Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

The ISM Pop-up [CLOSED]


  • This topic is locked This topic is locked

#1
sasslilmissy

sasslilmissy

    New Member

  • Member
  • Pip
  • 2 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:45 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddayw.exe
O2 - BHO: (no name) - {6067C178-B1B6-47C2-A680-9E33974E0E6E} - C:\WINDOWS\system32\ddayw.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [umrk] C:\Program Files\Common Files\umrk\umrkm.exe
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.re...lbar/lexico.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbxvwww - cbxvwww.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\zyroryq.html

--
End of file - 9118 bytes
this is what i was told to paste here from the hijackthis thing. i did every thing that i was told to do now what do i do? i am still getting pop-ups.
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi sasslilmissy and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your problem. Your main problem appears to be an infection caused by a Vundo File Infector trojan that attacks startup programs and replaces legitimate files with others that look legitimate but are not. We will attempt to reverse the process as much as possible but you may end up having to reinstall a couple of programs.


Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  • 0

#3
sasslilmissy

sasslilmissy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
ComboFix 08-01-04.1 - Melissa Zube 2008-01-06 12:21:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.485 [GMT -5:00]
Running from: C:\Documents and Settings\Melissa Zube\Local Settings\Temporary Internet Files\Content.IE5\VIAE1ZSD\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Melissa Zube\Application Data\WinTouch
C:\Documents and Settings\Melissa Zube\Local Settings\Temp\MskDetct.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\Program Files\ContextTool\pcre3.dll
C:\Program Files\ContextTool\uninstall.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\inetget2
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\kernel\kernel.exe
C:\Program Files\McAfee\SpamKiller\MSKAGE~1 .EXE
C:\Program Files\McAfee\SpamKiller\MSKAGE~2 .EXE
C:\Program Files\McAfee\SpamKiller\MSKAGE~2.EXE
C:\Program Files\McAfee\SpamKiller\MSKAGE~3.EXE
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft IntelliPoint\ipoint .exe
C:\Program Files\Microsoft IntelliType Pro\itype .exe
C:\Program Files\outlook
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Router
C:\Program Files\Router\UnInstall.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Temporary
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\ddayw.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\sprt_ads.dll
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\wyadd.ini
C:\WINDOWS\system32\wyadd.ini2
C:\winlogon.exe
C:\x.dat
C:\z.dat
C:\WINDOWS\Fonts\'

<pre>
"C:\Documents and Settings\Melissa Zube\Local Settings\Temp\MskDetct .exe" replaces infected copy of "C:\Documents and Settings\Melissa Zube\Local Settings\Temp\MskDetct.exe"
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe" replaces infected copy of "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm	 .exe" replaces infected copy of "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
"C:\Program Files\DellSupport\DSAgnt .exe" replaces infected copy of "C:\Program Files\DellSupport\DSAgnt.exe"
"C:\Program Files\McAfee\SpamKiller\MSKAGE~3 .EXE" replaces infected copy of "C:\Program Files\McAfee\SpamKiller\MSKAGE~3.EXE"
"C:\Program Files\McAfee\SpamKiller\MSKDetct .exe" replaces infected copy of "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
"C:\Program Files\Microsoft IntelliPoint\ipoint .exe" moved to QooBox
"C:\Program Files\Microsoft IntelliType Pro\itype .exe" moved to QooBox
"C:\Program Files\QuickTime\qttask		.exe" replaces infected copy of "C:\Program Files\QuickTime\qttask.exe"
"C:\Program Files\QuickTime\qttask   .exe" replaces infected copy of "C:\Program Files\QuickTime\qttask.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe" replaces infected copy of "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" replaces infected copy of "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
"C:\Program Files\Yahoo!\Messenger\YAHOOM~1  .EXE" replaces infected copy of "C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE"
</pre>
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 12:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 23:17 . 2008-01-04 23:43 <DIR> d-------- C:\Program Files\IMVU
2008-01-04 23:17 . 2008-01-05 12:26 <DIR> d-------- C:\Documents and Settings\Melissa Zube\Application Data\IMVU
2008-01-04 21:05 . 2008-01-04 21:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 21:03 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\cvvhojnixxjg.sys
2008-01-04 20:47 . 2008-01-05 00:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 20:47 . 2008-01-04 20:58 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-04 20:47 . 2008-01-04 20:58 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-04 20:47 . 2008-01-04 20:58 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-04 16:53 . 2008-01-04 16:53 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-01-04 16:40 . 2008-01-06 12:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-04 16:40 . 2008-01-04 16:40 <DIR> d-------- C:\Documents and Settings\Melissa Zube\Application Data\SUPERAntiSpyware.com
2008-01-04 16:40 . 2008-01-04 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-04 16:39 . 2008-01-04 16:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-04 12:43 . 2008-01-04 12:43 <DIR> d-------- C:\Documents and Settings\Melissa Zube\Application Data\Grisoft
2008-01-04 12:42 . 2008-01-04 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-04 12:42 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-03 20:07 . 2008-01-06 12:26 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-03 18:34 . 2008-01-03 18:34 <DIR> d-------- C:\Program Files\Adssite Games Collection
2008-01-03 18:34 . 2008-01-03 18:34 77,353 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2008-01-03 16:07 . 2008-01-06 12:26 <DIR> d-------- C:\Program Files\kernel
2008-01-03 14:32 . 2008-01-03 18:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-03 14:32 . 2008-01-03 14:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-01 12:53 . 2008-01-01 12:53 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-01-01 12:53 . 2008-01-01 12:53 <DIR> d-------- C:\Program Files\ArcSoft
2008-01-01 12:53 . 2008-01-01 12:53 <DIR> d-------- C:\Documents and Settings\Melissa Zube\Application Data\ArcSoft
2008-01-01 12:53 . 2005-04-27 16:36 245,408 -ra------ C:\WINDOWS\system32\unicows.dll
2008-01-01 12:53 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-01 12:53 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-01-01 12:47 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-01-01 12:47 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-01-01 12:47 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-01-01 12:47 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-01 12:46 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-01-01 12:46 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-01 12:46 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-01-01 12:46 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-01-01 12:46 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-01-01 12:44 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-01-01 12:44 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-01-01 12:44 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-01 12:44 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-01-01 12:44 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-01-01 12:38 . 2008-01-01 12:38 <DIR> d-------- C:\WINDOWS\PixArt
2008-01-01 12:38 . 2008-01-01 12:38 <DIR> d-------- C:\Program Files\PC VGA [email protected] Plus
2008-01-01 12:38 . 2008-01-01 12:38 <DIR> d-------- C:\Program Files\Common Files\PAC7302
2008-01-01 12:38 . 2006-11-03 10:59 48,128 --a------ C:\WINDOWS\system32\Remove.exe
2008-01-01 12:38 . 2007-08-23 10:43 322 --a------ C:\WINDOWS\system32\Remover.ini
2008-01-01 12:34 . 2008-01-04 23:15 <DIR> d-------- C:\Program Files\RcvSystem
2007-12-31 06:56 . 2007-12-31 06:56 8 --a------ C:\WINDOWS\system32\202dcf54
2007-12-31 05:51 . 2007-12-31 05:51 <DIR> d-------- C:\WINDOWS\umrk
2007-12-31 05:51 . 2008-01-04 20:36 <DIR> d-------- C:\Program Files\Common Files\umrk
2007-12-30 19:31 . 2007-12-30 19:31 1,409 --a------ C:\WINDOWS\system32\tmpFAE2E.FOT
2007-12-30 19:31 . 2007-12-30 19:31 1,409 --a------ C:\WINDOWS\system32\tmpD813E.FOT
2007-12-30 19:31 . 2007-12-30 19:31 1,409 --a------ C:\WINDOWS\system32\tmpD143E.FOT
2007-12-30 19:31 . 2007-12-30 19:31 1,409 --a------ C:\WINDOWS\system32\tmpA7F2E.FOT
2007-12-30 19:31 . 2007-12-30 19:31 1,409 --a------ C:\WINDOWS\system32\tmp5E23E.FOT
2007-12-30 19:31 . 2007-12-30 19:31 1,409 --a------ C:\WINDOWS\system32\tmp4603E.FOT
2007-12-30 12:44 . 2008-01-04 12:45 <DIR> d-------- C:\Program Files\AIM6
2007-12-30 12:44 . 2007-12-30 12:47 446 --ah----- C:\IPH.PH
2007-12-28 13:05 . 2007-12-28 13:05 <DIR> d-------- C:\Documents and Settings\Melissa Zube\Application Data\PC Tools
2007-12-28 13:03 . 2008-01-04 23:15 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2007-12-28 13:03 . 2007-12-28 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-12-28 13:03 . 2007-09-17 13:38 22,528 --a------ C:\WINDOWS\system32\drivers\AVHook.sys
2007-12-28 13:03 . 2007-09-17 13:38 15,872 --a------ C:\WINDOWS\system32\drivers\AVRec.sys
2007-12-28 13:03 . 2007-09-17 13:38 15,872 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys
2007-12-28 07:47 . 2008-01-03 17:13 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-28 07:37 . 2007-12-28 07:37 4 --a------ C:\WINDOWS\msoffice.ini
2007-12-27 21:03 . 2007-12-27 21:03 <DIR> d-------- C:\Documents and Settings\Melissa Zube\Application Data\CyberLink
2007-12-27 20:39 . 2007-12-27 20:39 <DIR> d-------- C:\Program Files\TryMedia
2007-12-27 20:37 . 2007-12-27 20:37 <DIR> d-------- C:\Program Files\Infogrames
2007-12-27 15:23 . 2008-01-04 11:33 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-27 14:52 . 2007-12-27 14:52 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-27 14:49 . 2008-01-04 20:36 <DIR> d-------- C:\WINDOWS\system32\to9
2007-12-27 14:49 . 2008-01-05 00:02 <DIR> d-------- C:\WINDOWS\system32\dj2
2007-12-27 14:49 . 2007-12-27 15:17 <DIR> d-------- C:\WINDOWS\system32\bbc9
2007-12-27 14:49 . 2008-01-05 00:00 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2007-12-27 14:49 . 2007-12-27 14:49 <DIR> d-------- C:\temp\cEeer12
2007-12-27 14:49 . 2007-12-29 22:17 39,936 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp
2007-12-27 14:49 . 2007-12-27 14:49 134 --a------ C:\n.bat
2007-12-27 14:47 . 2008-01-04 11:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 23:49 . 2007-12-24 23:49 <DIR> d-------- C:\WINDOWS\Diner Dash
2007-12-24 23:49 . 2007-12-29 22:20 <DIR> d-------- C:\Program Files\Diner Dash
2007-12-24 23:45 . 2007-12-24 23:45 <DIR> d-------- C:\Program Files\THQ
2007-12-24 23:42 . 2007-12-24 23:42 <DIR> d-------- C:\Program Files\Diner Dash 2
2007-12-24 23:37 . 2007-12-30 21:51 <DIR> d-------- C:\Program Files\Mystery Case Files Prime Suspects
2007-12-24 23:04 . 2008-01-04 22:07 <DIR> d-------- C:\Program Files\Fish Tycoon
2007-12-24 23:04 . 2005-12-28 18:03 40,960 --a------ C:\WINDOWS\system32\Fish Tycoon.scr
2007-12-24 21:03 . 2008-01-03 17:00 <DIR> d-------- C:\Program Files\CyberLink
2007-12-24 21:03 . 2007-12-24 21:03 <DIR> d-------- C:\MyWorks
2007-12-24 21:02 . 2007-12-24 21:02 <DIR> d-------- C:\Program Files\NOVA Development
2007-12-24 03:20 . 2007-12-29 02:02 <DIR> d-------- C:\Program Files\Cinema Tycoon Gold
2007-12-23 03:52 . 2007-12-24 19:41 <DIR> d-------- C:\Program Files\Xmas Bonus
2007-12-23 03:45 . 2007-12-23 03:45 <DIR> d-------- C:\Program Files\Guardian
2007-12-23 03:27 . 2007-12-23 03:27 <DIR> d-------- C:\Program Files\Gift Shop
2007-12-23 02:32 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-22 21:46 . 2008-01-01 12:38 <DIR> d-------- C:\WINDOWS\PAC207
2007-12-22 21:46 . 2007-12-22 21:46 <DIR> d-------- C:\Program Files\WMV9_VCM
2007-12-22 21:46 . 2007-12-22 21:46 <DIR> d-------- C:\Program Files\PC Camera
2007-12-22 21:46 . 2007-12-23 05:51 12 --a------ C:\WINDOWS\EZMediaBox2.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 17:28 --------- d-----w C:\Program Files\QuickTime
2008-01-06 17:28 --------- d-----w C:\Program Files\DellSupport
2008-01-06 17:26 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-01-06 17:26 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-05 04:10 --------- d-----w C:\Program Files\LimeWire
2008-01-05 03:51 --------- d-----w C:\Program Files\DIGStream
2008-01-05 03:51 --------- d-----w C:\Program Files\Digital Line Detect
2008-01-04 22:01 --------- d-----w C:\Documents and Settings\Melissa Zube\Application Data\LimeWire
2008-01-04 17:26 --------- d-----w C:\Program Files\RXToolBar
2008-01-03 22:12 --------- d-----w C:\Program Files\Google
2008-01-03 22:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 12:34 --------- d-----w C:\Program Files\Believe In Santa
2007-12-31 11:50 --------- d-----w C:\Program Files\Battleship
2007-12-30 17:45 --------- d-----w C:\Program Files\Viewpoint
2007-12-30 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-30 17:44 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-28 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-28 12:32 --------- d-----w C:\Program Files\Dell
2007-12-24 05:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-12-23 19:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-12-23 10:49 --------- d-----w C:\Program Files\The Dark Legions
2007-12-23 10:47 --------- d-----w C:\Program Files\Common Files\Real
2007-12-23 07:56 --------- d-----w C:\Documents and Settings\Melissa Zube\Application Data\DivX
2007-12-07 09:25 --------- d-----w C:\Documents and Settings\Melissa Zube\Application Data\McAfee.com Personal Firewall
2007-12-07 04:36 --------- d-----w C:\Program Files\WildTangent
2007-12-07 01:28 --------- d-----w C:\Program Files\Java
2007-12-06 17:55 --------- d-----w C:\Program Files\Fashion Fits
2007-12-06 14:26 --------- d-----w C:\Program Files\Cindys Sundaes
2007-12-05 07:59 --------- d-----w C:\Documents and Settings\Melissa Zube\Application Data\Yahoo!
2007-12-05 07:55 --------- d-----w C:\Program Files\Yahoo!
2007-12-05 07:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-05 05:26 --------- d-----w C:\Program Files\City Magnate
2007-12-05 05:03 --------- d-----w C:\Program Files\Chainz
2007-12-04 09:24 --------- d-----w C:\Program Files\Miss Management
2007-12-04 09:18 --------- d-----w C:\Program Files\Westward
2007-12-04 09:18 --------- d-----w C:\Documents and Settings\Melissa Zube\Application Data\Gamelab
2007-12-04 09:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-12-04 09:16 --------- d-----w C:\Documents and Settings\Melissa Zube\Application Data\iWin
2007-12-04 09:09 --------- d-----w C:\Program Files\Elf Bowling The Last Insult
2007-12-04 08:51 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-12-04 08:33 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-04 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-04 08:28 --------- d-----w C:\Program Files\DivX
2007-12-04 08:27 --------- d-----w C:\Program Files\AVI Codec Pack
2007-12-04 08:11 --------- d-----w C:\Program Files\LEGO Chic Boutique
2007-12-04 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-12-04 07:36 --------- d-----w C:\Program Files\Funky Farm
2007-12-04 07:10 --------- d-----w C:\Program Files\Delicious Deluxe
2007-12-04 07:07 --------- d-----w C:\Program Files\Delicious 2 Deluxe
2007-12-04 05:19 --------- d-----w C:\Documents and Settings\Melissa Zube\Application Data\ViquaSoft
2007-12-04 04:31 --------- d-----w C:\Program Files\Birdies
2007-12-04 04:23 --------- d-----w C:\Program Files\Buildalot
2007-12-04 04:22 --------- d-----w C:\Program Files\ReflexiveArcade
2007-12-04 02:38 --------- d-----w C:\Program Files\Need2Find
2007-12-04 02:17 --------- d--h--w C:\Documents and Settings\Melissa Zube\Application Data\Gtek
2007-12-04 02:12 --------- d-----w C:\Program Files\WinMX
2007-12-04 00:33 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\McAfee.com Personal Firewall
2007-11-17 23:57 130,048 ----a-w C:\WINDOWS\mpcodecplg.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.
<pre>
----a-w		   131,072 2007-12-30 03:17:59  C:\Documents and Settings\Melissa Zube\Local Settings\Temp\20071228131551_mcappins .exe
----a-w			50,528 2008-01-03 21:32:18  C:\Program Files\AIM6\aim6 .exe
----a-w			81,920 2008-01-04 16:34:08  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w			94,208 2008-01-04 16:34:08  C:\Program Files\Dell\Media Experience\DMXLauncher .exe
----a-w			77,824 2007-12-28 16:38:08  C:\Program Files\Gamevance\gamevance32 .exe
----a-w		   171,448 2008-01-04 16:34:19  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w			49,152 2008-01-04 16:34:11  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   241,664 2008-01-04 16:34:12  C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
----a-w		   139,264 2008-01-04 16:34:07  C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif .exe
----a-w		   132,496 2008-01-04 16:34:10  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		   110,592 2007-12-28 18:14:42  C:\Program Files\McAfee\SpamKiller\MskAgent .exe
----a-w		 1,082,664 2008-01-04 16:34:13  C:\Program Files\PC Tools AntiVirus\PCTAV .exe
----a-w		   715,888 2008-01-04 16:34:24  C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather .exe
----a-w			67,584 2008-01-04 16:34:07  C:\WINDOWS\ehome\ehtray .exe
----a-w			15,360 2008-01-04 16:33:28  C:\WINDOWS\system32\ctfmon .exe
----a-w		   122,940 2008-01-04 16:34:08  C:\WINDOWS\system32\DLA\DLACTRLW .EXE
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2008-01-04 15:55 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2008-01-03 14:21 4670704]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [ ]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [ ]
"umrk"="C:\Program Files\Common Files\umrk\umrkm.exe" [ ]
"kernel"="C:\Program Files\kernel\kernel.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 339968 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-04 11:34 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"nvchost"="C:\WINDOWS\winlogon.exe" [ ]
"PAC7302_Monitor"="C:\WINDOWS\PixArt\PAC7302\Monitor.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]

C:\Documents and Settings\Melissa Zube\Start Menu\Programs\Startup\
IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2007-12-19 21:00:16]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-12-03 16:35:53]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-31 13:41:12]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe [2007-12-22 16:58:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows Media Player\zyroryq.html
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvwww]
cbxvwww.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RXToolBar]
regsvr32 /s C:\Program Files\RXToolBar\RXToolBar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-09-05 11:21]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
R3 PAC7302;PC VGA [email protected] Plus;C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-08-22 19:37]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe" [2007-12-04 19:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afa27b4a-a2f2-11dc-b2b2-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/...654339762517214

.
Contents of the 'Scheduled Tasks' folder
"2008-01-06 17:32:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 12:29:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 12:36:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 17:36:08


I did that and this is what I got back in that report and this is the updated hij report,



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:52 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [umrk] C:\Program Files\Common Files\umrk\umrkm.exe
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Melissa Zube\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.re...lbar/lexico.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbxvwww - cbxvwww.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\zyroryq.html

--
End of file - 9079 bytes
:) :)

Edited by sasslilmissy, 06 January 2008 - 11:57 AM.

  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your system has been seriously compromised and personal information HAS been collected and transmitted to the bad guys. You will have to find out what information was transmitted and advise any financial institutions that may be included in the data that your information has been stolen. In addition, all passwords discovered in that data must be changed immediately using a different machine than the one that is so badly infected.

A. To find out what information has been collected, use Windows Explorer and go to C:\Qoobox where you will find the following files:

C:\x.dat.vir
C:\z.dat.vir


Right click on those files and rename them to C:\x.dat and C:\z.dat

Now open these files in Notepad and you should be able to see what information has already been transmitted. As soon as you have a copy of that information, immediately DELETE those two files and take the appropriate measures mentioned above.


Your system is also infected with a file infector which has replaced many of the Startup executables on your system. Some programs may be salvageable , others will have to be uninstalled, then reinstalled.

I recommend that, after taking care of the pressing security matters, you consider formating your system and reinstalling the operating system and your programs. Even if we manage to totally cleanup your system, there is no guarantee that your system will not remain a prime target for further identity theft because of changes made to your system that we are unable to identify at present.

If you decide to not format your hard drive, I can help you clean it up. Please advise of the course of action that you have chosen to take.


Trevuren
  • 0

#5
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP