Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old June 28th, 2007, 08:59 AM
EmanResu EmanResu is offline
Member
 
Join Date: Apr 2004
Posts: 51
Hijack log - Windows Explorer has stopped working; Windows Explorer is restarting...

Logfile of HijackThis v1.99.1
Scan saved at 3:22:06 AM, on 6/28/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskeng.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\aol\1179273726\ee\aolsoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Windows\System32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\USERS\ALBERTO\HijackThis.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Windows\MSAgent\agentsvr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1179273726\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [USDR6cw] C:\Program Files\Common Files\SystemDoctor\USDR6cw.exe -c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...eBHInstall.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


Greetings,

I should have posted this introduction first, but I want to be sure to squeeze my HijackThis log in with the amount of characters I am able to type in a message. My call for help was to be directed towards getting rid of Security Toolbar 7.1. While I was browsing for help, I came across a thread, started by a user named 'AmyLynn,' located at:

http://www.cybertechhelp.com/forums/...d.php?p=858339

I am unaware as to if AVG Anti-Spyware took care of some of that problem, because I no longer see the toolbar in my Internet Explorer windows. However, while I was trying to solve that, it seems that someone went ahead and downloaded some program(s) from the bogus reports that Security Toolbar 7.1 was displaying. I believe that one of those programs are called System Doctor. I note System Doctor, because that program may still be visible in my log -- although I do not believe that it the reason behind this repetitive message.

I believe that the problem behind it is a Video ActiveX Access, which has iesmin.exe, iesmn.exe, imsmain.exe, and imsmn.exe in the folder. It seems as if someone downloaded an .AVI player from an unreliable source. Also, please let me know if anything is wrong with how my Hijack log is presented, because I got a message stating:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run, and type:

Notepad “C:\Windows\System32\drivers\etc\hosts

And press Enter. Find the line(s) HijackThis reports and delete them. Save the file as “hosts.” (with quotes) and reboot.

I tried to include my AVG Anti-Virus 7.5 report, but I am told that my message is too long (by 2,748 characters). I do not want my message to run two posts long, because it tends to confuse people into thinking that I am in the process of receiving help. Therefore, I will be willing to paste it at the request of the individual that assists me.

Thank you for any and all help! Best regards.

Last edited by EmanResu; June 28th, 2007 at 09:01 AM.
Reply With Quote
  #2  
Old June 28th, 2007, 09:49 PM
Acrobaze Acrobaze is offline
Malware Removal Team
 
Join Date: Nov 2003
O/S: Windows 10 Home
Location: France
Posts: 11,994
Hi,

Run this tool first :

Download SmitfraudFix.

Double-click SmitfraudFix.exe

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually the C drive), and launch from there.
NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!
Reply With Quote
  #3  
Old June 28th, 2007, 11:53 PM
EmanResu EmanResu is offline
Member
 
Join Date: Apr 2004
Posts: 51
Hello Acrobaze,

I installed SmitfraudFix and double-clicked on SmitfraudFix.exe, but all I get is a red box that reads:

SmitFraudFix v2.197

Version non supportée.
Windows 2000 / XP requis !

Unsupported Version.
Windows 2000 / XP required !

Press any key to continue . . .

Once I press a button the program exits. I am currently running Windows Vista; I browsed a bit but was unable to come across a SmitfraudFix that is compatable with Windows current operating system. Is Windows 2000 and XP the only systems the program runs on?

Last edited by EmanResu; June 28th, 2007 at 11:56 PM.
Reply With Quote
  #4  
Old July 1st, 2007, 01:43 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Acrobaze is not available right now EmanResu so I thought to follow up with you here.

Unfortunately people with Vista are getting infected quicker than some of our tools can keep up with, so let's change approaches for now.


Go here and download the free version of SUPERAntiSpyware and install it.

After installation accept any prompts to allow SUPERAntiSpyware to install the latest infection definition files. Next follow the prompts to complete the installation. For now, uncheck the option to have SUPERAntiSpyware "Automatically check for program and definition updates". Providing an email address and allowing the software to send diagnostic reports to it's research center are up to you. Do NOT allow SUPERAntiSpyware to Protect your Home Page settings.

Once the installation is complete open SUPERAntiSpyware and press the Preferences button. Under the General and Startup tab, uncheck the following (leaving all other settings as is).

Start-up Options:
*Start SUPERAntiSpyware when Windows starts

Automatic Updates:
*Check for program updates when the application starts.

Start-up Scanning:
*Check for updates before scanning on startup.

Then select Close. Don't scan just yet though.


===============================================

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


Now click the Scan your Computer button. Making sure that Fixed Drive (NTFS) is checked (typically the C Drive), check "Perform Complete Scan", then click Next. SUPERAntiSpyware will now complete a system scan.


SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and click next. If prompted allow the reboot (or manually reboot at this time), and after the reboot open SUPERAntiSpyware again (double click the bug-shaped Taskbar icon).

Click Preferences, then under the Statistics/Logs tab, click to select the most recent Scan Log, then click View Log. Save the log to your desktop, and copy/paste the text from the log back here.

-----------------------------------------

Then
Go Here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here, along with the SUPERAntiSpyware log and a new HijackThis scan please. You can use separate posts here if needed.
Reply With Quote
  #5  
Old July 1st, 2007, 07:51 AM
EmanResu EmanResu is offline
Member
 
Join Date: Apr 2004
Posts: 51
SUPERAntiSpyware log.

Greetings Tom,

I was just about to post in What to do if your topic has not been answered (Cyber Safet Forum only), but I was thinking about holding it off until Sunday. Anways, you are here and I appreciate your help.

I downloaded SUPERAntiSpyware and did everything that you told me to. I then downloaded Silent Runners to my desktop and double-clicked it. A messaged popped up about whether or not I would like to skip a certain procedure. I was not certain what to click on, but the message ended up disappearing and it stated that "a message like this will appear when the scan is done." Finally, I created a new HijackThis log. I did not run Ad-Aware SE again, because I believe that SUPERAntiSpyware handled all of the tracking cookies and whatnot. I will post my three logs throughout three different posts. Once again, thank you for your help!

Here is my SUPERAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/30/2007 at 11:14 PM
Application Version : 3.9.1008
Core Rules Database Version : 3263
Trace Rules Database Version: 1274
Scan type : Complete Scan
Total Scan Time : 00:55:46
Memory items scanned : 153
Memory threats detected : 0
Registry items scanned : 7875
Registry threats detected : 33
File items scanned : 88016
File threats detected : 158
Trojan.Media-Codec/V3
[rare] C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMAIN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IMSMAIN.EXE
[user32.dll] C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMN.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESMN.EXE
HKLM\Software\Classes\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}
HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}
HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}#xxx
HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}\InprocServer32
HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL
HKLM\Software\Classes\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}\Implemented Categories
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}\InprocServer32
HKCR\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESBPL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
HKU\S-1-5-21-2599847011-1127654689-168267179-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\IExplorer Security Plug-in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\IExplorer Security Plug-in#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\IExplorer Security Plug-in#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Explorer Secure Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Explorer Secure Bar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Explorer Secure Bar#UninstallString
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Video ActiveX Access
C:\Windows\Prefetch\IESMIN.EXE-2B03A50D.pf
C:\Windows\Prefetch\IESMN.EXE-03A125F8.pf
C:\Windows\Prefetch\IMSMAIN.EXE-50F7479A.pf
C:\Windows\Prefetch\IMSMN.EXE-B8C7B960.pf
Trojan.Smitfraud Variant
HKLM\Software\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}
HKCR\CLSID\{44E670F2-D57B-4815-A576-955D17DBBF2D}
HKCR\CLSID\{44E670F2-D57B-4815-A576-955D17DBBF2D}\InProcServer32
HKCR\CLSID\{44E670F2-D57B-4815-A576-955D17DBBF2D}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DOOEP.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler#{44e670f2-d57b-4815-a576-955d17dbbf2d}
Adware.Tracking Cookie
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@vhost.oddcast[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@xxxcounter[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@www3.addfreestats[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@mediaplex[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@ads.web.aol[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@revsci[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@counter8.sextracker[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@sextracker[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@media.fastclick[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@realmedia[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@adbrite[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@advertising[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@www.drantispy[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@ads.adbrite[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@www.viruslocker[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@fastclick[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@www.direct-porn[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@2o7[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@casalemedia[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@media.adrevolver[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@sexlist[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@adrevolver[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@cs.sexcounter[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@amaena[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@atwola[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@3.adbrite[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@www.spylocked[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@ar.atwola[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@jimbo746.tripod[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@ads.pointroll[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@atdmt[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@wwe-dogg.tripod[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@qnsr[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@image.masterstats[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@zedo[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@adlegend[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@ad.yieldmanager[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@doubleclick[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\alberto@bluestreak[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@2o7[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@a.websponsors[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@achmedia[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ad.adnetinteractive[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ad.doubleclick[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ad.firstadsolution[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ad.flingweb[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ad.thewheelof[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ad.xplusone[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ad.yieldmanager[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ad2.adnetinteractive[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@adinterax[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@admse012.adbureau[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@adopt.euroclick[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@adopt.specificclick[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ads.123india[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ads.adbrite[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ads.as4x.tmcs[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ads.bigupradio[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ads.expedia[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ads.mediamayhemcorp[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ads.pointroll[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ads.realtechnetwork[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ads.revsci[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ads.xtra.co[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ads5.offermatica[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@adserving.cpxinteractive[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@advertising[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@ar.atwola[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@atdmt[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@atwola[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@azjmp[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@azoogleads[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@bluestreak[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@bs.serving-sys[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@burstnet[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@casalemedia[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@date.ventivmedia[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@doubleclick[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@drivecleaner[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@drivecleaner[3].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@eas.apm.emediate[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@edge.ru4[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@eliteflyers[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@fastclick[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@freshpornmovieshere[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@go.drivecleaner[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@go.drivecleaner[3].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@go.winantivirus[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@go.winantivirus[3].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@gostats[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@h.starware[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@i.screensavers[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@icc.intellisrv[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@imrworldwide[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@interclick[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@linkto.mediafire[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@media.hotels[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@media.wii.ign[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@mediafire[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@mediaplex[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@mygraffixxx[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@nextag[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@optimize.indieclick[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@partner2profit[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@precisionclick[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@qnsr[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@questionmarket[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@realmedia[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@revsci[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@richmedia.yahoo[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@screensavers[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@serving-sys[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@sitestat.mayoclinic[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@spamblockerutility[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@specificclick[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@stats.drivecleaner[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@stats.privacyprotector[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@stats1.reliablestats[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@track.searchignite[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@tracking.foxnews[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@trafficmp[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@tribalfusion[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@try.screensavers[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@try.starware[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@try.starware[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@vhost.oddcast[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@winantivirus[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@www.drivecleaner[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@www.googleadservices[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@www.googleadservices[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@www.googleadservices[3].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@www.ticketsnow[2].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@www7.addfreestats[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@xiti[1].txt
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Cookies\Low\alberto@zedo[1].txt
Trojan.Security Toolbar
C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.url
C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url
C:\Users\Public\Desktop\Security Troubleshooting.url
C:\Users\Public\Desktop\Online Security Guide.url
Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\explorer\run#user32.dll [ C:\Program Files\Video ActiveX Access\iesmn.exe ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\explorer\run#rare [ C:\Program Files\Video ActiveX Access\imsmain.exe ]
Malware.SpyLocked
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Windows Safety Alert
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Windows Safety Alert#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Windows Safety Alert#UninstallString
C:\USERS\ALBERTO\APPDATA\LOCAL\TEMP\BRF2E7.EXE
C:\Windows\Prefetch\BRF2E7.EXE-B48FD433.pf
Trojan.Unknown Origin
C:\USERS\ALBERTO\APPDATA\LOCAL\TEMP\LAFE789.TMP
C:\Windows\Prefetch\LAFE789.TMP-EE40A73E.pf
Browser Hijacker.Favorites
C:\USERS\ALBERTO\FAVORITES\ONLINE SECURITY TEST.URL
C:\USERS\ALL USERS\MICROSOFT\WINDOWS\START MENU\ONLINE SECURITY GUIDE.URL
C:\USERS\ALL USERS\MICROSOFT\WINDOWS\START MENU\SECURITY TROUBLESHOOTING.URL
Reply With Quote
  #6  
Old July 1st, 2007, 07:54 AM
EmanResu EmanResu is offline
Member
 
Join Date: Apr 2004
Posts: 51
Silent Runners log (pt 1).

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows Vista RC1
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]
"WindowsWelcomeCenter" = "rundll32.exe oobefldr.dll,ShowWelcomeCenter" [MS]
"DellSupport" = ""C:\Program Files\DellSupport\DSAgnt.exe" /startup" ["Gteko Ltd."]
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]
"Yahoo! Pager" = ""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet" ["Yahoo! Inc."]
"AOL Fast Start" = ""C:\Program Files\AOL 9.0b\AOL.EXE" -b" ["AOL, LLC."]
"SystemDoctor Free" = "(empty string)" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"]
"SigmatelSysTrayApp" = "sttray.exe" ["SigmaTel, Inc."]
"IAAnotif" = ""C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"" ["Intel Corporation"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["Macrovision Corporation"]
"(Default)" = "(empty string)" [file not found]
"CCUTRAYICON" = "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" ["Intel(R) Corporation"]
"NMSSupport" = ""C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup" ["Intel Corporation"]
"MskAgentexe" = "C:\Program Files\McAfee\MSK\MskAgent.exe" ["McAfee Inc."]
"Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" ["Google"]
"ECenter" = "c:\dell\E-Center\EULALauncher.exe" [null data]
"HostManager" = "C:\Program Files\Common Files\AOL\1179273726\ee\AOLSoftware.exe" ["America Online, Inc."]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"TrojanScanner" = "C:\Program Files\Trojan Remover\Trjscan.exe" ["Simply Super Software"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]
"USDR6cw" = "C:\Program Files\Common Files\SystemDoctor\USDR6cw.exe -c" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "c:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"
-> {HKLM...CLSID} = "scriptproxy"
\InProcServer32\(Default) = "c:\program files\mcafee\virusscan\scriptcl.dll" ["McAfee, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}\(Default) = "Browser Address Error Redirector"
-> {HKLM...CLSID} = "CBrowserHelperObject Object"
\InProcServer32\(Default) = "C:\Program Files\BAE\BAE.dll" ["Dell Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{E7DE9B1A-7533-4556-9484-B26FB486475E}" = (no title provided)
-> {HKLM...CLSID} = "Network Map"
\InProcServer32\(Default) = "C:\Windows\system32\shdocvw.dll" [MS]
"{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486}" = "IGD Property Sheet Handler"
-> {HKLM...CLSID} = "IGD Property Page"
\InProcServer32\(Default) = "C:\Windows\System32\icsigd.dll" [MS]
"{8856f961-340a-11d0-a96b-00c04fd705a2}" = "Microsoft Web Browser"
-> {HKLM...CLSID} = "Microsoft Web Browser"
\InProcServer32\(Default) = "C:\Windows\system32\ieframe.dll" [MS]
"{3050f3d9-98b5-11cf-bb82-00aa00bdce0b}" = "MSHTML Document"
-> {HKLM...CLSID} = "MHTML Document"
\InProcServer32\(Default) = "C:\Windows\system32\mshtml.dll" [MS]
"{25336920-03f9-11cf-8fd0-00aa00686f13}" = "HTML Document"
-> {HKLM...CLSID} = "HTML Document"
\InProcServer32\(Default) = "C:\Windows\system32\mshtml.dll" [MS]
"{00020d75-0000-0000-c000-000000000046}" = "lnkfile"
-> {HKLM...CLSID} = "Microsoft Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\MLSHEXT.DLL" [MS]
"{74246bfc-4c96-11d0-abef-0020af6b0b7a}" = "Device Manager"
-> {HKLM...CLSID} = "Device Manager"
\InProcServer32\(Default) = "C:\Windows\System32\devmgr.dll" [MS]
"{44f3dab6-4392-4186-bb7b-6282ccb7a9f6}" = "MyDocuments menu and properties"
-> {HKLM...CLSID} = "MyDocuments menu and properties"
\InProcServer32\(Default) = "C:\Windows\system32\mydocs.dll" [MS]
"{D34A6CA6-62C2-4C34-8A7C-14709C1AD938}" = "Common Places Folder"
-> {HKLM...CLSID} = "Common Places FS Folder"
\InProcServer32\(Default) = "C:\Windows\System32\shdocvw.dll" [MS]
"{865e5e76-ad83-4dca-a109-50dc2113ce9a}" = "Programs Folder and Fast Items"
-> {HKLM...CLSID} = "Programs Folder and Fast Items"
\InProcServer32\(Default) = "C:\Windows\system32\shell32.dll" [MS]
"{21ec2020-3aea-1069-a2dd-08002b30309d}" = "Control Panel"
-> {HKLM...CLSID} = "Control Panel"
\InProcServer32\(Default) = "shell32.dll" [MS]
"{25585dc7-4da0-438d-ad04-e42c8d2d64b9}" = "Client application shell extension"
-> {HKLM...CLSID} = "Client application shell extension"
\InProcServer32\(Default) = "C:\Windows\system32\shell32.dll" [MS]
"{4d5c8c2a-d075-11d0-b416-00c04fb90376}" = "Microsoft CommBand"
-> {HKLM...CLSID} = "Microsoft CommBand"
\InProcServer32\(Default) = "C:\Windows\system32\browseui.dll" [MS]
"{92337A8C-E11D-11D0-BE48-00C04FC30DF6}" = "OlePrn.PrinterURL"
-> {HKLM...CLSID} = "prturl Class"
\InProcServer32\(Default) = "C:\Windows\system32\oleprn.dll" [MS]
"{16C2C29D-0E5F-45f3-A445-03E03F587B7D}" = "group_wab_auto_file"
-> {HKLM...CLSID} = ".group shell context menu"
\InProcServer32\(Default) = "C:\Program Files\Common Files\System\wab32.dll" [MS]
"{CF67796C-F57F-45F8-92FB-AD698826C602}" = "contact_wab_auto_file"
-> {HKLM...CLSID} = ".contact shell context menu"
\InProcServer32\(Default) = "C:\Program Files\Common Files\System\wab32.dll" [MS]
"{90b9bce2-b6db-4fd3-8451-35917ea1081b}" = "Search Execute Command"
-> {HKLM...CLSID} = "CLSID_SearchExecute"
\InProcServer32\(Default) = "ExplorerFrame.dll" [MS]
"{1a184871-359e-4f67-aad9-5b9905d62232}" = "Microsoft Windows Font File Context Menu Handler"
-> {HKLM...CLSID} = "Microsoft Windows Font Context Menu Handler"
\InProcServer32\(Default) = "fontext.dll" [MS]
"{8a7cae0e-5951-49cb-bf20-ab3fa1e44b01}" = "Microsoft Windows Font Previewer"
-> {HKLM...CLSID} = "Microsoft Windows Font Preview Handler"
\InProcServer32\(Default) = "fontext.dll" [MS]
"{BC65FB43-1958-4349-971A-210290480130}" = "Network Explorer Property Sheet Handler"
-> {HKLM...CLSID} = "Ncd Property Page"
\InProcServer32\(Default) = "C:\Windows\System32\NcdProp.dll" [MS]
"{0a4286ea-e355-44fb-8086-af3df7645bd9}" = "Windows Media Player"
-> {HKLM...CLSID} = "&Windows Media Player"
\InProcServer32\(Default) = "C:\PROGRA~1\WI4EB4~1\wmpband.dll" [MS]
"{BB6B2374-3D79-41DB-87F4-896C91846510}" = "EMDFileProperties"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "emdmgmt.dll" [MS]
"{7A0F6AB7-ED84-46B6-B47E-02AA159A152B}" = "Sync Center Simple Conflict Presenter"
-> {HKLM...CLSID} = "Simple Conflict Presenter"
\InProcServer32\(Default) = "C:\Windows\System32\SyncCenter.dll" [MS]
"{BE122A0E-4503-11DA-8BDE-F66BAD1E3F3A}" = (no title provided)
-> {HKLM...CLSID} = "Windows Anytime Upgrade"
\InProcServer32\(Default) = "C:\Windows\System32\shdocvw.dll" [MS]
"{00f20eb5-8fd6-4d9d-b75e-36801766c8f1}" = "PhotoAcqDropTarget"
-> {HKLM...CLSID} = "PhotoAcqDropTarget"
\InProcServer32\(Default) = "C:\Program Files\Windows Photo Gallery\PhotoAcq.dll" [MS]
"{91ADC906-6722-4B05-A12B-471ADDCCE132}" = "Touch Band"
-> {HKLM...CLSID} = "Touch Pointer"
\InProcServer32\(Default) = "C:\Windows\System32\TouchX.dll" [MS]
"{7D4734E6-047E-41e2-AEAA-E763B4739DC4}" = "Windows Media Player Play as Playlist Context Menu Handler"
-> {HKLM...CLSID} = "WMP Play Folder As Playlist Launcher"
\InProcServer32\(Default) = "C:\Windows\system32\wmpshell.dll" [MS]
"{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A}" = "GameUX.RichGameMediaThumbnail"
-> {HKLM...CLSID} = "RichGameMediaThumbnail Class"
\InProcServer32\(Default) = "C:\Windows\System32\gameux.dll" [MS]
"{15D633E2-AD00-465b-9EC7-F56B7CDF8E27}" = "Tablet PC Input Panel"
-> {HKLM...CLSID} = "Tablet PC Input Panel"
\InProcServer32\(Default) = "C:\Program Files\Common Files\microsoft shared\ink\TipBand.dll" [MS]
"{6b9228da-9c15-419e-856c-19e768a13bdc}" = "Windows gadget DropTarget"
-> {HKLM...CLSID} = "Windows gadget DropTarget"
\InProcServer32\(Default) = "C:\Program Files\Windows Sidebar\sbdrop.dll" [MS]
"{8A734961-C4AA-4741-AC1E-791ACEBF5B39}" = "Windows Media Player Shop Music Context Menu Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Windows\system32\wmpshell.dll" [MS]
"{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"
-> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll" ["Roxio"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "Yahoo! Mail Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI.dll" [file not found]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SASSEH.DLL" ["SuperAdBlocker.com"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" ["Google"]
HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"
-> {HKLM...CLSID} = "McVSRightclickScanner Class"
\InProcServer32\(Default) = "c:\program files\mcafee\virusscan\mcodsax.dll" ["McAfee, Inc."]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "Yahoo! Mail Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YMMAPI.dll" [file not found]
HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"
-> {HKLM...CLSID} = "McVSRightclickScanner Class"
\InProcServer32\(Default) = "c:\program files\mcafee\virusscan\mcodsax.dll" ["McAfee, Inc."]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\
"ConsentPromptBehaviorAdmin" = (REG_DWORD) hex:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
"ConsentPromptBehaviorUser" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
"EnableInstallerDetection" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
"EnableLUA" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
"EnableSecureUIAPaths" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
"EnableVirtualization" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
"PromptOnSecureDesktop" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Conrol: Switch to the secure desktop when prompting for elevation}
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"FilterAdministratorToken" = (REG_DWORD) hex:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\web\wallpaper\Dellwall1.jpg"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "c:\windows\web\wallpaper\Dellwall1.jpg"
Reply With Quote
  #7  
Old July 1st, 2007, 07:56 AM
EmanResu EmanResu is offline
Member
 
Join Date: Apr 2004
Posts: 51
Silent Runners log (pt 2).

Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS]

Startup items in "Alberto" & "All Users" startup folders:
---------------------------------------------------------
C:\Users\Alberto\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup
"LimeWire On Startup" -> shortcut to: "C:\Program Files\LimeWire\LimeWire.exe -startup" ["Lime Wire, LLC"]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["Avanquest Software "]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000007\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 18

Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.6.0"
\InProcServer32\(Default) = "c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" ["Sun Microsystems, Inc."]

HOSTS file
----------
C:\Windows\System32\drivers\etc\HOSTS
maps: 2 domain names to IP addresses,
1 of the IP addresses is *not* localhost!

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# #, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["AOL LLC"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
Computer Browser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
DQLWinService, DQLWinService, ""C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe"" [null data]
HP CUE DeviceDiscovery Service, hpqddsvc, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}
hpqcxs08, hpqcxs08, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}
Intel(R) Alert Service, AlertService, ""C:\Program Files\Intel\IntelDH\CCU\AlertService.exe"" ["Intel(R) Corporation"]
Intel(R) Matrix Storage Event Monitor, IAANTMON, "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe" ["Intel Corporation"]
IP Helper, iphlpsvc, "C:\Windows\System32\svchost.exe -k NetSvcs" {(missing data)}
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
McAfee HackerWatch Service, McAfee HackerWatch Service, ""C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"" ["McAfee, Inc."]
McAfee Network Agent, McNASvc, ""c:\program files\common files\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."]
McAfee Personal Firewall Service, MpfService, ""C:\Program Files\McAfee\MPF\MPFSrv.exe"" ["McAfee, Inc."]
McAfee Privacy Service, MPS9, "C:\PROGRA~1\McAfee\MPS\mps.exe" ["McAfee, Inc."]
McAfee Protection Manager, mcpromgr, "C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" ["McAfee, Inc."]
McAfee Proxy Service, McProxy, "c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.e xe" ["McAfee, Inc."]
McAfee Real-time Scanner, McShield, "C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" ["McAfee, Inc."]
McAfee Redirector Service, McRedirector, "c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe " ["McAfee, Inc."]
McAfee Scanner, McODS, "C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe" ["McAfee, Inc."]
McAfee Services, mcmscsvc, "C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" ["McAfee, Inc."]
McAfee SpamKiller Service, MSK80Service, ""C:\Program Files\McAfee\MSK\MskSrver.exe"" ["McAfee Inc."]
McAfee SystemGuards, McSysmon, "C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" ["McAfee, Inc."]
Net Driver HPZ12, Net Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZinw12.dll" ["Hewlett-Packard"]}
Network Store Interface Service, nsi, "C:\Windows\system32\svchost.exe -k LocalService" {(missing data)}
Pml Driver HPZ12, Pml Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZipm12.dll" ["Hewlett-Packard"]}
Roxio Hard Drive Watcher 9, RoxWatch9, ""C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"" ["Sonic Solutions"]
RoxMediaDB9, RoxMediaDB9, ""C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"" ["Sonic Solutions"]
SigmaTel Audio Service, STacSV, "C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe" ["SigmaTel, Inc."]
TCP/IP NetBIOS Helper, lmhosts, "C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted" {(missing data)}
UPnP Device Host, upnphost, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\System32\upnphost.dll" [MS]}
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Event Log, Eventlog, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {(missing data)}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Windows Media Player Network Sharing Service, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]
XAudioService, XAudioService, "C:\Windows\system32\DRIVERS\xaudio.exe" ["Conexant Systems, Inc."]

Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monito rs\
PCL hpz3llhn\Driver = "hpz3llhn.dll" ["Hewlett-Packard Company"]

----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 74 seconds, including 18 seconds for message boxes)
Reply With Quote
  #8  
Old July 1st, 2007, 07:58 AM
EmanResu EmanResu is offline
Member
 
Join Date: Apr 2004
Posts: 51
HijackThis log.

I take back my comment on three seperate posts. My Silent Runners log ran about 2,700+ characters. I tried to squeeze my HijackThis log in with the second part of the Silent Runners post, but that was in the area of 2,100 characters. Here is my recent HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 2:33:09 AM, on 7/1/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\aol\1179273726\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\AOL 9.0b\waol.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Alberto\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1179273726\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [USDR6cw] C:\Program Files\Common Files\SystemDoctor\USDR6cw.exe -c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0b\AOL.EXE" -b
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...eBHInstall.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Reply With Quote
  #9  
Old July 1st, 2007, 09:33 AM
Acrobaze Acrobaze is offline
Malware Removal Team
 
Join Date: Nov 2003
O/S: Windows 10 Home
Location: France
Posts: 11,994
Ok. To end, delete this folder in bold :

C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS

And let me know how is running the computer.
Reply With Quote
  #10  
Old July 4th, 2007, 05:57 AM
EmanResu EmanResu is offline
Member
 
Join Date: Apr 2004
Posts: 51
Hello again, Acrobaze.

I did as you advised me and everything seems to be running like new again. Cybertechhelp comes to the rescue again! Before I got Windows Vista, a friend told me that one of the disadvantages is that it is not backwards compatible with some features from previous software and software in general. It seems as though malicious software is an exception...especially when teenage sisters use the one household computer, then their friends use it, then their friends use it, etc.

Before I bring this topic to a close, I was curious as to if the entries in my HijackThis log, that read (file missing), are harmless? I would guess so since I have not seen any symptoms that my computer is acting differently. However, do I leave them as is?

Thank you both for your help. If you live in the U.S., I wish you a safe and happy 4th of July.
Reply With Quote
  #11  
Old July 4th, 2007, 08:54 PM
Acrobaze Acrobaze is offline
Malware Removal Team
 
Join Date: Nov 2003
O/S: Windows 10 Home
Location: France
Posts: 11,994
In fact, we can't trust in this "file missing". It is effective only for the O2 lines : the BHO. But for example for the O23 lines, the services, HijackThis can report a "file missing" only if it is not able to find the file.
So, if it is a legit entry, it is better to let it as it is.

You can run a scan with HijackThis and tick :

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Click "Fix checked" and close HijackThis.

Happy surfing, EmanResu !
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Windows Explorer Has Stopped Working kuzzz Windows Vista 7 June 17th, 2012 01:58 AM
Windows Explorer has stopped working mjb71 Windows Vista 1 February 12th, 2009 03:35 AM
Windows Explorer has stopped working... Michaelc Windows Vista 16 December 12th, 2007 10:53 PM
Windows Explorer has stopped working bcmarz Windows Vista 3 November 19th, 2007 08:08 PM
WIndows Explorer has stopped working Ishq Windows Vista 3 August 11th, 2007 07:39 AM


All times are GMT +1. The time now is 08:17 PM.