I have something, but I don't know what.... HELP

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

I have something, but I don't know what.... HELP

Options

PMS View Member Profile	Jun 23 2008, 06:32 PM Post #1
Member Posts: 25 OS: xp	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:50:17 PM, on 6/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\vVX3000.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/ O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugi...PluginNOSSO.ocx O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe -- End of file - 9926 bytes SUPERAntiSpyware Scan Log Generated 06/23/2008 at 02:48 PM Application Version : 3.6.1000 Core Rules Database Version : 3488 Trace Rules Database Version: 1479 Scan type : Quick Scan Total Scan Time : 00:24:06 Memory items scanned : 554 Memory threats detected : 0 Registry items scanned : 889 Registry threats detected : 13 File items scanned : 19456 File threats detected : 10 Trojan.Media-Codec/V3 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9} HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9} HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}#xxx HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}\InprocServer32 HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}\InprocServer32#ThreadingModel C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL Trojan.SmitFraud Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{1559e6c1-7e5e-4461-9457-6a2dea85eb9f} HKCR\CLSID\{1559E6C1-7E5E-4461-9457-6A2DEA85EB9F} HKCR\CLSID\{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}\InProcServer32 HKCR\CLSID\{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}\InProcServer32#ThreadingModel C:\WINDOWS\SYSTEM32\TITIAU.DLL HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#eeler HKCR\CLSID\{1559E6C1-7E5E-4461-9457-6A2DEA85EB9F} Adware.Tracking Cookie C:\Documents and Settings\DA-LEO\cookies\da-leo@server.iad.liveperson[1].txt C:\Documents and Settings\DA-LEO\cookies\da-leo@dynamic.media.adrevolver[1].txt C:\Documents and Settings\DA-LEO\cookies\da-leo@mediaplex[1].txt C:\Documents and Settings\DA-LEO\cookies\da-leo@statse.webtrendslive[2].txt C:\Documents and Settings\DA-LEO\cookies\da-leo@server.iad.liveperson[3].txt C:\Documents and Settings\DA-LEO\cookies\da-leo@media.adrevolver[2].txt C:\Documents and Settings\DA-LEO\cookies\da-leo@adrevolver[1].txt C:\Documents and Settings\DA-LEO\cookies\da-leo@ad.yieldmanager[1].txt Trojan.Media-Codec/V4 HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#E404Helper [ {6919291c-0c39-40dc-b15e-261daed9ecba} ] Rogue.AntiVirus 2008 HKU\S-1-5-21-3407688628-393352913-2021196213-1006\Software\Microsoft\Windows\CurrentVersion\Run#Antivirus [ C:\Program Files\Antivirus2008\Antvrs.exe ] Malwarebytes' Anti-Malware 1.18 Database version: 883 1:57:03 PM 6/23/2008 mbam-log-6-23-2008 (13-56-18).txt Scan type: Quick Scan Objects scanned: 42545 Time elapsed: 8 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 91 Registry Values Infected: 6 Registry Data Items Infected: 13 Folders Infected: 13 Files Infected: 67 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\colorutility.colorutility (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\colorutility.colorutility.1 (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3b4c621-6024-410b-9f0f-22cbd6981f5e} (Rogue.Multiple) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken. HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{1985fce1-4043-4346-ae70-d0a0cd90bdd3} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e} (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf} (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ultra soft (Rogue.Multiple) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSpywareProtect (ver. 5.1) (Rogue.Installer) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{29c5a3b6-9a8d-4fa0-b5ad-3e20f4aa5c00} (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.0.370.0 (Adware.Zango) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.146 85.255.112.173 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0B323AC1-B28B-4701-A9EE-09223F19D020}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.146,85.255.112.173 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AFAAB470-D980-4229-8680-9951D67C6A2F}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.146,85.255.112.173 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC144B83-2689-4854-B6EB-72B68109C977}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.146,85.255.112.173 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.146 85.255.112.173 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0B323AC1-B28B-4701-A9EE-09223F19D020}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.146,85.255.112.173 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AFAAB470-D980-4229-8680-9951D67C6A2F}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.146,85.255.112.173 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC144B83-2689-4854-B6EB-72B68109C977}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.146,85.255.112.173 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.146 85.255.112.173 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0B323AC1-B28B-4701-A9EE-09223F19D020}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.146,85.255.112.173 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{AFAAB470-D980-4229-8680-9951D67C6A2F}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.146,85.255.112.173 -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{BC144B83-2689-4854-B6EB-72B68109C977}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.146,85.255.112.173 -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> No action taken. C:\Program Files\TrustedProtection (Rogue.TrustedProtection) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\BASE (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\DELETED (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\SAVED (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken. C:\Program Files\ColorUtility (Trojan.BHO) -> No action taken. C:\Documents and Settings\DA-LEO\Application Data\TrustedProtection (Rogue.TrustedProtection) -> No action taken. C:\Documents and Settings\DA-LEO\Application Data\TrustedProtection\Logs (Rogue.TrustedProtection) -> No action taken. C:\Documents and Settings\DA-LEO\Application Data\Antivirus (Rogue.Antivirus2008) -> No action taken. Files Infected: C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.Installer) -> No action taken. C:\Program Files\ColorUtility\ColorUtility.dll (Trojan.BHO) -> No action taken. C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> No action taken. C:\Documents and Settings\DA-LEO\Local Settings\Temp\nsj7C.tmp\InstallerHelperPlugin.dll (Adware.Shoper) -> No action taken. C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> No action taken. C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> No action taken. C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> No action taken. C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> No action taken. C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> No action taken. C:\Program Files\TrustedProtection\history.db (Rogue.TrustedProtection) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080531150352484.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080531185954203.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080601021431093.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080601104634859.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080602202941375.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080605210207187.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080606181505953.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080606195032453.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080607215620671.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080608114357046.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080608131258359.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080608191609265.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080609171636453.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080611221243218.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080612184804312.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080614234255468.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080615160755656.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080619234436460.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080620092158187.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080620125250546.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080622113719609.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080622181303296.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080622221208437.log (Rogue.MalWarrior) -> No action taken. C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080623095725078.log (Rogue.MalWarrior) -> No action taken. C:\Program Files\ColorUtility\uninstall.dat (Trojan.BHO) -> No action taken. C:\Program Files\ColorUtility\Uninstall.exe (Trojan.BHO) -> No action taken. C:\Documents and Settings\DA-LEO\Application Data\TrustedProtection\avtasks.dat (Rogue.TrustedProtection) -> No action taken. C:\Documents and Settings\DA-LEO\Application Data\TrustedProtection\PGE.dat (Rogue.TrustedProtection) -> No action taken. C:\Documents and Settings\DA-LEO\Application Data\TrustedProtection\Logs\av.log (Rogue.TrustedProtection) -> No action taken. C:\Documents and Settings\DA-LEO\Application Data\TrustedProtection\Logs\ga6Support.log (Rogue.TrustedProtection) -> No action taken. C:\Documents and Settings\DA-LEO\Application Data\TrustedProtection\Logs\update.log (Rogue.TrustedProtection) -> No action taken. C:\Documents and Settings\DA-LEO\Application Data\Antivirus\antvrs.exe (Rogue.Antivirus2008) -> No action taken. C:\WINDOWS\inf\ultra.inf (Malware.Trace) -> No action taken. C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\users_rating.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\spy_away_header_small.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\spy_away_header.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\spy_away_box_small.jpg (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\secuity_center_logo.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\protect.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\logo_bg.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\icon_warning.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\header_bg.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\features.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\download_btn.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\close_icon.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\buy_btn.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\arrow.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\alert_icon.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\5_stars.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\drivers\4_stars.gif (Malware.Trace) -> No action taken. C:\WINDOWS\system32\gtv_sd.bin (Malware.Trace) -> No action taken. C:\WINDOWS\system32\fuamfu32.ini (Malware.Trace) -> No action taken. C:\Documents and Settings\DA-LEO\Application Data\Install.dat (Trojan.Agent) -> No action taken.

Gravity Gripp View Member Profile	Jun 24 2008, 12:51 PM Post #2
Trusted Helper Posts: 1,785 From: /dev/null OS: Windows XP, OSX 10.5, Ubuntu 8.10	Hello PMS, Welcome to Geeks-To-Go. My name is Gravity Gripp and I'll be working with you on these issues. For now, I will be reviewing your log but will be responding back soon. Also, please note that I am still in training so there may be a slight delay in my responses because I will be working with an expert on this. I look forward to working with you

PMS View Member Profile	Jun 24 2008, 03:31 PM Post #3
Member Posts: 25 OS: xp	Thank you I appreciate your help

Gravity Gripp View Member Profile	Jun 25 2008, 08:03 AM Post #4
Trusted Helper Posts: 1,785 From: /dev/null OS: Windows XP, OSX 10.5, Ubuntu 8.10	PMS, Alright, lets get this thing started. Just follow my steps in order and we'll get you cleaned up. STEP ONE Download ComboFix from one of the locations below, and save it to your Desktop. Link 1 Link 2 Link 3 Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed. When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall

PMS View Member Profile	Jul 1 2008, 05:04 PM Post #5
Member Posts: 25 OS: xp	Combo Fix Log ComboFix 08-06-30.2 - DA-LEO 2008-07-01 18:43:38.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.232 [GMT -4:00] Running from: C:\Documents and Settings\DA-LEO\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\ORUN32.EXE C:\WINDOWS\system32\CMMGR32.EXE C:\WINDOWS\system32\kernel32.exe C:\WINDOWS\system32\zlib.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPF -------\Legacy_WINDOWS_MANAGEMENT_SERVICE ((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))) . 2008-06-29 17:07 . 2008-06-29 17:07 <DIR> d-------- C:\Documents and Settings\DA-LEO\Application Data\acccore 2008-06-29 17:05 . 2008-06-29 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore 2008-06-29 17:04 . 2008-06-29 17:06 <DIR> d-------- C:\Program Files\AIM6 2008-06-24 19:57 . 2008-06-30 21:01 671,382 --a------ C:\WINDOWS\webshots.bmp 2008-06-24 19:56 . 2008-06-24 19:56 1,548,846 --a------ C:\WINDOWS\US Army Special Forces.dat 2008-06-24 19:56 . 2008-06-24 19:56 466,944 --a------ C:\WINDOWS\US Army Special Forces.scr 2008-06-24 19:56 . 2008-06-24 19:56 180,224 --a------ C:\WINDOWS\UninstallWSST.exe 2008-06-24 19:56 . 2008-06-24 19:56 28,672 --a------ C:\WINDOWS\system32\ssconfig.exe 2008-06-24 19:56 . 2008-07-01 17:51 598 --a------ C:\WINDOWS\WSST_Screen_Saver.ini 2008-06-23 15:24 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-23 14:17 . 2008-06-23 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-23 14:16 . 2008-06-23 15:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-06-23 14:16 . 2008-06-23 14:16 <DIR> d-------- C:\Documents and Settings\DA-LEO\Application Data\SUPERAntiSpyware.com 2008-06-23 13:16 . 2008-06-23 13:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-23 13:16 . 2008-06-23 13:16 <DIR> d-------- C:\Documents and Settings\DA-LEO\Application Data\Malwarebytes 2008-06-23 13:16 . 2008-06-23 13:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-23 13:16 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-23 13:16 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-23 13:15 . 2008-06-23 13:15 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-06-23 12:58 . 2008-06-23 12:58 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-22 18:46 . 2008-06-23 18:06 <DIR> d-------- C:\Documents and Settings\DA-LEO\.housecall6.6 2008-06-06 18:56 . 2008-06-06 18:56 <DIR> d-------- C:\Program Files\Alwil Software 2008-06-05 17:17 . 2008-06-05 17:17 0 --a------ C:\LOG88.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-29 21:06 --------- d-----w C:\Program Files\Viewpoint 2008-06-29 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-06-29 21:05 --------- d-----w C:\Program Files\Common Files\AOL 2008-06-29 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-06-23 18:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-23 13:51 --------- d-----w C:\Program Files\Google 2008-06-23 02:16 --------- d-----w C:\Program Files\MySpace 2008-06-23 02:10 --------- d-----w C:\Program Files\Dell 2008-06-23 02:07 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-06-23 02:04 --------- d--h--r C:\Documents and Settings\DA-LEO\Application Data\yahoo! 2008-06-23 02:04 --------- d-----w C:\Program Files\Yahoo! 2008-06-23 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo! 2008-06-23 01:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-23 01:50 --------- d-----w C:\Program Files\MSN Messenger 2008-06-23 01:50 --------- d-----w C:\Program Files\Kiwee Toolbar2 2008-06-23 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software 2008-06-05 21:21 --------- d-----w C:\Documents and Settings\DA-LEO\Application Data\U3 2008-05-23 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-05-23 02:28 --------- d-----w C:\Documents and Settings\DA-LEO\Application Data\CyberLink 2008-05-23 02:24 --------- d-----w C:\Program Files\Common Files\CyberLink 2008-05-23 02:22 --------- d-----w C:\Program Files\CyberLink 2008-05-23 01:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-05-23 00:07 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-05-23 00:07 --------- d-----w C:\Documents and Settings\DA-LEO\Application Data\DAEMON Tools 2008-05-11 18:09 --------- d-----w C:\Program Files\Common Files\PestPatrol 2008-05-11 18:02 --------- d-----w C:\Program Files\Common Files\Command Software 2008-05-11 18:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Freedom 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2007-06-17 01:31 56 --sh--r C:\WINDOWS\system32\17BD09A83C.sys . ------- Sigcheck ------- 2004-08-04 06:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe 2004-08-04 06:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe 2004-08-04 06:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll 2004-08-04 06:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll 2004-08-04 06:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe 2004-08-04 06:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe 2004-08-04 06:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys 2004-08-04 06:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys 2004-08-04 06:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys 2004-08-04 06:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys 2004-08-04 06:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe 2004-08-04 06:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe 2004-08-04 06:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe 2004-08-04 06:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe 2004-08-04 06:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe 2004-08-04 06:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-23 15:15 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48 761947] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 14:46 8192] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-15 21:06 282624] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712] "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-05 19:38 707360] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 21:48 275800] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 10:51 49152] "RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240] "PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472] "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-04-21 10:22 91432] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-23 15:15 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-06-23 15:15 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\att-nap\\McciBrowser.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1700:TCP"= 1700:TCP:MioNet Remote Drive Access "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24] R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-01-28 16:56] R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 18:13] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] S3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 19:28] S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-01-28 16:56] S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [] S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-01-28 16:56] S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [] . Contents of the 'Scheduled Tasks' folder "2008-06-27 15:23:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-10-07 20:05:28 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_setup_exe.job" - D:\setup.exe . - - - - ORPHANS REMOVED - - - - WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKCU-Run-Aim6 - (no file) ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-01 18:51:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe . ************************************************************************ . Completion time: 2008-07-01 18:55:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-01 22:55:48 Pre-Run: 18,727,211,008 bytes free Post-Run: 18,745,229,312 bytes free 199 --- E O F --- 2008-06-24 14:21:06 Hijack This Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:03:07 PM, on 7/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\WINDOWS\vVX3000.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/ O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugi...PluginNOSSO.ocx O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9429 bytes

Gravity Gripp View Member Profile	Jul 2 2008, 12:19 PM Post #6
Trusted Helper Posts: 1,785 From: /dev/null OS: Windows XP, OSX 10.5, Ubuntu 8.10	PMS, a few more steps here. STEP ONE Jotti File Submission: Please go to Jotti's malware scan Copy and paste the following file path into the "File to upload & scan"box on the top of the page: C:\WINDOWS\system32\17BD09A83C.sys Click on the submit button Please post the results in your next reply. STEP TWO Please do an online scan with Kaspersky WebScanner Click on Accept You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan:[list]Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: STEP THREE Now, I'd like you to do another scan with SUPERAntiSpyware Double-click SUPERAntiSpyware.exe. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "*Configuration and Preferences", click the Preferences* button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked):[list] Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen. Back on the main screen, under "*Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose Perform Complete Scan. Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab.* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. In your next reply, please include the following logs: Jotti Log Kaspersky Log SuperAntiSpyware Log

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Something added to my sys, but don't know what [RESOLVED] 12	16 / 3,542	17th August 2005 - 06:17 AM clint48 started - last by Buckeye_Sam
Virus, Spyware and Trojan Removal Something's wrong, but I don't know what...	0 / 223	29th January 2008 - 07:58 AM KnuckleBuster started - last by KnuckleBuster
Virus, Spyware and Trojan Removal Sorry, I have a virus but don't know what it is Win32 trojan gen? 12	29 / 1,120	7th August 2008 - 03:18 PM elodie fr started - last by Mike
Windows XP�, 2000, 2003, NT Something's downloading but I don't know what	9 / 418	1st October 2008 - 06:53 AM yorkey.sa started - last by yorkey.sa