Internet/malware problem [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Internet/malware problem [RESOLVED]

Options

Haji View Member Profile	Jun 26 2008, 01:50 PM Post #1
Member Posts: 10 OS: XP	I've been having a problem with my internet that I think is malware related. The prolem is that some sites will load fine while others will take an extremely long time and timeout or won't load at all. Weird thing is I can access almost all of these sites fine by using a proxy site. Here's my log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:44:17 PM, on 6/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Zune\ZuneLauncher.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: {4947bce7-a4b3-0428-8c24-3ef049f280e1} - {1e082f94-0fe3-42c8-8240-3b4a7ecb7494} - C:\WINDOWS\system32\rbyvrlix.dll O2 - BHO: (no name) - {349DB5C9-FBB0-4D84-AD5B-25AE40D17EE8} - C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\PV7BMU7E\3077ahntdksr[1].dll (file missing) O2 - BHO: (no name) - {65EF2FF4-CFC6-4681-93C9-B0F7C93D4117} - C:\WINDOWS\system32\yaywwUND.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} - C:\WINDOWS\system32\geBsrSLF.dll O2 - BHO: (no name) - {DC549FE2-5615-457D-8244-A3A1ADF7B23F} - C:\WINDOWS\system32\ssqrs.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing) O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [6565676F716C7171] 3F3F0000000000.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [a0d3afb1] rundll32.exe "C:\WINDOWS\system32\yqqwhdpl.dll",b O4 - HKLM\..\Run: [BMa3e09c2d] Rundll32.exe "C:\WINDOWS\system32\pipbewuv.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EventLog] C:\WINDOWS\system32\event.exe O4 - HKCU\..\Run: [Vcsron] C:\Program Files\Vcsron\Vcsron.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZR O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll O20 - Winlogon Notify: geBsrSLF - C:\WINDOWS\SYSTEM32\geBsrSLF.dll O20 - Winlogon Notify: mfc850 - mfc850.dll (file missing) O20 - Winlogon Notify: mljhfdd - mljhfdd.dll (file missing) O20 - Winlogon Notify: spoolsvc - spoolsvc.dll (file missing) O21 - SSODL: ZJvdzCxv - {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 13829 bytes

2 Pages

1 2 >

Replies (1 - 14)

Rorschach112 View Member Profile	Jun 26 2008, 02:34 PM Post #2
GeekU Teacher Posts: 35,418 From: Dublin OS: XP	Hello Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Please visit this web page for instructions for downloading and running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Haji View Member Profile	Jun 26 2008, 05:16 PM Post #3
Member Posts: 10 OS: XP	thank you for the reply. ok I finished running combofix and here's the log: ComboFix 08-06-20.4 - Ed 2008-06-26 17:20:21.5 - NTFSx86 Running from: C:\Documents and Settings\Ed\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMa3e09c2d.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\DNUwwyay.ini C:\WINDOWS\system32\DNUwwyay.ini2 C:\WINDOWS\system32\lpdhwqqy.ini C:\WINDOWS\system32\yaywwUND.dll . ((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))) . 2008-06-26 18:04 . 2008-06-26 18:04 22 --a------ C:\WINDOWS\pskt.ini 2008-06-26 18:04 . 2008-06-26 18:09 0 --a------ C:\WINDOWS\BMa3e09c2d.xml 2008-06-25 19:09 . 2008-06-25 19:09 106,496 --a------ C:\WINDOWS\system32\rbyvrlix.dll 2008-06-25 19:06 . 2008-06-25 19:06 81,920 --a------ C:\WINDOWS\system32\yqqwhdpl.dll 2008-06-25 19:05 . 2008-06-25 19:05 91,136 --a------ C:\WINDOWS\system32\pipbewuv.dll 2008-06-25 18:48 . 2008-06-25 18:48 294 --ahs---- C:\WINDOWS\system32\dwbmseuf.ini 2008-06-25 04:08 . 2008-06-25 04:08 99,840 --a------ C:\WINDOWS\system32\sfnhyxjw.dll 2008-06-25 04:06 . 2008-06-25 04:06 91,136 --a------ C:\WINDOWS\system32\urjuruvh.dll 2008-06-24 21:19 . 2008-06-24 21:19 25,088 --a------ C:\WINDOWS\system32\ddcBSJYo.dll 2008-06-24 21:19 . 2008-06-24 21:19 25,088 --a------ C:\WINDOWS\system32\awtrSkKD.dll 2008-06-24 21:18 . 2008-06-24 21:18 25,088 --a------ C:\WINDOWS\system32\efcCttsP.dll 2008-06-24 21:16 . 2008-06-24 21:16 81,920 --a------ C:\WINDOWS\system32\aecfquig.dll 2008-06-24 21:15 . 2008-06-24 21:15 99,840 --a------ C:\WINDOWS\system32\mqtoaoux.dll 2008-06-24 21:14 . 2008-06-24 21:14 91,136 --a------ C:\WINDOWS\system32\wwdmsbld.dll 2008-06-24 21:11 . 2008-06-24 21:11 25,088 --a------ C:\WINDOWS\system32\ddcAtqnO.dll 2008-06-24 21:10 . 2008-06-24 21:10 25,088 --a------ C:\WINDOWS\system32\wvUoNFYO.dll 2008-06-24 21:10 . 2008-06-24 21:10 25,088 --a------ C:\WINDOWS\system32\wvUOIaxy.dll 2008-06-24 21:10 . 2008-06-24 21:10 25,088 --a------ C:\WINDOWS\system32\wvUmnnKb.dll 2008-06-24 21:08 . 2008-06-24 21:08 25,088 --a------ C:\WINDOWS\system32\yayxvUMf.dll 2008-06-24 21:07 . 2008-06-24 21:07 25,088 --a------ C:\WINDOWS\system32\geBsrSLF.dll 2008-06-23 21:36 . 2008-06-23 21:36 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\eMule 2008-06-21 05:37 . 2008-06-21 05:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-21 05:37 . 2008-06-21 05:37 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-16 14:41 . 2008-06-16 14:41 <DIR> d-------- C:\Program Files\PowerISO 2008-06-15 20:35 . 2008-06-15 20:43 <DIR> d-------- C:\Program Files\Flv Audio Extractor 2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 17:38 . 2008-03-21 13:57 14,640 --a------ C:\WINDOWS\system32\spmsgXP_2k3.dll 2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf 2008-06-08 07:57 . 2008-06-08 07:57 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Move Networks 2008-06-01 18:18 . 2008-06-01 21:33 117 --a------ C:\WINDOWS\CIV.INI 2008-06-01 13:09 . 2008-06-01 13:09 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\InstallShield 2008-06-01 13:06 . 2008-06-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo 2008-06-01 13:04 . 2008-06-01 13:05 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems 2008-06-01 08:08 . 2008-06-01 08:08 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Ulead Systems 2008-05-31 14:06 . 2008-05-31 14:06 <DIR> d-------- C:\Program Files\Common Files\InterVideo 2008-05-31 14:04 . 2008-05-31 14:04 <DIR> d-------- C:\Program Files\Windows Media Components . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-26 21:55 96,256 -c--a-w C:\WINDOWS\system32\drivers\sptddrv1.sys 2008-06-26 20:24 --------- d-----w C:\Program Files\StepMania CVS 2008-06-24 19:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-24 01:36 --------- d-----w C:\Program Files\eMule 2008-06-23 00:59 --------- d-----w C:\Documents and Settings\Ed\Application Data\Skype 2008-06-22 21:36 --------- d-----w C:\Documents and Settings\Ed\Application Data\skypePM 2008-06-18 21:37 --------- d-----w C:\Program Files\LimeWire 2008-06-17 05:32 11,836 -c--a-w C:\Documents and Settings\Ed\Application Data\wklnhst.dat 2008-06-16 19:30 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-10 23:39 --------- d-----w C:\Program Files\Zune 2008-06-08 01:26 --------- d-----w C:\Program Files\mIRC 2008-06-01 17:04 --------- d-----w C:\Program Files\Ulead Systems 2008-06-01 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-06-01 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-01 16:23 --------- d-----w C:\Documents and Settings\Ed\Application Data\Ulead Systems 2008-05-30 08:27 --------- d-----w C:\Program Files\DivX 2008-05-29 17:10 --------- d-----w C:\Program Files\Lexmark X1100 Series 2008-05-29 08:56 --------- d-----w C:\Program Files\Last.fm 2008-05-20 03:02 --------- d-----w C:\Documents and Settings\Ed\Application Data\vlc 2008-05-18 02:46 --------- d-----w C:\Program Files\AllToAVI 2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-05-13 01:51 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll 2008-05-13 01:51 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll 2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-13 01:49 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-12 23:16 --------- d-----w C:\Program Files\Java 2008-05-12 21:52 --------- d-----w C:\Program Files\iTunes 2008-05-12 03:26 --------- d-----w C:\Program Files\Trend Micro 2008-05-12 03:12 --------- d-----w C:\Program Files\Lavasoft 2008-05-12 03:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-12 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-12 03:09 --------- d-----w C:\Program Files\Vcsron 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-05-04 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7 2008-05-04 20:30 --------- d-----w C:\Program Files\jv16 PowerTools 2008 2008-05-03 13:55 --------- d-----w C:\Documents and Settings\George.COMPUTER\Application Data\LimeWire 2008-05-02 20:20 --------- d-----w C:\Program Files\Pcsx2_0.9.4 2008-05-02 20:20 --------- d-----w C:\Documents and Settings\Ed\Application Data\Metacafe 2008-05-02 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe 2008-05-01 20:33 --------- d-----w C:\Program Files\Autodesk 2008-04-29 23:56 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe 2008-04-29 23:56 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe 2008-04-29 23:39 70,144 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll 2008-04-29 23:39 62,464 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll 2008-04-29 23:39 40,704 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys 2008-04-29 23:39 35,328 ----a-w C:\WINDOWS\system32\ZuneUsbCOnnection.dll 2008-04-29 23:39 145,408 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll 2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-04-17 23:11 1,112,288 ----a-w C:\WINDOWS\system32\WdfCoInstaller01007.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2007-11-16 22:19 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-07-16 21:32 81,920 ----a-w C:\Documents and Settings\Ed\Application Data\ezpinst.exe 2007-07-16 21:32 47,360 ----a-w C:\Documents and Settings\Ed\Application Data\pcouffin.sys 2007-07-16 21:06 87,608 ----a-w C:\Documents and Settings\Ed\Application Data\inst.exe 2007-05-21 06:53 534 -c--a-w C:\Documents and Settings\Andy.COMPUTER\Application Data\wklnhst.dat 2007-04-27 02:00 604 -c-ha-w C:\Program Files\STLL Notifier 2007-03-28 23:06 696 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat 2007-01-17 19:48 439,296 -c--a-w C:\Documents and Settings\Compaq_Owner\GoToAssist_phone__317_en.exe 2006-03-14 01:54 840 -c--a-w C:\Documents and Settings\Emma.GEORGEMMA.000\Application Data\wklnhst.dat 2006-03-01 00:56 4,506 -c--a-w C:\Documents and Settings\Ed.GEORGEMMA\Application Data\wklnhst.dat 2006-02-14 23:35 508 -c--a-w C:\Documents and Settings\Andy.GEORGEMMA\Application Data\wklnhst.dat 2005-12-05 22:54 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2005-07-29 21:24 472 -csha-r C:\WINDOWS\R2VvcmdlIE1lbG9odXNreQ\lZpSwAx5KHY5v36CxrhOyk.vbs 2006-08-10 00:30 56 --sha-r C:\WINDOWS\system32\957DCF128A.sys 2006-08-10 00:30 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2006-08-26 19:57 130,905 -csha-w C:\WINDOWS\system32\srsc.dat . CODE <pre> ----a-w 67,112 2008-03-24 18:30:15 C:\Program Files\AIM\aim .exe -c--a-w 50,528 2008-03-24 18:30:17 C:\Program Files\AIM6\aim6 .exe -c--a-w 75,392 2008-02-15 20:51:03 C:\Program Files\Alwil Software\Avast4\ashDisp .exe -c--a-w 970,752 2008-03-18 21:14:53 C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater .exe -c--a-w 157,592 2008-02-15 20:51:02 C:\Program Files\DAEMON Tools\daemon .exe -c--a-w 68,856 2008-02-14 23:15:23 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe -c--a-w 1,694,208 2008-03-18 21:14:53 C:\Program Files\Messenger\msmsgs .exe -c--a-w 282,624 2008-02-05 20:48:35 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-05 20:47:26 C:\Program Files\QuickTime\qttask .exe -c--a-w 648,704 2008-02-05 01:20:20 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-04 21:41:32 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-03 21:06:33 C:\Program Files\QuickTime\qttask .exe -c--a-w 648,704 2008-02-03 14:38:35 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-02 18:52:52 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-02 11:31:00 C:\Program Files\QuickTime\qttask .exe ----a-w 282,624 2008-02-14 00:36:17 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-14 00:35:24 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-13 20:48:23 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-13 03:42:49 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-12 20:05:13 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-11 20:19:26 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-10 18:55:52 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-09 17:46:16 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-08 21:03:58 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-14 23:13:16 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-14 22:38:09 C:\Program Files\QuickTime\qttask .exe ----a-w 21,760,296 2008-03-21 04:49:35 C:\Program Files\Skype\Phone\Skype .exe -c--a-w 58,368 2008-02-15 20:21:41 C:\Program Files\Sound Volume Hotkeys\SoundVolumeHotkeys .exe ----a-w 3,481,600 2008-03-06 18:48:27 C:\Program Files\Veoh Networks\Veoh\VeohClient .exe -c--a-w 166,304 2008-02-11 20:21:05 C:\Program Files\Zune\ZuneLauncher .exe -c--a-w 102,400 2008-02-15 20:51:01 C:\WINDOWS\tsnp2std .exe -c--a-w 339,968 2008-02-15 20:22:07 C:\WINDOWS\vsnp2std .exe -c--a-w 208,952 2008-03-24 23:19:41 C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE -c--a-w 44,032 2008-03-24 23:19:40 C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE ----a-w 15,360 2008-03-24 23:19:57 C:\WINDOWS\system32\ctfmon .exe ----a-w 174,592 2008-03-22 14:05:58 C:\WINDOWS\system32\lexpps .exe -c--a-w 98,304 2008-02-15 20:22:05 C:\WINDOWS\system32\ps2 .exe -c--a-w 59,392 2008-03-24 23:19:46 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe -c--a-w 455,168 2008-03-24 23:19:48 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE </pre> ------- Sigcheck ------- 2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe 2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe 2004-08-04 08:00 14848 340a992968d7fecb91161a0636f15beb C:\WINDOWS\system32\lsass.exe 2004-08-04 08:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . -c--a-w 57,344 2005-06-07 03:46:24 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe -c--a-w 67,160 2005-08-05 19:08:26 C:\Program Files\AIM\bak\aim.exe -c--a-w 180,269 2005-04-20 12:18:13 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe -c--a-w 58,992 2005-03-23 20:34:32 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe -c--a-w 133,016 2005-12-10 14:57:19 C:\Program Files\DAEMON Tools\bak\daemon.exe -c--a-w 164,792 2006-10-10 20:20:52 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\bak\GoogleToolbarNotifier.exe -c--a-w 229,952 2006-09-25 18:54:24 C:\Program Files\iTunes\bak\iTunesHelper.exe -c--a-w 155,648 2006-03-26 17:05:59 C:\Program Files\QuickTime\bak\qttask.exe -c--a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe ----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{349DB5C9-FBB0-4D84-AD5B-25AE40D17EE8}] C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\PV7BMU7E\3077ahntdksr[1].dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ca3f9a3-9488-4f34-8276-a783f6a41295}] 2008-06-26 18:27 106496 --a------ C:\WINDOWS\system32\urnkihru.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CDC07BE-A091-4455-B4CF-AA75F9854F3F}] 2008-06-26 18:06 319488 --a------ C:\WINDOWS\system32\qoMGAqpn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}] 2008-06-24 21:07 25088 --a------ C:\WINDOWS\system32\geBsrSLF.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC549FE2-5615-457D-8244-A3A1ADF7B23F}] C:\WINDOWS\system32\ssqrs.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JARFile] @={45A9B2C0-0D04-4AE6-B2F6-544B5C5E1EF3} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360] "Aim6"="" [] "EventLog"="C:\WINDOWS\system32\event.exe" [ ] "Vcsron"="C:\Program Files\Vcsron\Vcsron.exe" [2008-05-07 14:20 57344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ] "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [ ] "snp2std"="C:\WINDOWS\vsnp2std.exe" [ ] "PS2"="C:\WINDOWS\system32\ps2.exe" [ ] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 08:00 208952] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 08:00 44032] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 08:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE] "6565676F716C7171"="3F3F0000000000.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232] "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624] "My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" [ ] "BMa3e09c2d"="C:\WINDOWS\system32\mjfrvewd.dll" [2008-06-26 18:22 91648] "a0d3afb1"="C:\WINDOWS\system32\vxbyyclb.dll" [2008-06-26 18:24 80896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-17 14:57 145920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-03-24 23:21 218496] C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-28 17:49:41 106496] RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784] C:\Documents and Settings\Ed.GEORGEMMA\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Emma.GEORGEMMA.000\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\George\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\George.COMPUTER\Start Menu\Programs\Startup\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784] C:\Documents and Settings\Andy\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Andy.COMPUTER\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Andy.GEORGEMMA.000\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Ed\Start Menu\Programs\Startup\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\cbXNDssR.dll [ ] "{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}"= C:\WINDOWS\system32\geBsrSLF.dll [2008-06-24 21:07 25088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "ZJvdzCxv"= {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-06-14 21:29 9216 C:\WINDOWS\system32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsrSLF] geBsrSLF.dll 2008-06-24 21:07 25088 C:\WINDOWS\system32\geBsrSLF.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mfc850] mfc850.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhfdd] mljhfdd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spoolsvc] spoolsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\qoMGAqpn [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Ed\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk] C:\WINDOWS\system32\bpk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp] --a--c--- 2005-02-26 01:34 245760 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] --a------ 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] --a--c--- 2004-10-14 16:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower] --a--c--- 2005-01-04 19:54 49152 C:\WINDOWS\system32\SiSPower.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvc] C:\WINDOWS\system32\spoolsvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"= "C:\\Program Files\\Google\\Google Earth\\GoogleEarth.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\Destiny\\RadioDestiny Broadcaster\\RadioDestiny Broadcaster.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Last.fm\\LastFM.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Skype\\Phone\\Skype .exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"= "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25:TCP"= 25:TCP:Outlook Express "9172:TCP"= 9172:TCP:BitComet 9172 TCP "9172:UDP"= 9172:UDP:BitComet 9172 UDP "22405:TCP"= 22405:TCP:BitComet 22405 TCP "22405:UDP"= 22405:UDP:BitComet 22405 UDP "49000:TCP"= 49000:TCP:BitComet 49000 TCP "49000:UDP"= 49000:UDP:BitComet 49000 UDP "19524:TCP"= 19524:TCP:BitComet 19524 TCP "19524:UDP"= 19524:UDP:BitComet 19524 UDP R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39] R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56] S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-09-21 14:31] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}] C:\Documents and Settings\Ed\Application Data\Microsoft\cfgmgr.vbs . Contents of the 'Scheduled Tasks' folder "2008-06-21 09:37:38 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-26 18:00:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\lpdhwqqy.ini 294 bytes C:\WINDOWS\system32\qoMGAqpn.dll 319488 bytes executable scan completed successfully hidden files: 2 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\geBsrSLF.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll -> C:\WINDOWS\system32\vxbyyclb.dll -> C:\WINDOWS\system32\mjfrvewd.dll . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************ . Completion time: 2008-06-26 18:57:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-26 22:57:33 ComboFix2.txt 2008-06-25 23:36:32 ComboFix3.txt 2008-06-25 08:35:18 ComboFix4.txt 2008-05-12 22:44:13 Pre-Run: 27,649,556,480 bytes free Post-Run: 27,621,965,824 bytes free 427 --- E O F --- 2008-06-20 10:23:33

Haji View Member Profile	Jun 26 2008, 05:19 PM Post #4
Member Posts: 10 OS: XP	Here's a new hijackthis log also: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:18:32 PM, on 6/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Vcsron\Vcsron.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing) O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [6565676F716C7171] 3F3F0000000000.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [BMa3e09c2d] Rundll32.exe "C:\WINDOWS\system32\mjfrvewd.dll",s O4 - HKLM\..\Run: [a0d3afb1] rundll32.exe "C:\WINDOWS\system32\vxbyyclb.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EventLog] C:\WINDOWS\system32\event.exe O4 - HKCU\..\Run: [Vcsron] C:\Program Files\Vcsron\Vcsron.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZR O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O21 - SSODL: ZJvdzCxv - {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 12590 bytes

Rorschach112 View Member Profile	Jun 27 2008, 06:32 AM Post #5
GeekU Teacher Posts: 35,418 From: Dublin OS: XP	Your PC is really infected 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quotebox below into it: CODE KillAll:: File:: C:\WINDOWS\pskt.ini C:\WINDOWS\BMa3e09c2d.xml C:\WINDOWS\system32\rbyvrlix.dll C:\WINDOWS\system32\yqqwhdpl.dll C:\WINDOWS\system32\pipbewuv.dll C:\WINDOWS\system32\dwbmseuf.ini C:\WINDOWS\system32\sfnhyxjw.dll C:\WINDOWS\system32\urjuruvh.dll C:\WINDOWS\system32\ddcBSJYo.dll C:\WINDOWS\system32\awtrSkKD.dll C:\WINDOWS\system32\efcCttsP.dll C:\WINDOWS\system32\aecfquig.dll C:\WINDOWS\system32\mqtoaoux.dll C:\WINDOWS\system32\wwdmsbld.dll C:\WINDOWS\system32\ddcAtqnO.dll C:\WINDOWS\system32\wvUoNFYO.dll C:\WINDOWS\system32\wvUOIaxy.dll C:\WINDOWS\system32\wvUmnnKb.dll C:\WINDOWS\system32\yayxvUMf.dll C:\WINDOWS\system32\geBsrSLF.dll C:\WINDOWS\system32\spoolsvc.exe C:\WINDOWS\system32\srsc.dat Folder:: C:\WINDOWS\R2VvcmdlIE1lbG9odXNreQ Registry:: [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{A6F5090F-D9EC-4263-9D7D-2968C5179291}"=- "{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvc] Rootkit:: C:\WINDOWS\system32\lpdhwqqy.ini C:\WINDOWS\system32\qoMGAqpn.dll AWF:: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe C:\Program Files\AIM\bak\aim.exe C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe C:\Program Files\DAEMON Tools\bak\daemon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\bak\GoogleToolbarNotifier.exe C:\Program Files\iTunes\bak\iTunesHelper.exe C:\Program Files\QuickTime\bak\qttask.exe C:\WINDOWS\system32\bak\ctfmon.exe RenV:: ----a-w 67,112 2008-03-24 18:30:15 C:\Program Files\AIM\aim .exe -c--a-w 50,528 2008-03-24 18:30:17 C:\Program Files\AIM6\aim6 .exe -c--a-w 75,392 2008-02-15 20:51:03 C:\Program Files\Alwil Software\Avast4\ashDisp .exe -c--a-w 970,752 2008-03-18 21:14:53 C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater .exe -c--a-w 157,592 2008-02-15 20:51:02 C:\Program Files\DAEMON Tools\daemon .exe -c--a-w 68,856 2008-02-14 23:15:23 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe -c--a-w 1,694,208 2008-03-18 21:14:53 C:\Program Files\Messenger\msmsgs .exe -c--a-w 282,624 2008-02-05 20:48:35 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-05 20:47:26 C:\Program Files\QuickTime\qttask .exe -c--a-w 648,704 2008-02-05 01:20:20 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-04 21:41:32 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-03 21:06:33 C:\Program Files\QuickTime\qttask .exe -c--a-w 648,704 2008-02-03 14:38:35 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-02 18:52:52 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-02 11:31:00 C:\Program Files\QuickTime\qttask .exe ----a-w 282,624 2008-02-14 00:36:17 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-14 00:35:24 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-13 20:48:23 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-13 03:42:49 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-12 20:05:13 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-11 20:19:26 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-10 18:55:52 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-09 17:46:16 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-08 21:03:58 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-14 23:13:16 C:\Program Files\QuickTime\qttask .exe ----a-w 648,704 2008-02-14 22:38:09 C:\Program Files\QuickTime\qttask .exe ----a-w 21,760,296 2008-03-21 04:49:35 C:\Program Files\Skype\Phone\Skype .exe -c--a-w 58,368 2008-02-15 20:21:41 C:\Program Files\Sound Volume Hotkeys\SoundVolumeHotkeys .exe ----a-w 3,481,600 2008-03-06 18:48:27 C:\Program Files\Veoh Networks\Veoh\VeohClient .exe -c--a-w 166,304 2008-02-11 20:21:05 C:\Program Files\Zune\ZuneLauncher .exe -c--a-w 102,400 2008-02-15 20:51:01 C:\WINDOWS\tsnp2std .exe -c--a-w 339,968 2008-02-15 20:22:07 C:\WINDOWS\vsnp2std .exe -c--a-w 208,952 2008-03-24 23:19:41 C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE -c--a-w 44,032 2008-03-24 23:19:40 C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE ----a-w 15,360 2008-03-24 23:19:57 C:\WINDOWS\system32\ctfmon .exe ----a-w 174,592 2008-03-22 14:05:58 C:\WINDOWS\system32\lexpps .exe -c--a-w 98,304 2008-02-15 20:22:05 C:\WINDOWS\system32\ps2 .exe -c--a-w 59,392 2008-03-24 23:19:46 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe -c--a-w 455,168 2008-03-24 23:19:48 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Haji View Member Profile	Jun 27 2008, 04:23 PM Post #6
Member Posts: 10 OS: XP	The new combofix log: ComboFix 08-06-20.4 - Ed 2008-06-27 15:58:38.6 - NTFSx86 Running from: C:\Documents and Settings\Ed\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Ed\Desktop\CFScript.txt.txt * Created a new restore point FILE :: C:\WINDOWS\BMa3e09c2d.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\aecfquig.dll C:\WINDOWS\system32\awtrSkKD.dll C:\WINDOWS\system32\ddcAtqnO.dll C:\WINDOWS\system32\ddcBSJYo.dll C:\WINDOWS\system32\dwbmseuf.ini C:\WINDOWS\system32\efcCttsP.dll C:\WINDOWS\system32\geBsrSLF.dll C:\WINDOWS\system32\mqtoaoux.dll C:\WINDOWS\system32\pipbewuv.dll C:\WINDOWS\system32\rbyvrlix.dll C:\WINDOWS\system32\sfnhyxjw.dll C:\WINDOWS\system32\spoolsvc.exe C:\WINDOWS\system32\srsc.dat C:\WINDOWS\system32\urjuruvh.dll C:\WINDOWS\system32\wvUmnnKb.dll C:\WINDOWS\system32\wvUOIaxy.dll C:\WINDOWS\system32\wvUoNFYO.dll C:\WINDOWS\system32\wwdmsbld.dll C:\WINDOWS\system32\yayxvUMf.dll C:\WINDOWS\system32\yqqwhdpl.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator.COMPUTER.000\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Andy.GEORGEMMA.000\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Ed\Application Data\inst.exe C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\bestwiner.stt C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\BMa3e09c2d.xml C:\WINDOWS\keyboard1.dat C:\WINDOWS\newname.dat C:\WINDOWS\pskt.ini C:\WINDOWS\R2VvcmdlIE1lbG9odXNreQ C:\WINDOWS\R2VvcmdlIE1lbG9odXNreQ\lZpSwAx5KHY5v36CxrhOyk.vbs C:\WINDOWS\system32\aecfquig.dll C:\WINDOWS\system32\awtrSkKD.dll C:\WINDOWS\system32\blcyybxv.ini C:\WINDOWS\system32\dcded8_z.dll C:\WINDOWS\system32\ddcAtqnO.dll C:\WINDOWS\system32\ddcBSJYo.dll C:\WINDOWS\system32\dwbmseuf.ini C:\WINDOWS\system32\efcCttsP.dll C:\WINDOWS\system32\geBsrSLF.dll C:\WINDOWS\system32\lpdhwqqy.ini C:\WINDOWS\system32\mqtoaoux.dll C:\WINDOWS\system32\npqAGMoq.ini C:\WINDOWS\system32\npqAGMoq.ini2 C:\WINDOWS\system32\pipbewuv.dll C:\WINDOWS\system32\qoMGAqpn.dll C:\WINDOWS\system32\rbyvrlix.dll C:\WINDOWS\system32\RCX44.tmp C:\WINDOWS\system32\RCX49.tmp C:\WINDOWS\system32\sfnhyxjw.dll C:\WINDOWS\system32\srsc.dat C:\WINDOWS\system32\urjuruvh.dll C:\WINDOWS\system32\wvUmnnKb.dll C:\WINDOWS\system32\wvUOIaxy.dll C:\WINDOWS\system32\wvUoNFYO.dll C:\WINDOWS\system32\wwdmsbld.dll C:\WINDOWS\system32\yayxvUMf.dll . ((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))) . 2008-06-26 18:27 . 2008-06-26 18:27 106,496 --a------ C:\WINDOWS\system32\urnkihru.dll 2008-06-26 18:24 . 2008-06-26 18:24 80,896 --a------ C:\WINDOWS\system32\vxbyyclb.dll 2008-06-26 18:22 . 2008-06-26 18:22 91,648 --a------ C:\WINDOWS\system32\mjfrvewd.dll 2008-06-23 21:36 . 2008-06-23 21:36 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\eMule 2008-06-21 05:37 . 2008-06-21 05:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-06-21 05:37 . 2008-06-21 05:37 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-16 14:41 . 2008-06-16 14:41 <DIR> d-------- C:\Program Files\PowerISO 2008-06-15 20:35 . 2008-06-15 20:43 <DIR> d-------- C:\Program Files\Flv Audio Extractor 2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 17:38 . 2008-03-21 13:57 14,640 --a------ C:\WINDOWS\system32\spmsgXP_2k3.dll 2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf 2008-06-08 07:57 . 2008-06-08 07:57 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Move Networks 2008-06-01 18:18 . 2008-06-01 21:33 117 --a------ C:\WINDOWS\CIV.INI 2008-06-01 13:09 . 2008-06-01 13:09 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\InstallShield 2008-06-01 13:06 . 2008-06-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo 2008-06-01 13:04 . 2008-06-01 13:05 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems 2008-06-01 08:08 . 2008-06-01 08:08 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Ulead Systems 2008-05-31 14:06 . 2008-05-31 14:06 <DIR> d-------- C:\Program Files\Common Files\InterVideo 2008-05-31 14:04 . 2008-05-31 14:04 <DIR> d-------- C:\Program Files\Windows Media Components . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-27 21:06 --------- d-----w C:\Program Files\QuickTime 2008-06-27 21:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-27 21:01 96,256 -c--a-w C:\WINDOWS\system32\drivers\sptddrv1.sys 2008-06-27 20:00 --------- d-----w C:\Program Files\Zune 2008-06-27 19:59 --------- d-----w C:\Program Files\Sound Volume Hotkeys 2008-06-27 19:58 --------- d-----w C:\Program Files\iTunes 2008-06-27 19:58 --------- d-----w C:\Program Files\DAEMON Tools 2008-06-27 19:58 --------- d-----w C:\Program Files\AIM6 2008-06-27 19:58 --------- d-----w C:\Program Files\AIM 2008-06-26 20:24 --------- d-----w C:\Program Files\StepMania CVS 2008-06-24 01:36 --------- d-----w C:\Program Files\eMule 2008-06-23 00:59 --------- d-----w C:\Documents and Settings\Ed\Application Data\Skype 2008-06-22 21:36 --------- d-----w C:\Documents and Settings\Ed\Application Data\skypePM 2008-06-18 21:37 --------- d-----w C:\Program Files\LimeWire 2008-06-17 05:32 11,836 -c--a-w C:\Documents and Settings\Ed\Application Data\wklnhst.dat 2008-06-16 19:30 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-08 01:26 --------- d-----w C:\Program Files\mIRC 2008-06-01 17:04 --------- d-----w C:\Program Files\Ulead Systems 2008-06-01 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-06-01 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-01 16:23 --------- d-----w C:\Documents and Settings\Ed\Application Data\Ulead Systems 2008-05-30 08:27 --------- d-----w C:\Program Files\DivX 2008-05-29 17:10 --------- d-----w C:\Program Files\Lexmark X1100 Series 2008-05-29 08:56 --------- d-----w C:\Program Files\Last.fm 2008-05-20 03:02 --------- d-----w C:\Documents and Settings\Ed\Application Data\vlc 2008-05-18 02:46 --------- d-----w C:\Program Files\AllToAVI 2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-05-13 01:51 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll 2008-05-13 01:51 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll 2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-13 01:49 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-12 23:16 --------- d-----w C:\Program Files\Java 2008-05-12 03:26 --------- d-----w C:\Program Files\Trend Micro 2008-05-12 03:12 --------- d-----w C:\Program Files\Lavasoft 2008-05-12 03:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-12 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-12 03:09 --------- d-----w C:\Program Files\Vcsron 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-05-04 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7 2008-05-04 20:30 --------- d-----w C:\Program Files\jv16 PowerTools 2008 2008-05-03 13:55 --------- d-----w C:\Documents and Settings\George.COMPUTER\Application Data\LimeWire 2008-05-02 20:20 --------- d-----w C:\Program Files\Pcsx2_0.9.4 2008-05-02 20:20 --------- d-----w C:\Documents and Settings\Ed\Application Data\Metacafe 2008-05-02 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe 2008-05-01 20:33 --------- d-----w C:\Program Files\Autodesk 2008-04-29 23:56 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe 2008-04-29 23:56 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe 2008-04-29 23:39 70,144 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll 2008-04-29 23:39 62,464 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll 2008-04-29 23:39 40,704 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys 2008-04-29 23:39 35,328 ----a-w C:\WINDOWS\system32\ZuneUsbCOnnection.dll 2008-04-29 23:39 145,408 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll 2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-04-17 23:11 1,112,288 ----a-w C:\WINDOWS\system32\WdfCoInstaller01007.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2007-11-16 22:19 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-07-16 21:32 81,920 ----a-w C:\Documents and Settings\Ed\Application Data\ezpinst.exe 2007-07-16 21:32 47,360 ----a-w C:\Documents and Settings\Ed\Application Data\pcouffin.sys 2007-05-21 06:53 534 -c--a-w C:\Documents and Settings\Andy.COMPUTER\Application Data\wklnhst.dat 2007-04-27 02:00 604 -c-ha-w C:\Program Files\STLL Notifier 2007-03-28 23:06 696 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat 2007-01-17 19:48 439,296 -c--a-w C:\Documents and Settings\Compaq_Owner\GoToAssist_phone__317_en.exe 2006-03-14 01:54 840 -c--a-w C:\Documents and Settings\Emma.GEORGEMMA.000\Application Data\wklnhst.dat 2006-03-01 00:56 4,506 -c--a-w C:\Documents and Settings\Ed.GEORGEMMA\Application Data\wklnhst.dat 2006-02-14 23:35 508 -c--a-w C:\Documents and Settings\Andy.GEORGEMMA\Application Data\wklnhst.dat 2005-12-05 22:54 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2006-08-10 00:30 56 --sha-r C:\WINDOWS\system32\957DCF128A.sys 2006-08-10 00:30 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . CODE <pre> ----a-w 21,760,296 2008-03-21 04:49:35 C:\Program Files\Skype\Phone\Skype .exe </pre> ------- Sigcheck ------- 2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe 2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe 2004-08-04 08:00 14848 340a992968d7fecb91161a0636f15beb C:\WINDOWS\system32\lsass.exe 2004-08-04 08:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{349DB5C9-FBB0-4D84-AD5B-25AE40D17EE8}] C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\PV7BMU7E\3077ahntdksr[1].dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ca3f9a3-9488-4f34-8276-a783f6a41295}] 2008-06-26 18:27 106496 --a------ C:\WINDOWS\system32\urnkihru.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC549FE2-5615-457D-8244-A3A1ADF7B23F}] C:\WINDOWS\system32\ssqrs.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JARFile] @={45A9B2C0-0D04-4AE6-B2F6-544B5C5E1EF3} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-24 19:19 15360] "Aim6"="" [] "EventLog"="C:\WINDOWS\system32\event.exe" [ ] "Vcsron"="C:\Program Files\Vcsron\Vcsron.exe" [2008-05-07 14:20 57344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57 133016] "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2008-02-15 16:51 102400] "snp2std"="C:\WINDOWS\vsnp2std.exe" [2008-02-15 16:22 339968] "PS2"="C:\WINDOWS\system32\ps2.exe" [2008-02-15 16:22 98304] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-03-24 19:19 208952] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2008-03-24 19:19 44032] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-03-24 19:19 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-03-24 19:19 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-03-24 19:19 455168] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE] "6565676F716C7171"="3F3F0000000000.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232] "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-02-11 16:21 166304] "My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" [ ] "a0d3afb1"="C:\WINDOWS\system32\vxbyyclb.dll" [2008-06-26 18:24 80896] "BMa3e09c2d"="C:\WINDOWS\system32\mjfrvewd.dll" [2008-06-26 18:22 91648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-17 14:57 145920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-03-24 23:21 218496] C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-28 17:49:41 106496] RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784] C:\Documents and Settings\Ed.GEORGEMMA\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Emma.GEORGEMMA.000\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\George\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\George.COMPUTER\Start Menu\Programs\Startup\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784] C:\Documents and Settings\Andy\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Andy.COMPUTER\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Andy.GEORGEMMA.000\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Ed\Start Menu\Programs\Startup\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "ZJvdzCxv"= {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-06-14 21:29 9216 C:\WINDOWS\system32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsrSLF] geBsrSLF.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mfc850] mfc850.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhfdd] mljhfdd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spoolsvc] spoolsvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Ed\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk] C:\WINDOWS\system32\bpk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a--c--- 2005-03-23 16:34 58992 c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-03-24 19:19 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp] --a--c--- 2005-02-26 01:34 245760 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2006-09-25 14:54 229952 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] --a------ 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] --a--c--- 2004-10-14 16:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower] --a--c--- 2005-01-04 19:54 49152 C:\WINDOWS\system32\SiSPower.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"= "C:\\Program Files\\Google\\Google Earth\\GoogleEarth.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\Destiny\\RadioDestiny Broadcaster\\RadioDestiny Broadcaster.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Last.fm\\LastFM.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Skype\\Phone\\Skype .exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"= "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25:TCP"= 25:TCP:Outlook Express "9172:TCP"= 9172:TCP:BitComet 9172 TCP "9172:UDP"= 9172:UDP:BitComet 9172 UDP "22405:TCP"= 22405:TCP:BitComet 22405 TCP "22405:UDP"= 22405:UDP:BitComet 22405 UDP "49000:TCP"= 49000:TCP:BitComet 49000 TCP "49000:UDP"= 49000:UDP:BitComet 49000 UDP "19524:TCP"= 19524:TCP:BitComet 19524 TCP "19524:UDP"= 19524:UDP:BitComet 19524 UDP R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39] R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56] S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-09-21 14:31] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}] C:\Documents and Settings\Ed\Application Data\Microsoft\cfgmgr.vbs . Contents of the 'Scheduled Tasks' folder "2008-06-21 09:37:38 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe - E:\ . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-27 17:07:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\lexpps.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************ . Completion time: 2008-06-27 17:50:06 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-27 21:50:00 ComboFix2.txt 2008-06-26 22:57:57 ComboFix3.txt 2008-06-25 23:36:32 ComboFix4.txt 2008-06-25 08:35:18 ComboFix5.txt 2008-05-12 22:44:13 Pre-Run: 27,525,115,904 bytes free Post-Run: 27,477,852,160 bytes free 396 --- E O F --- 2008-06-20 10:23:33

Rorschach112 View Member Profile	Jun 27 2008, 05:31 PM Post #7
GeekU Teacher Posts: 35,418 From: Dublin OS: XP	Hello 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quotebox below into it: QUOTE KillAll:: File:: C:\WINDOWS\system32\urnkihru.dll C:\WINDOWS\system32\vxbyyclb.dll C:\WINDOWS\system32\mjfrvewd.dll RenV:: ----a-w 21,760,296 2008-03-21 04:49:35 C:\Program Files\Skype\Phone\Skype .exe Registry:: Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner and click Accept You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Also post a new HijackThis log

Haji View Member Profile	Jun 28 2008, 01:16 AM Post #8
Member Posts: 10 OS: XP	The Kaspersky report is much too long to put in a post I put it up on rapidshare(is that cool with you?): http://rapidshare.com/files/125557315/Kaspersky.html Here's the new HiJackthis log too: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:14:47 AM, on 6/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\WINDOWS\system32\ps2.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Vcsron\Vcsron.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {349DB5C9-FBB0-4D84-AD5B-25AE40D17EE8} - C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\PV7BMU7E\3077ahntdksr[1].dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {DC549FE2-5615-457D-8244-A3A1ADF7B23F} - C:\WINDOWS\system32\ssqrs.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing) O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [6565676F716C7171] 3F3F0000000000.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [a0d3afb1] rundll32.exe "C:\WINDOWS\system32\vxbyyclb.dll",b O4 - HKLM\..\Run: [BMa3e09c2d] Rundll32.exe "C:\WINDOWS\system32\mjfrvewd.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EventLog] C:\WINDOWS\system32\event.exe O4 - HKCU\..\Run: [Vcsron] C:\Program Files\Vcsron\Vcsron.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZR O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe (file missing) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll O20 - Winlogon Notify: geBsrSLF - geBsrSLF.dll (file missing) O20 - Winlogon Notify: mfc850 - mfc850.dll (file missing) O20 - Winlogon Notify: mljhfdd - mljhfdd.dll (file missing) O20 - Winlogon Notify: spoolsvc - spoolsvc.dll (file missing) O21 - SSODL: ZJvdzCxv - {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 14194 bytes Thank you very much for reading my posts and helping. Much appreciated!

Rorschach112 View Member Profile	Jun 28 2008, 08:10 AM Post #9
GeekU Teacher Posts: 35,418 From: Dublin OS: XP	So much malware, this is what you get when you use LimeWire 1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present): R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file) O2 - BHO: (no name) - {349DB5C9-FBB0-4D84-AD5B-25AE40D17EE8} - C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\PV7BMU7E\3077ahntdksr[1].dll (file missing) O2 - BHO: (no name) - {DC549FE2-5615-457D-8244-A3A1ADF7B23F} - C:\WINDOWS\system32\ssqrs.dll (file missing) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing) O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [6565676F716C7171] 3F3F0000000000.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w O4 - HKLM\..\Run: [a0d3afb1] rundll32.exe "C:\WINDOWS\system32\vxbyyclb.dll",b O4 - HKLM\..\Run: [BMa3e09c2d] Rundll32.exe "C:\WINDOWS\system32\mjfrvewd.dll",s O4 - HKCU\..\Run: [Vcsron] C:\Program Files\Vcsron\Vcsron.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZR O20 - AppInit_DLLs: O20 - Winlogon Notify: geBsrSLF - geBsrSLF.dll (file missing) O20 - Winlogon Notify: mfc850 - mfc850.dll (file missing) O20 - Winlogon Notify: mljhfdd - mljhfdd.dll (file missing) O20 - Winlogon Notify: spoolsvc - spoolsvc.dll (file missing) O21 - SSODL: ZJvdzCxv - {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll (file missing) O24 - Desktop Component 0: (no name) - (no file) 2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis. 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quotebox below into it: QUOTE KillAll:: File:: C:\12.tmp C:\14.tmp C:\BhEw.exe C:\Documents and Settings\Ed\Application Data\Microsoft\spoolsv.exe C:\Documents and Settings\Ed\Local Settings\Application Data\Mozilla\Firefox\Profiles\a4ftback.123\Cache(9)\B2512D21d01 C:\Documents and Settings\Ed\My Documents\My Documents\Ed\Local Settings\Temp\Temporary Internet Files\Content.IE5\C1QVGHQF\1[2].htm C:\Documents and Settings\George.COMPUTER\My Documents\PopularScreensaversSetup2.2.60.11-2.exe C:\Downloads\LimeWire Pro. 4.18.2\LimeWireWin.exe C:\Downloads\Spore Creature Creator - Full (100%).rar C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll C:\Program Files\Symdivx\Cache\000007cf_43f4ebc7_000af79e C:\Program Files\Symdivx\Cache\000011ef_43d329a0_00081b32 C:\Program Files\Symdivx\Cache\00004b72_43b86d0e_00040d99 C:\Program Files\Symdivx\Cache\00004ff8_43894ac6_0001312d C:\Program Files\Symdivx\Cache\00006efb_43d32a70_0008583b C:\Program Files\Symdivx\Cache\00007389_439a34f5_000a7d8c C:\Program Files\Vcsron C:\WINDOWS\bck7.dat C:\WINDOWS\ime\imjp8_1\imjpmig.exe.tmp C:\WINDOWS\ime\imkr6_1\imekrmig.exe.tmp C:\WINDOWS\POTA777444.exe C:\WINDOWS\system32\dbomluaj.dll C:\WINDOWS\system32\dlzg.dll C:\WINDOWS\system32\eeixrqcq.exe C:\WINDOWS\system32\heeqjanr.dll C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe.tmp C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe.tmp C:\WINDOWS\system32\nihwtioe.dll C:\WINDOWS\system32\qmcljkhl.dll C:\WINDOWS\system32\RCX23C.tmp C:\WINDOWS\system32\RCX30B.tmp C:\WINDOWS\system32\RCX3A5.tmp C:\WINDOWS\system32\RCX405.tmp C:\WINDOWS\system32\RCX49C.tmp C:\WINDOWS\system32\RCX54C.tmp C:\WINDOWS\system32\ugxhqhbc.dll C:\WINDOWS\system32\vxlxxqft.dll C:\WINDOWS\system32\xkrilaqf.exe C:\WINDOWS\ѕуstem32\netdde.exe Folder:: C:\12.tmp C:\14.tmp C:\BhEw.exe C:\Documents and Settings\Ed\Application Data\Microsoft\spoolsv.exe C:\Documents and Settings\Ed\Local Settings\Application Data\Mozilla\Firefox\Profiles\a4ftback.123\Cache(9)\B2512D21d01 C:\Documents and Settings\Ed\My Documents\My Documents\Ed\Local Settings\Temp\Temporary Internet Files\Content.IE5\C1QVGHQF\1[2].htm C:\Documents and Settings\George.COMPUTER\My Documents\PopularScreensaversSetup2.2.60.11-2.exe C:\Downloads\LimeWire Pro. 4.18.2\LimeWireWin.exe C:\Downloads\Spore Creature Creator - Full (100%).rar C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll C:\Program Files\Symdivx\Cache\000007cf_43f4ebc7_000af79e C:\Program Files\Symdivx\Cache\000011ef_43d329a0_00081b32 C:\Program Files\Symdivx\Cache\00004b72_43b86d0e_00040d99 C:\Program Files\Symdivx\Cache\00004ff8_43894ac6_0001312d C:\Program Files\Symdivx\Cache\00006efb_43d32a70_0008583b C:\Program Files\Symdivx\Cache\00007389_439a34f5_000a7d8c C:\Program Files\Vcsron C:\WINDOWS\bck7.dat C:\WINDOWS\ime\imjp8_1\imjpmig.exe.tmp C:\WINDOWS\ime\imkr6_1\imekrmig.exe.tmp C:\WINDOWS\POTA777444.exe C:\WINDOWS\system32\dbomluaj.dll C:\WINDOWS\system32\dlzg.dll C:\WINDOWS\system32\eeixrqcq.exe C:\WINDOWS\system32\heeqjanr.dll C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe.tmp C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe.tmp C:\WINDOWS\system32\nihwtioe.dll C:\WINDOWS\system32\qmcljkhl.dll C:\WINDOWS\system32\RCX23C.tmp C:\WINDOWS\system32\RCX30B.tmp C:\WINDOWS\system32\RCX3A5.tmp C:\WINDOWS\system32\RCX405.tmp C:\WINDOWS\system32\RCX49C.tmp C:\WINDOWS\system32\RCX54C.tmp C:\WINDOWS\system32\ugxhqhbc.dll C:\WINDOWS\system32\vxlxxqft.dll C:\WINDOWS\system32\xkrilaqf.exe C:\WINDOWS\ѕуstem32\netdde.exe DirLook:: C:\Documents and Settings\Andy.COMPUTER\Desktop\My Documents\My Documents\Andy\.limewire\.NetworkShare\Incomplete C:\Downloads FCOPY:: C:\WINDOWS\System32\dllcache\lsass.exe \| C:\WINDOWS\system32\lsass.exe Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Also post a new HijackThis log

Haji View Member Profile	Jun 28 2008, 04:44 PM Post #10
Member Posts: 10 OS: XP	Sorry but this is another really long report: http://www.mediafire.com/?trjj9eemmbx Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:44:14 PM, on 6/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EventLog] C:\WINDOWS\system32\event.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe (file missing) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 12641 bytes

Rorschach112 View Member Profile	Jun 28 2008, 05:41 PM Post #11
GeekU Teacher Posts: 35,418 From: Dublin OS: XP	Hello 1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present): O4 - HKCU\..\Run: [EventLog] C:\WINDOWS\system32\event.exe O24 - Desktop Component 0: (no name) - (no file) 2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis. 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: C:\Downloads\Ulead VideoStudio 11 Plus - crack.exe C:\Downloads\Ulead VideoStudio Plus 11.5 with Dolby Digital PowerPack\keygen.exe C:\Downloads\Ulead VideoStudio Plus 11.5 with Dolby Digital PowerPack\Read Me.txt Folder:: C:\Downloads\Macromedia DreamWeaver CS3 + Plugins and Crack C:\Downloads\FL STUDIO 5_XXL_cracked KillAll:: RenV:: ----a-w 21,760,296 2008-03-21 04:49:35 C:\Program Files\Skype\Phone\Skype .exe Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Haji View Member Profile	Jun 28 2008, 07:04 PM Post #12
Member Posts: 10 OS: XP	ok the new combofix log: ComboFix 08-06-20.4 - Ed 2008-06-28 20:09:07.9 - NTFSx86 Running from: C:\Documents and Settings\Ed\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Ed\Desktop\CFScript.txt.txt * Created a new restore point FILE :: C:\Downloads\Ulead VideoStudio 11 Plus - crack.exe C:\Downloads\Ulead VideoStudio Plus 11.5 with Dolby Digital PowerPack\keygen.exe C:\Downloads\Ulead VideoStudio Plus 11.5 with Dolby Digital PowerPack\Read Me.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Downloads\FL STUDIO 5_XXL_cracked C:\Downloads\FL STUDIO 5_XXL_cracked\FLRegkey.Reg C:\Downloads\FL STUDIO 5_XXL_cracked\FLStudio5_XXL_Install.exe C:\Downloads\FL STUDIO 5_XXL_cracked\fruity loops - tutorials.pdf C:\Downloads\FL STUDIO 5_XXL_cracked\Fruity Loops 5XXL Crack\FL.EXE C:\Downloads\FL STUDIO 5_XXL_cracked\READ ME BORFRE INSTALL!!!!!!!!.txt C:\Downloads\Macromedia DreamWeaver CS3 + Plugins and Crack C:\Downloads\Macromedia DreamWeaver CS3 + Plugins and Crack\Macromedia DreamWeaver CS3 + Crack.daa C:\Downloads\Macromedia DreamWeaver CS3 + Plugins and Crack\Macromedia DreamWeaver Plugins All In One 2007.daa C:\Downloads\Macromedia DreamWeaver CS3 + Plugins and Crack\Readme.txt C:\Downloads\Ulead VideoStudio 11 Plus - crack.exe C:\Downloads\Ulead VideoStudio Plus 11.5 with Dolby Digital PowerPack\keygen.exe C:\Downloads\Ulead VideoStudio Plus 11.5 with Dolby Digital PowerPack\Read Me.txt . ((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 ))))))))))))))))))))))))))))))) . 2008-06-27 21:12 . 2008-06-27 21:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-27 21:12 . 2008-06-27 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-23 21:36 . 2008-06-23 21:36 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\eMule 2008-06-16 14:41 . 2008-06-16 14:41 <DIR> d-------- C:\Program Files\PowerISO 2008-06-15 20:35 . 2008-06-15 20:43 <DIR> d-------- C:\Program Files\Flv Audio Extractor 2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 17:38 . 2008-03-21 13:57 14,640 --a------ C:\WINDOWS\system32\spmsgXP_2k3.dll 2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf 2008-06-08 07:57 . 2008-06-08 07:57 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Move Networks 2008-06-01 18:18 . 2008-06-01 21:33 117 --a------ C:\WINDOWS\CIV.INI 2008-06-01 13:09 . 2008-06-01 13:09 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\InstallShield 2008-06-01 13:06 . 2008-06-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo 2008-06-01 13:04 . 2008-06-01 13:05 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems 2008-06-01 08:08 . 2008-06-01 08:08 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Ulead Systems 2008-05-31 14:06 . 2008-05-31 14:06 <DIR> d-------- C:\Program Files\Common Files\InterVideo 2008-05-31 14:04 . 2008-05-31 14:04 <DIR> d-------- C:\Program Files\Windows Media Components . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-28 17:07 --------- d-----w C:\Program Files\DivX 2008-06-28 15:43 --------- d-----w C:\Documents and Settings\George.COMPUTER\Application Data\DivX 2008-06-27 21:06 --------- d-----w C:\Program Files\QuickTime 2008-06-27 21:06 --------- d-----w C:\Program Files\iTunes 2008-06-27 21:06 --------- d-----w C:\Program Files\DAEMON Tools 2008-06-27 21:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-27 21:06 --------- d-----w C:\Program Files\AIM 2008-06-27 21:01 96,256 -c--a-w C:\WINDOWS\system32\drivers\sptddrv1.sys 2008-06-27 20:00 --------- d-----w C:\Program Files\Zune 2008-06-27 19:59 --------- d-----w C:\Program Files\Sound Volume Hotkeys 2008-06-27 19:58 --------- d-----w C:\Program Files\AIM6 2008-06-26 20:24 --------- d-----w C:\Program Files\StepMania CVS 2008-06-24 01:36 --------- d-----w C:\Program Files\eMule 2008-06-23 00:59 --------- d-----w C:\Documents and Settings\Ed\Application Data\Skype 2008-06-22 21:36 --------- d-----w C:\Documents and Settings\Ed\Application Data\skypePM 2008-06-18 21:37 --------- d-----w C:\Program Files\LimeWire 2008-06-17 05:32 11,836 -c--a-w C:\Documents and Settings\Ed\Application Data\wklnhst.dat 2008-06-16 19:30 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-08 01:26 --------- d-----w C:\Program Files\mIRC 2008-06-01 17:04 --------- d-----w C:\Program Files\Ulead Systems 2008-06-01 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-06-01 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-01 16:23 --------- d-----w C:\Documents and Settings\Ed\Application Data\Ulead Systems 2008-05-29 17:10 --------- d-----w C:\Program Files\Lexmark X1100 Series 2008-05-29 08:56 --------- d-----w C:\Program Files\Last.fm 2008-05-20 03:02 --------- d-----w C:\Documents and Settings\Ed\Application Data\vlc 2008-05-18 02:46 --------- d-----w C:\Program Files\AllToAVI 2008-05-12 23:16 --------- d-----w C:\Program Files\Java 2008-05-12 03:26 --------- d-----w C:\Program Files\Trend Micro 2008-05-12 03:12 --------- d-----w C:\Program Files\Lavasoft 2008-05-12 03:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-12 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-04 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7 2008-05-04 20:30 --------- d-----w C:\Program Files\jv16 PowerTools 2008 2008-05-03 13:55 --------- d-----w C:\Documents and Settings\George.COMPUTER\Application Data\LimeWire 2008-05-02 20:20 --------- d-----w C:\Program Files\Pcsx2_0.9.4 2008-05-02 20:20 --------- d-----w C:\Documents and Settings\Ed\Application Data\Metacafe 2008-05-02 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe 2008-05-01 20:33 --------- d-----w C:\Program Files\Autodesk 2008-04-29 23:39 40,704 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys 2007-11-16 22:19 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-07-16 21:32 81,920 ----a-w C:\Documents and Settings\Ed\Application Data\ezpinst.exe 2007-07-16 21:32 47,360 ----a-w C:\Documents and Settings\Ed\Application Data\pcouffin.sys 2007-05-21 06:53 534 -c--a-w C:\Documents and Settings\Andy.COMPUTER\Application Data\wklnhst.dat 2007-04-27 02:00 604 -c-ha-w C:\Program Files\STLL Notifier 2007-03-28 23:06 696 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat 2007-01-17 19:48 439,296 -c--a-w C:\Documents and Settings\Compaq_Owner\GoToAssist_phone__317_en.exe 2006-03-14 01:54 840 -c--a-w C:\Documents and Settings\Emma.GEORGEMMA.000\Application Data\wklnhst.dat 2006-03-01 00:56 4,506 -c--a-w C:\Documents and Settings\Ed.GEORGEMMA\Application Data\wklnhst.dat 2006-02-14 23:35 508 -c--a-w C:\Documents and Settings\Andy.GEORGEMMA\Application Data\wklnhst.dat 2005-12-05 22:54 774,144 -c--a-w C:\Program Files\RngInterstitial.dll 2006-08-10 00:30 56 --sha-r C:\WINDOWS\system32\957DCF128A.sys 2006-08-10 00:30 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . CODE <pre> ----a-w 21,760,296 2008-03-21 04:49:35 C:\Program Files\Skype\Phone\Skype .exe </pre> ------- Sigcheck ------- 2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe 2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-27_17.49.18.43 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-27 21:01:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-29 00:17:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-13 01:50:06 682,496 ----a-w C:\WINDOWS\system32\DivX.dll + 2008-05-30 23:22:46 683,520 ----a-w C:\WINDOWS\system32\DivX.dll - 2008-05-13 01:50:08 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll + 2008-05-30 23:22:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll - 2008-05-13 01:50:08 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll + 2008-05-30 23:22:46 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll - 2008-05-13 01:50:08 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll + 2008-05-30 23:22:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll - 2008-05-13 01:50:08 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll + 2008-05-30 23:22:48 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll - 2008-05-13 01:49:28 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe + 2008-05-22 22:19:12 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe - 2008-05-13 01:53:20 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe + 2008-05-22 22:22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe - 2008-05-13 01:49:02 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll + 2008-05-22 22:18:54 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll - 2008-05-13 01:50:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll + 2008-05-22 22:19:46 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll - 2008-05-13 01:50:10 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll + 2008-05-30 23:22:54 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll - 2008-05-13 01:50:10 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll + 2008-05-30 23:22:54 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll - 2008-05-13 01:50:12 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll + 2008-05-30 23:22:58 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll - 2008-05-13 01:50:12 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll + 2008-05-30 23:22:54 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll - 2008-05-13 01:50:12 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll + 2008-05-30 23:22:54 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll - 2008-05-13 01:50:12 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll + 2008-05-30 23:22:54 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll - 2008-05-13 01:50:16 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll + 2008-05-22 22:19:46 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll + 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll - 2008-05-13 01:51:10 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll + 2008-05-22 22:20:42 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll - 2004-08-04 12:00:00 14,848 ----a-w C:\WINDOWS\system32\lsass.exe + 2004-08-04 12:00:00 13,312 ----a-w C:\WINDOWS\system32\lsass.exe - 2008-05-13 01:53:16 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll + 2008-05-22 22:22:18 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll - 2008-05-13 01:51:10 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll + 2008-05-22 22:20:42 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll + 2008-06-29 00:20:19 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_4d0.dat + 2008-06-29 00:22:23 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JARFile] @={45A9B2C0-0D04-4AE6-B2F6-544B5C5E1EF3} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-24 19:19 15360] "Aim6"="" [] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-14 19:15 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57 133016] "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2008-02-15 16:51 102400] "snp2std"="C:\WINDOWS\vsnp2std.exe" [2008-02-15 16:22 339968] "PS2"="C:\WINDOWS\system32\ps2.exe" [2008-02-15 16:22 98304] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-03-24 19:19 208952] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2008-03-24 19:19 44032] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-03-24 19:19 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-03-24 19:19 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-03-24 19:19 455168] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232] "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-02-11 16:21 166304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-17 14:57 145920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-03-24 23:21 218496] C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-28 17:49:41 106496] RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784] C:\Documents and Settings\Ed.GEORGEMMA\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Emma.GEORGEMMA.000\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\George\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\George.COMPUTER\Start Menu\Programs\Startup\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784] C:\Documents and Settings\Andy\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Andy.COMPUTER\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Andy.GEORGEMMA.000\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456] C:\Documents and Settings\Ed\Start Menu\Programs\Startup\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-06-14 21:29 9216 C:\WINDOWS\system32\avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Ed\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk] C:\WINDOWS\system32\bpk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a--c--- 2005-03-23 16:34 58992 c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-03-24 19:19 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp] --a--c--- 2005-02-26 01:34 245760 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2006-09-25 14:54 229952 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] --a------ 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] --a--c--- 2004-10-14 16:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower] --a--c--- 2005-01-04 19:54 49152 C:\WINDOWS\system32\SiSPower.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"= "C:\\Program Files\\Google\\Google Earth\\GoogleEarth.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\Destiny\\RadioDestiny Broadcaster\\RadioDestiny Broadcaster.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Last.fm\\LastFM.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Skype\\Phone\\Skype .exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"= "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25:TCP"= 25:TCP:Outlook Express "9172:TCP"= 9172:TCP:BitComet 9172 TCP "9172:UDP"= 9172:UDP:BitComet 9172 UDP "22405:TCP"= 22405:TCP:BitComet 22405 TCP "22405:UDP"= 22405:UDP:BitComet 22405 UDP "49000:TCP"= 49000:TCP:BitComet 49000 TCP "49000:UDP"= 49000:UDP:BitComet 49000 UDP "19524:TCP"= 19524:TCP:BitComet 19524 TCP "19524:UDP"= 19524:UDP:BitComet 19524 UDP R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39] S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-09-21 14:31] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}] C:\Documents and Settings\Ed\Application Data\Microsoft\cfgmgr.vbs . Contents of the 'Scheduled Tasks' folder "2008-06-28 19:16:05 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe - E:\ . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-28 20:18:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\lexpps.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WudfHost.exe . ************************************************************************ . Completion time: 2008-06-28 20:59:59 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-29 00:59:51 ComboFix2.txt 2008-06-28 22:30:56 ComboFix3.txt 2008-06-28 01:03:12 ComboFix4.txt 2008-06-27 21:50:08 ComboFix5.txt 2008-06-26 22:57:57 Pre-Run: 19,491,409,920 bytes free Post-Run: 19,393,908,736 bytes free 351 --- E O F --- 2008-06-20 10:23:33

Rorschach112 View Member Profile	Jun 29 2008, 08:02 AM Post #13
GeekU Teacher Posts: 35,418 From: Dublin OS: XP	Hello 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quotebox below into it: QUOTE KillAll:: File:: C:\Program Files\Skype\Phone\Skype .exe Folder:: Registry:: Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Also post a new HijackThis log

Haji View Member Profile	Jul 1 2008, 05:41 PM Post #14
Member Posts: 10 OS: XP	malwarebytes: Malwarebytes' Anti-Malware 1.19 Database version: 913 Windows 5.1.2600 Service Pack 2 7:26:32 PM 7/1/2008 mbam-log-7-1-2008 (19-26-32).txt Scan type: Quick Scan Objects scanned: 68433 Time elapsed: 7 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 116 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 4 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Unloaded module successfully. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\whInstall (Adware.WebHancer) -> Quarantined and deleted successfully. C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\meow four dale link (Trojan.Downloader) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Delete on reboot. C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\WhenU\Learn More About Save!.url (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\WhenU\Learn More About SaveNow.url (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\WhenU\WhenU.com Website.url (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\George.COMPUTER\Desktop\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\George.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:38:05 PM, on 7/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\vsnp2std.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe (file missing) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 12542 bytes

Rorschach112 View Member Profile	Jul 1 2008, 05:42 PM Post #15
GeekU Teacher Posts: 35,418 From: Dublin OS: XP	Can you post the ComboFix log as well And tell me how the PC is running

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal please help with this malware problem [RESOLVED] 12	16 / 915	1st September 2008 - 08:43 AM hatefulmalware started - last by kahdah
Virus, Spyware and Trojan Removal Possible malware problem [RESOLVED] 12	16 / 805	26th September 2008 - 02:19 PM ttsstr5 started - last by andrewuk
Virus, Spyware and Trojan Removal Malware problem... [RESOLVED] 12	21 / 945	1st December 2008 - 09:28 AM HCRX311 started - last by Rorschach112
Virus, Spyware and Trojan Removal Malware problem? [RESOLVED] 12	17 / 701	29th November 2008 - 11:32 PM ~Mix started - last by emeraldnzl