We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
HELP - Something's hijacked the pc (ultimate cleaner 2007?)
Options
Comments
-
It's never easy! lol
Doing the above now - thanks so much for your help
I upgraded to IE7 and then went back as I couldn't get used to it. Should I just suck it up and change to IE7?Love MSE, Las Vegas and chocolate!0 -
1st part done and here's the log. I've checked so all hidden files shown etc as advised, run search of C & D drives as I have 2 hard drives, I'm sure you can see from the logs. The file isn't found (ran search via start and search)....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:57, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiny.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - !!90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Norton] C:\Program Files\ASUS\WLAN Card Utilities\NorExec.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: FHM - !!76028735-BBF1-4044-8DE2-5B90F0C7A77C} -
\Program Files\FHM\GameClient.exe (file missing)
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} -\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} -\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiny.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 9466 bytesLove MSE, Las Vegas and chocolate!0 -
That's looking much better. Considering ComboFix removed quite a bit on it's second sweep, please indulge my curiosity by running it a third time. I'll add that disabled rogue startup entry to the fix first though so please follow the next set of instructions:
Open notepad (Start > Run and type notepad) and copy/paste the text in the code box below to it:Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zojypku]
Save this as "CFScript"
Refering to the picture above, drag CFScript into ComboFix.exe
Run ComboFix again and post the resultant log file please.
You may also like to get a second opinion at this stage from another anti-virus program. One of my favourites for times like this is DrWeb which is an on-demand scanner that doesn't need to be installed. Just download and run from the desktop.
Download Dr.Web CureIt to your desktop:- Double-click the drweb-cureit.exe file and allow it to run the express scan.
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, select the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow > to the right and the scan will begin.
- At the first infection, select 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, click the "Select all/select none" toggle button (if available) next to the files found:
- Then click the green cup icon right below and select Move incurable as you'll see in next image:
This will move any infected files to the %userprofile%\DoctorWeb\quarantaine-folder that can't be cured (in case if we need samples). - Then, from the main Dr.Web CureIt menu (top left), click File and choose save report list
- Save the report to your desktop.
- Close Dr.Web Cureit and Restart your computer to completely remove any stubborn files in reboot.
- After the restart, post the contents of the Dr.Web log file.
ps: There's no need to pm me every time you make a reply. I've subscribed to this topic via email alert.
0 -
You're a star. Here's the combofix log.
ComboFix 07-08-09.3 - "Home" 2007-08-13 8:23:57.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.627 [GMT 1:00]
Command switches used :: C:\Documents and Settings\Home\Desktop\CFScript.txt
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))
2007-08-12 22:12 <DIR> d
C:\Program Files\Trend Micro
2007-08-12 21:47 51,200 --a
C:\WINDOWS\nircmd.exe
2007-08-12 21:27 <DIR> d
C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-08-12 21:17 626,688 --a
C:\WINDOWS\system32\msvcr80.dll
2007-07-31 07:56 22,112 -ra
C:\WINDOWS\system32\drivers\COH_Mon.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-12 23:49 12 --a
C:\WINDOWS\bthservsdp.dat
2007-05-16 16:12 86528
C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504
C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 --a
C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 683520
C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 510976
C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816
C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-11 20:02 19784 --a
C:\DOCUME~1\Home\APPLIC~1\GDIPFONTCACHEV1.DAT
2004-06-18 10:05 45056 --a
C:\WINDOWS\inf\Slntinst.exe
2003-08-22 10:09 45056 --a
C:\WINDOWS\inf\slntinst_staticW2k.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 08:34 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-10 13:25]
"SupaDial"="C:\Program Files\SupaDial\SupaDial.exe" []
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-03 10:29]
"nwiz"="nwiz.exe" [2004-03-03 10:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-03 10:29]
"CARPService"="carpserv.exe" [2003-06-11 11:54 C:\WINDOWS\system32\carpserv.exe]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2004-05-11 23:20]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 12:17]
"Norton"="C:\Program Files\ASUS\WLAN Card Utilities\NorExec.exe" [2004-02-24 21:53]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-06 10:24]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 C:\WINDOWS\system32\BTSetBootKey.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:56 C:\WINDOWS\system32\bthprops.cpl]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"Motive SmartBridge"="C:\PROGRA~1\BTBROA~1\SMARTB~1\BTHelpNotifier.exe" [2006-02-06 18:52]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2005-12-29 10:22]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 01:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-12 22:06]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 11:37]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
c:\windows\system32\sbijsnu.exe
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R1 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys
R3 MRENDIS5;MRENDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.sys
R3 Tunx00;FunTV Video Capture;C:\WINDOWS\system32\DRIVERS\Tunx00.sys
R3 TxTuner;FunTV TV Tuner;C:\WINDOWS\system32\DRIVERS\TxTuner.sys
R3 USB_RNDIS;USB Remote NDIS Network Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\WINDOWS\system32\DRIVERS\bthmodem.sys
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS
S3 jfdcd;jfdcd;\??\C:\DOCUME~1\Home\LOCALS~1\Temp\jfdcd.sys
S3 M2500;802.11g Wireless Network Driver;C:\WINDOWS\system32\DRIVERS\M2500.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys
S3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
S3 W8100PCI;Marvell Libertas 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
*Newly Created Service* - ASNDIS5
*Newly Created Service* - COMHOST
Contents of the 'Scheduled Tasks' folder
2007-06-01 19:00:12 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Home.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 08:25:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-13 8:25:37
C:\ComboFix-quarantined-files.txt ... 2007-08-13 08:25
C:\ComboFix3.txt ... 2007-08-12 21:50
C:\ComboFix2.txt ... 2007-08-12 22:59
--- E O F ---Love MSE, Las Vegas and chocolate!0 -
ComboFix is clean now. I'll await the DrWeb results and get back to you tonight.0
-
Thanks Dr Web is running now. I really appreciate your help. Can't say thank you enough.... PS - It's found 6 items already :eek:
Dr Web
AdAware SE.exe;D:\AdAware SE Installer and Updates;Trojan.DownLoader.2667;Incurable.Moved.;Spybot - Search & Destroy 1.3.exe;D:\Program Files\SpyBot;Trojan.DownLoader.2667;Incurable.Moved.;Spywall Installer.exe;D:\Program Files\SpyBot;Trojan.DownLoader.2667;Incurable.Moved.;A0069254.exe;D:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP684;Trojan.DownLoader.2667;Incurable.Moved.;A0069255.exe;D:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP684;Trojan.DownLoader.2667;Incurable.Moved.;A0069256.exe;D:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP684;Trojan.DownLoader.2667;Incurable.Moved.;pskill.exe;C:\WINDOWS\Motive\btbb;Program.PsKill.101;Incurable.Moved.;Love MSE, Las Vegas and chocolate!0 -
You're looking pretty clean now. Just infected System Restore points which pose no threat unless you use them to roll back your system to an earlier time. Flushing the Restore Points will remove this minor threat.
Keep an eye on it for a few days with regular scans. If everything still appears normal, follow these simple steps to keep yourself safe and secure in the future.
Re-Hide your System Files
Please rehide your hidden system files and folders by reversing the steps here.
Keep Sun Java Updated
There are numerous infections which take advantage of exploits present in older Sun Java installations. Ensure you are running the latest version by reading this.
Disable and Re-enable System Restore to Flush Infected Restore Points
Disable and re-enable System Restore to ensure there are no infected files found in your restore points.
Click Start > Right click My Computer> Properties> System Restore and place a check next to the "Turn off System Restore" box.
Restart the machine to flush the restore points and then re-enable System Restore by removing the check from the "Turn off System Restore" box.
Then go to Start> All Programs> Accessories> System Tools> System Restore and create a new Restore Point.
Protect Yourself in the Future!!
Click on the following tutorial and follow each step listed there:
How can I protect myself on the Internet?
And finally...Fancy joining the crusade against malware??
Click here for details on where to get free anti-malware training!!
Safe Surfing
AS
Oh and before I forget, you need to bite the bullet and get use to IE7. Staying with IE6 is leaving you open to exploits like you've just experienced.0 -
Hello,
I have the exact same problem as mookybargirl: the red desktop, the three shortcuts, the popups and the wrong homepage. I wasn't sure if I should do exactly what you told her so I thought I'd ask you first. Here is the combofix log:
ComboFix 07-08-14.4 - "Krista" 2007-08-18 23:30:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.108 [GMT -7:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Krista\APPLIC~1.\Starware316
C:\DOCUME~1\Krista\APPLIC~1.\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\Krista\APPLIC~1.\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\Krista\APPLIC~1\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\Krista\APPLIC~1\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\Krista\Desktop.\Spyware&Malware Protection.url
C:\DOCUME~1\Krista\Desktop\Error Cleaner.url
C:\DOCUME~1\Krista\Desktop\Privacy Protector.url
C:\DOCUME~1\Krista\FAVORI~1.\Error Cleaner.url
C:\DOCUME~1\Krista\FAVORI~1.\Privacy Protector.url
C:\DOCUME~1\Krista\FAVORI~1.\Spyware&Malware Protection.url
C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\install.ico
C:\WINDOWS\dat.txt
C:\WINDOWS\duocore.dll
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\wmpconf.dll
C:\WINDOWS\wmpenv.dll
((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))
2007-08-18 23:26 <DIR> d
C:\Program Files\Trend Micro
2007-08-18 23:25 51,200 --a
C:\WINDOWS\nircmd.exe
2007-08-18 22:54 <DIR> d
C:\Program Files\XoftSpySE
2007-08-18 00:23 <DIR> d
C:\Program Files\RegCure
2007-08-17 23:48 158,752 --a
C:\DOCUME~1\Krista\APPLIC~1\installer_en[1].exe
2007-08-17 23:32 <DIR> d
C:\Program Files\Alice Greenfingers
2007-08-17 03:36 <DIR> d
C:\Program Files\Burger Rush
2007-08-17 03:34 <DIR> d
C:\Program Files\Games
2007-08-16 21:02 <DIR> d
C:\DOCUME~1\Krista\APPLIC~1\Mysteryville2
2007-08-16 19:58 <DIR> d
C:\Program Files\RSVP
2007-08-16 19:57 <DIR> d
C:\Program Files\Mysteryville 2
2007-08-15 19:18 <DIR> d
C:\Program Files\Cake Mania
2007-08-15 19:10 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-08-15 19:07 <DIR> d
C:\Program Files\CakeMania_at
2007-08-15 19:02 <DIR> d
C:\Program Files\bfgclient
2007-08-15 19:02 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2007-08-14 17:45 2,560 --a
C:\WINDOWS\_MSRSTRT.EXE
2007-08-14 17:23 <DIR> d
C:\Program Files\Birdies_at
2007-08-14 03:37 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-13 15:33 <DIR> d
C:\Program Files\GamesCafe.com
2007-08-11 21:29 <DIR> d
C:\DOCUME~1\Krista\APPLIC~1\Pogo Games
2007-08-11 18:55 <DIR> d
C:\Program Files\Sallys Salon
2007-08-02 01:51 <DIR> d
C:\Program Files\Mortimer Beckett And The Secrets Of Spooky Manor
2007-08-02 01:32 53,248 --a
C:\WINDOWS\system32\Process.exe
2007-08-02 01:32 51,200 --a
C:\WINDOWS\system32\dumphive.exe
2007-08-02 01:32 288,417 --a
C:\WINDOWS\system32\SrchSTS.exe
2007-08-01 22:04 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-01 21:37 <DIR> d
C:\WINDOWS\McAfee.com
2007-08-01 21:25 <DIR> d
C:\Program Files\PCPitstop
2007-08-01 21:04 3,072 --a
C:\WINDOWS\system32\tmp.reg
2007-07-31 01:52 <DIR> d
C:\Program Files\Emerald Tale
2007-07-27 05:17 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
2007-07-27 05:09 <DIR> d
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friday's games
2007-07-27 04:32 <DIR> d
C:\DOCUME~1\Krista\APPLIC~1\My Games
2007-07-27 02:24 <DIR> d
C:\Program Files\DinerDashFloontheGo_at
2007-07-26 23:39 73,216 --a
C:\WINDOWS\ST6UNST.EXE
2007-07-26 15:28 <DIR> d
C:\DOCUME~1\Chris\APPLIC~1\Yahoo!
2007-07-26 15:24 <DIR> d
C:\DOCUME~1\Krista\APPLIC~1\Yahoo!
2007-07-26 04:14 <DIR> d
C:\DOCUME~1\Krista\APPLIC~1\Big Fish Games
2007-07-25 23:25 <DIR> d
C:\Program Files\Yahoo! Games
2007-07-25 23:25 <DIR> d
C:\DOCUME~1\Krista\APPLIC~1\GetRightToGo
2007-07-25 23:24 <DIR> d
C:\Program Files\Yahoo!
2007-07-25 23:24 <DIR> d
C:\My Games
2007-07-25 01:48 <DIR> d
C:\Program Files\Cute Knight
2007-07-25 01:47 <DIR> d
C:\Program Files\Alawar
2007-07-23 18:38 879,832 --a
C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-23 18:38 108,360 --a
C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-22 06:40 <DIR> d
C:\Program Files\MIT Media Lab
2007-07-18 12:11 4,096 --a
C:\WINDOWS\system32\sysres.dll
2007-07-18 12:11 38,567 --a
C:\WINDOWS\system32\pcpbios.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-18 23:40
d
C:\Program Files\lg_fwupdate
2007-08-17 23:35
d
C:\DOCUME~1\Krista\APPLIC~1\PlayFirst
2007-08-17 23:34
d
C:\Program Files\PlayFirst
2007-08-17 03:35
d
C:\Program Files\Shockwave.com
2007-08-17 03:33
d
C:\Program Files\Common Files\Real
2007-08-17 02:15
d
C:\Program Files\GameHouse
2007-08-17 02:12
d
C:\Program Files\MonopolyHereNowEdition_at
2007-08-17 01:01
d
C:\Program Files\LimeWire
2007-08-09 23:54
d
C:\Program Files\Oberon Media
2007-08-04 11:37
d
C:\Program Files\Merriam Websters Spell Jam
2007-08-02 01:22
d
C:\Program Files\Google
2007-07-27 02:29
d
C:\Program Files\MSN Messenger
2007-07-25 23:18
d
C:\Program Files\Ice Cream Tycoon
2007-07-25 23:14
d
C:\DOCUME~1\Krista\APPLIC~1\DiVision Studios - Escaping Atlantis
2007-07-25 04:57
d
C:\Program Files\Arcade Lab
2007-07-25 04:50
d
C:\Program Files\Family Feud II
2007-07-18 23:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-18 03:51
d
C:\Program Files\Real
2007-07-14 02:42
d
C:\Program Files\The Apprentice Los Angeles
2007-07-14 02:12
d
C:\Program Files\The Apprentice
2007-07-12 20:10
d
C:\Program Files\Bookworm Adventures Deluxe
2007-07-12 16:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-12 06:05
d
C:\Program Files\Best Gift
2007-07-12 06:02
d
C:\Program Files\Holiday Express
2007-07-12 05:44
d
C:\Program Files\Word Krispies
2007-07-12 05:37
d
C:\Program Files\Tropix
2007-07-12 05:36
d
C:\Program Files\Delicious Deluxe
2007-07-12 04:39
d
C:\Program Files\Cash Cow
2007-07-12 02:52
d
C:\Program Files\Peggle Deluxe
2007-07-12 00:29
d
C:\Program Files\Bookworm Deluxe
2007-07-12 00:07
d
C:\DOCUME~1\Krista\APPLIC~1\Alawar
2007-07-11 23:52
d
C:\Program Files\Roller Rush
2007-07-11 21:58
d
C:\DOCUME~1\Krista\APPLIC~1\Canon
2007-07-10 22:35
d
C:\DOCUME~1\Krista\APPLIC~1\AdobeUM
2007-07-10 05:59
d
C:\Program Files\Teddy Factory
2007-07-10 03:51
d
C:\Program Files\Believe In Santa
2007-07-10 00:25
d
C:\DOCUME~1\Krista\APPLIC~1\Zylom
2007-07-06 21:56
d
C:\Program Files\iWin.com
2007-07-06 03:59
d
C:\DOCUME~1\Krista\APPLIC~1\Gamelab
2007-07-06 03:43
d
C:\Program Files\DeliciousDeluxe_at
2007-07-05 21:45
d
C:\Program Files\DinerDash_at
2007-07-05 18:37
d
C:\Program Files\BellesBeautyBoutique_at
2007-07-04 06:18
d
C:\Program Files\RollerRush_at
2007-07-04 06:17
d
C:\Program Files\PuppyLuv_at
2007-07-04 06:17
d
C:\Program Files\KittyLuv_at
2007-07-04 02:40
d
C:\Program Files\PizzaPanic_at
2007-07-04 02:23
d
C:\Program Files\DeliveryKing_at
2007-07-04 01:45
d
C:\Program Files\PizzaFrenzy_at
2007-07-04 01:45
d
C:\Program Files\NannyMania_at
2007-07-04 01:45
d
C:\Program Files\BurgerIsland_at
2007-07-03 07:27
d
C:\Program Files\DinerDash2_at
2007-07-03 01:53
d
C:\DOCUME~1\Krista\APPLIC~1\ZangoToolbar
2007-07-03 01:50
d--h
C:\Program Files\InstallShield Installation Information
2007-07-03 01:50
d
C:\Program Files\Error Repair Professional
2007-07-02 07:01
d
C:\DOCUME~1\Krista\APPLIC~1\iWin
2007-07-02 06:33
d
C:\DOCUME~1\Krista\APPLIC~1\MysteryStudio
2007-07-02 05:52
d
C:\DOCUME~1\Krista\APPLIC~1\Gaijin Ent
2007-06-29 04:54
d
C:\DOCUME~1\Krista\APPLIC~1\GameHouse
2007-06-28 03:42
d
C:\Program Files\FlipThatHouse
2007-06-28 02:57
d
C:\DOCUME~1\Krista\APPLIC~1\SecondLife
2007-06-27 07:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34 6058496
c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224
c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34 459264
c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 44544 --a--c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34 384512 --a--c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34 383488
c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34 267776
c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34 232960 --a--c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34 230400 --a--c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34 153088 --a--c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34 124928 --a--c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34 105984 --a--c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34 102400 --a--c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27 63488 --a--c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27 625152 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27 13824
c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-25 23:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-25 23:08 1104896 --a
C:\WINDOWS\system32\msxml3.dll
2007-06-25 05:52
d
C:\DOCUME~1\Krista\APPLIC~1\EA
2007-06-24 02:19
d
C:\Program Files\G.H.O.S.T. Hunters
2007-06-23 03:45
d
C:\Program Files\Grimm's Hatchery
2007-06-23 03:04
d
C:\Program Files\FastCrawl
2007-06-23 02:29
d
C:\DOCUME~1\Krista\APPLIC~1\funkitron
2007-06-22 03:30
d
C:\Program Files\Dream Vacation Solitaire
2007-06-22 03:07
d
C:\Program Files\Profitville
2007-06-22 00:25
d
C:\Program Files\Magic Match - The Genie's Journey
2007-06-20 03:46
d
C:\DOCUME~1\Krista\APPLIC~1\SpinTop
2007-06-19 06:31 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-19 06:31 282112 --a
C:\WINDOWS\system32\gdi32.dll
2007-06-17 20:11 802816 --a
C:\WINDOWS\feedingfrenzy.scr
2007-06-13 03:23 1033216 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 03:23 1033216 --a
C:\WINDOWS\explorer.exe
2006-09-07 07:55:01 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 01:04]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 11:43]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 10:23 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"CallControl 4.5"="C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe" [2001-10-01 23:39]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 08:00]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 06:29]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 07:25]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2005-04-12 10:11]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-14 23:40]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-03 19:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-10 01:17]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 20:48]
"ErrorRepairPro"="C:\Program Files\Error Repair Professional\autostart.exe" []
"SecurePCCleaner"="C:\Program Files\SecurePCCleaner\GDC.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2007-01-29 19:19:39]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2007-01-29 19:19:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= [URL]file:///C:\WINDOWS\privacy_danger\index.htm[/URL]
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
S3 LPDSVC;TCP/IP Print Server;C:\WINDOWS\system32\tcpsvcs.exe
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys
Contents of the 'Scheduled Tasks' folder
2007-07-27 13:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-19 06:38:45 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe
2007-08-18 07:23:32 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-08-19 06:38:46 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-19 05:55:01 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 23:39:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...0 -
And here is my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:30 PM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - !!02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - !!327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CallControl 4.5] C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ErrorRepairPro] C:\Program Files\Error Repair Professional\autostart.exe
O4 - HKCU\..\Run: [SecurePCCleaner] C:\Program Files\SecurePCCleaner\GDC.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZCxdm491MFCA
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: !!02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: !!149E45D8-163E-4189-86FC-45022AB2B6C9} - [URL]file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx[/URL]
O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: !!5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - [URL]file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx[/URL]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5088/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: Privacy Protection - [URL]file:///C:\WINDOWS\privacy_danger\index.htm[/URL]
--
End of file - 9062 bytes
After it restarted I got two lil popup things that said this:
1. Cannot find 'file: ///C:/windows/privacy_danger/index.htm'. Make sure the path or internet address is correct. (This popped up about three times.)
2. Could not upgrade database. There may not be enough space on the drive or another program may be locking the database. Please free up disk space or try uninstalling and reinstalling Google Desktop. D 80070020 5.1.707.23222.
I don't know if they have anything to do with anything but I thought I would check just to be safe.
Please please help me fix this it's driving me crazy and I really need my computer in good shape for schooling. Thx!0 -
And here is my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:30 PM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - !!02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - !!327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CallControl 4.5] C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ErrorRepairPro] C:\Program Files\Error Repair Professional\autostart.exe
O4 - HKCU\..\Run: [SecurePCCleaner] C:\Program Files\SecurePCCleaner\GDC.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZCxdm491MFCA
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: !!02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: !!149E45D8-163E-4189-86FC-45022AB2B6C9} - [URL]file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx[/URL]
O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: !!5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - [URL]file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx[/URL]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5088/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: Privacy Protection - [URL]file:///C:\WINDOWS\privacy_danger\index.htm[/URL]
--
End of file - 9062 bytes
After it restarted I got two lil popup things that said this:
1. Cannot find 'file: ///C:/windows/privacy_danger/index.htm'. Make sure the path or internet address is correct. (This popped up about three times.)
2. Could not upgrade database. There may not be enough space on the drive or another program may be locking the database. Please free up disk space or try uninstalling and reinstalling Google Desktop. D 80070020 5.1.707.23222.
I don't know if they have anything to do with anything but I thought I would check just to be safe.
Please please help me fix this it's driving me crazy and I really need my computer in good shape for schooling. Thx!0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.6K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards