -> File not found
AOLAspSunset2 -> %AllUsersAppData%\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe -> File not found
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe -> AOL LLC [Ver = 4.6.1.2               | Size = 71216 bytes | Modified Date = 10/23/2006 7:50:38 AM | Attr = R  ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:24 AM | Attr =    ]
BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 3:59:24 AM | Attr =    ]
BigDogPath -> %SystemRoot%\Vm_sti.exe -> Vimicro [Ver = 4, 2, 1225, 6 | Size = 40960 bytes | Modified Date = 12/15/2004 6:01:44 PM | Attr =    ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 1:04:00 AM | Attr =    ]
HostManager -> %CommonProgramFiles%\AOL\1152234957\ee\AOLSoftware.exe -> AOL LLC [Ver = 15.4.1.2 | Size = 42032 bytes | Modified Date = 4/12/2007 4:23:32 PM | Attr =    ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 10/19/2005 8:59:12 AM | Attr =    ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 10/19/2005 8:59:14 AM | Attr =    ]
mmtask -> %ProgramFiles%\MusicMatch\MusicMatch Jukebox\mmtask.exe -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 10/6/2003 10:05:40 AM | Attr =    ]
MMTray -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> MUSICMATCH, Inc. [Ver = 8.10.1006 | Size = 118784 bytes | Modified Date = 10/6/2003 10:05:40 AM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 6/16/2005 11:05:16 PM | Attr =    ]
RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 12/27/2004 10:23:14 PM | Attr =    ]
StorageGuard -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.11a | Size = 155648 bytes | Modified Date = 2/13/2003 1:01:00 AM | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr =    ]
WebArmyKnife -> %UserDesktop%\WAK.exe ->  [Ver =  | Size = 883724 bytes | Modified Date = 1/19/2005 10:04:48 PM | Attr =    ]
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 9:59:38 AM | Attr =    ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AOL Fast Start -> %ProgramFiles%\AOL 9.0\aol.exe -> AOL, LLC. [Ver = 9.05.001 | Size = 50736 bytes | Modified Date = 4/18/2007 1:49:02 AM | Attr =    ]
CyberDefender Early Detection Center -> %ProgramFiles%\CyberDefender\AntiSpyware\cdas82.exe -> CyberDefender Corp. [Ver = 3.12.20.07 | Size = 542024 bytes | Modified Date = 1/14/2008 11:00:26 AM | Attr =    ]
Sonic RecordNow! ->  -> File not found
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 4:43:18 PM | Attr =    ]
YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 9:59:38 AM | Attr =    ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr =    ]
%AllUsersStartup%\Ringo Launcher.lnk -> %ProgramFiles%\Ringo\Hub.exe ->  [Ver =  | Size = 753664 bytes | Modified Date = 3/15/2007 3:42:44 PM | Attr =    ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
GoToAssist -> %ProgramFiles%\Citrix\GoToAssist\480\G2AWinLogon.dll -> Citrix Online, a division of Citrix Systems, Inc. [Ver = 8.0 Build 480 | Size = 10792 bytes | Modified Date = 12/4/2007 9:36:00 AM | Attr =    ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 10/19/2005 8:59:14 AM | Attr =    ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ ->  ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ ->  ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1       localhost ->  ->
< Internet Explorer Settings > ->  ->
HKLM: Default_Page_URL -> http://www.yahoo.com/ ->
HKLM: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html ->
HKLM: Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com ->
HKLM: Start Page -> http://www.yahoo.com/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKLM: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.att.net/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn6\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 10, 1