Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Removal-HijackThis- Log

Started by khuggi4 , Feb 04 2008 06:52 PM

  • Please log in to reply

#1
khuggi4
Posted 04 February 2008 - 06:52 PM

khuggi4

    Member

  • Member
  • PipPip
  • 18 posts
I'm doing the best I can tryig to rid my pc of this problem. I am having a problem with ths start button disaparing and the icon. It freezes up. I went through my programs and tried to remove
those I didn't use, etc. Google Earth refused to be removed. ?? I downloadd Stopzilla and it didn't seem to fix this problem. I have trojan viruses and spyware. Here is my HijackThis log:
I am pc illiterate but can follow directions.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:14 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program

Files\Cox\Applications\App\popupbho01.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [f0914bc8] rundll32.exe "C:\WINDOWS\system32\bnlathau.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06

\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file

missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) -

http://www3.authenti.../bin/wizard.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -

http://www.miniclip....pGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by122w.bay122...es/MsnPUpld.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) -

http://www.webshots....SDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.micros...b?1119759937815
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...b?1152062713078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -

http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} - http://www.quest3d.c..._WebInstall.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -

http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -

http://a532.g.akamai...5/installer.exe
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.co.../AttachMail.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32

\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia

Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10467 bytes
  • 0

Advertisements

#2
kahdah
Posted 04 February 2008 - 08:45 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello khuggi4

Welcome to G2Go. :)
================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
khuggi4
Posted 04 February 2008 - 09:51 PM

khuggi4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thank you so much for your help!


Deckard's System Scanner v20071014.68
Run by kim on 2008-02-04 21:33:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
22: 2008-02-05 03:34:12 UTC - RP1543 - Deckard's System Scanner Restore Point
21: 2008-02-04 20:21:45 UTC - RP1542 - Removed Microsoft Office Small Business Connectivity Components
20: 2008-02-04 15:24:13 UTC - RP1541 - Removed Image Resizer Powertoy for Windows XP
19: 2008-02-04 15:23:30 UTC - RP1540 - Removed HighMAT Extension to Microsoft Windows XP CD Writing Wizard
18: 2008-02-04 15:22:19 UTC - RP1539 - Removed VideoImpression


-- First Restore Point --
1: 2008-01-24 07:45:36 UTC - RP1522 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).
System Drive C: has 5.33 GiB (less than 15%) free.


-- HijackThis (run as kim.exe) -------------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-04 21:40:40
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
C:\WINDOWS\SYSTEM32\cisvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\alg.exe
C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe
C:\Documents and Settings\kim\Local Settings\Temporary Internet Files\Content.IE5\HCYZ0LK5\dss[1].exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: (no name) - {EBA4A5C7-F3B7-4881-9FA5-2963395AE1F8} - C:\WINDOWS\SYSTEM32\gebcy.dll
O2 - BHO: {4b160c99-c72f-20cb-f644-99b4a5e64b5f} - {f5b46e5a-4b99-446f-bc02-f27c99c061b4} - C:\WINDOWS\SYSTEM32\qedjyemn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - C:\Program Files\Cox\Applications\App\PopupBHO01.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - SITEguard - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [f0914bc8] rundll32.exe "C:\WINDOWS\system32\vqqamcwg.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Exif Launcher 2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader () - http://www.miniclip....tgameloader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} () - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authenti.../bin/wizard.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122w.bay122...es/MsnPUpld.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119759937815
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152062713078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} () - http://www.quest3d.c..._WebInstall.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.co.../AttachMail.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: dvpapi - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


--
End of file - 11839 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>

S3 CoachAud (Coach Audio) - c:\windows\system32\drivers\coachaud.sys <Not Verified; FotoNation Inc.; Audio Port Driver for Digital Camera>
S3 CoachUsb (Coach Digital Camera on USB) - c:\windows\system32\drivers\coachusb.sys (file missing)
S3 CoachVc (Coach Video Capture) - c:\windows\system32\drivers\coachvc.sys (file missing)
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 mohfilt - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel Corporation; Intel® 537EP V9x DFV PCI Modem>
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 USBCamera (Bulk USB Device) - c:\windows\system32\drivers\bulk533.sys <Not Verified; USB BULK; Platform SDK Sample Code>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; C-Dilla Ltd; SafeCast Windows NT>

S2 LexBceS (LexBce Server) - c:\windows\system32\lexbces.exe (file missing)
S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S3 IDriverT (InstallDriver Table Manager) - "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-04 18:24:00 338 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job
2008-01-13 21:36:56 552 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - kim.job


-- Files created between 2008-01-04 and 2008-02-04 -----------------------------

2008-02-04 21:39:57 88128 --a------ C:\WINDOWS\system32\vqqamcwg.dll
2008-02-04 21:36:53 93248 --a------ C:\WINDOWS\system32\qedjyemn.dll
2008-02-04 21:33:39 88128 -----n--- C:\WINDOWS\system32\sgpskpgk.dll
2008-02-04 21:31:46 93248 --a------ C:\WINDOWS\system32\pokrhybn.dll
2008-02-04 18:41:41 0 d-------- C:\Program Files\Trend Micro
2008-02-03 21:10:04 88640 --a------ C:\WINDOWS\system32\bnlathau.dll
2008-02-03 21:07:35 92736 --a------ C:\WINDOWS\system32\anixafkm.dll
2008-02-03 21:04:08 88640 -----n--- C:\WINDOWS\system32\wvfenilr.dll
2008-02-03 21:04:01 92736 --a------ C:\WINDOWS\system32\bcqbxcqr.dll
2008-02-02 23:55:15 0 dr-h----- C:\Documents and Settings\kim\Recent
2008-02-02 23:50:17 343040 --a------ C:\WINDOWS\system32\gebcy.exe
2008-02-02 20:55:23 96832 --a------ C:\WINDOWS\system32\wwpuyqwg.dll
2008-02-02 20:49:00 96832 --a------ C:\WINDOWS\system32\mhnyrnrg.dll
2008-02-01 18:30:21 92736 --a------ C:\WINDOWS\system32\wdttdtyf.dll
2008-02-01 18:28:25 92224 --a------ C:\WINDOWS\system32\ivxrlugx.dll
2008-02-01 18:24:16 92224 -----n--- C:\WINDOWS\system32\nfucgfbm.dll
2008-02-01 18:22:47 92736 --a------ C:\WINDOWS\system32\wiytmjgr.dll
2008-01-31 18:10:02 90688 --a------ C:\WINDOWS\system32\iersglpw.dll
2008-01-31 18:07:02 94784 --a------ C:\WINDOWS\system32\edmoqstf.dll
2008-01-31 18:04:03 90688 -----n--- C:\WINDOWS\system32\bvakyuwn.dll
2008-01-31 18:02:41 94784 --a------ C:\WINDOWS\system32\okbfjosg.dll
2008-01-30 18:00:55 92736 --a------ C:\WINDOWS\system32\eccdcbnr.dll
2008-01-30 17:57:54 87616 --a------ C:\WINDOWS\system32\wcrsuxxe.dll
2008-01-30 17:54:54 87616 -----n--- C:\WINDOWS\system32\ywimnvwi.dll
2008-01-30 17:51:54 92736 --a------ C:\WINDOWS\system32\fhxaxulx.dll
2008-01-29 17:58:12 88640 --a------ C:\WINDOWS\system32\fepiuinv.dll
2008-01-29 17:48:03 78912 --a------ C:\WINDOWS\system32\ijfwiduh.dll
2008-01-28 16:54:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-28 16:53:03 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-28 16:53:01 0 d-------- C:\Documents and Settings\kim\Application Data\SUPERAntiSpyware.com
2008-01-28 11:54:37 0 d-------- C:\Documents and Settings\kim\Application Data\Grisoft
2008-01-28 11:52:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-28 09:59:18 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-28 09:56:26 8576 --a------ C:\WINDOWS\system32\drivers\doxahacacnep.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-28 01:29:15 11555 --a------ C:\WINDOWS\system32\ytaygyht.dll
2008-01-28 01:23:04 75795 --a------ C:\WINDOWS\system32\fjibiuov.dll
2008-01-27 01:27:29 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-01-27 00:25:24 0 d-------- C:\Program Files\STOPzilla!
2008-01-27 00:25:21 0 d-------- C:\Program Files\Common Files\iS3
2008-01-27 00:25:07 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-25 23:07:06 87104 --a------ C:\WINDOWS\system32\yibofdvu.dll
2008-01-25 00:19:07 0 d-------- C:\Program Files\CCleaner
2008-01-24 02:26:01 0 d-------- C:\Program Files\Microsoft Silverlight
2008-01-24 02:19:09 0 d-------- C:\Program Files\MSBuild
2008-01-24 02:11:07 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-01-24 02:07:54 0 d-------- C:\Program Files\Reference Assemblies
2008-01-24 02:03:26 0 d-------- C:\74c32015e95a4c429486495272
2008-01-24 02:03:00 0 d-------- C:\Program Files\MSXML 6.0
2008-01-24 01:58:12 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-23 22:40:16 8576 --a------ C:\WINDOWS\system32\drivers\qnptamuyyngn.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-23 21:58:10 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-20 19:20:38 85568 --a------ C:\WINDOWS\system32\bubyehgl.dll
2008-01-19 19:18:09 87104 --a------ C:\WINDOWS\system32\wunwyeln.dll
2008-01-13 23:50:32 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-01-13 20:37:01 0 d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-01-13 20:10:43 0 d-------- C:\Program Files\Windows Sidebar
2008-01-13 20:10:40 0 d-------- C:\Program Files\Norton AntiVirus
2008-01-10 18:23:08 0 d-------- C:\temp
2008-01-06 09:05:54 0 d-------- C:\Program Files\MSXML 4.0
2008-01-04 19:08:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Authentium
2008-01-04 19:07:25 0 d-------- C:\Program Files\Common Files\RuleSpace
2008-01-04 19:06:49 0 d-------- C:\Program Files\Common Files\Aluria
2008-01-04 19:04:37 0 d-------- C:\Program Files\Common Files\Authentium
2008-01-04 18:57:47 0 d-------- C:\Program Files\Cox
2008-01-04 18:52:01 0 d-------- C:\Program Files\Common Files\Authentium Shared


-- Find3M Report ---------------------------------------------------------------

2008-02-04 21:41:03 289141 --ahs---- C:\WINDOWS\system32\ycbeg.ini2
2008-02-04 18:22:46 0 d-------- C:\Program Files\iTunes
2008-02-04 14:48:31 0 d-------- C:\Program Files\Intel
2008-02-04 14:41:44 0 d-------- C:\Program Files\Common Files
2008-02-04 09:22:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-04 09:22:34 0 d-------- C:\Program Files\ArcSoft
2008-01-28 21:52:41 0 d-------- C:\Documents and Settings\kim\Application Data\MSN6
2008-01-28 16:50:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 16:10:24 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-28 10:50:15 0 d-------- C:\Program Files\FinePixViewer
2008-01-28 10:46:22 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-01-27 10:19:20 0 d-------- C:\Program Files\Microsoft SQL Server
2008-01-24 23:52:50 0 d-------- C:\Program Files\CyberLink
2008-01-23 23:35:56 0 d-------- C:\Program Files\Messenger
2008-01-20 16:40:56 0 d-------- C:\Program Files\QuickTime
2008-01-17 06:51:44 0 d-------- C:\Program Files\Symantec
2008-01-13 19:45:05 0 d-------- C:\Program Files\Yahoo!
2008-01-04 18:39:01 0 d-------- C:\Program Files\Windows Defender
2007-12-27 23:22:18 0 d-------- C:\Documents and Settings\kim\Application Data\AVG7
2007-12-26 21:24:35 0 d-------- C:\Documents and Settings\kim\Application Data\Yahoo!
2007-12-26 21:21:44 0 d-------- C:\Documents and Settings\kim\Application Data\Move Networks
2007-12-26 21:20:22 0 d-------- C:\Program Files\IrfanView
2007-12-26 18:03:38 0 d-------- C:\Program Files\REGSHAVE
2007-12-26 17:23:04 169984 --a------ C:\WINDOWS\system32\LEXPPS .EXE <Not Verified; Lexmark International, Inc.; MarkVision for Windows (32 bit)>
2007-12-26 17:22:35 0 d-------- C:\Program Files\?ymbols
2007-12-25 10:24:05 0 d-------- C:\Program Files\Common Files\?ppPatch
2007-12-25 09:35:16 339456 -----n--- C:\WINDOWS\system32\gebcy.dll
2007-12-25 09:29:50 8147 --ahs---- C:\WINDOWS\system32\ehkmp.ini2
2007-12-24 18:03:45 534641 --ahs---- C:\WINDOWS\system32\qtvwa.ini2
2007-12-18 21:29:44 80 -r-hs---- C:\WINDOWS\system32\B08DF75570.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
01/30/2008 10:06 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBA4A5C7-F3B7-4881-9FA5-2963395AE1F8}]
12/25/2007 09:35 AM 339456 --------- C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f5b46e5a-4b99-446f-bc02-f27c99c061b4}]
02/04/2008 09:36 PM 93248 --a------ C:\WINDOWS\system32\qedjyemn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LexStart"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"ESP"="c:\Program Files\Cox\Applications\app\start.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"f0914bc8"="C:\WINDOWS\system32\vqqamcwg.dll" [02/04/2008 09:39 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservicesonce]
"washindex"=C:\Program Files\Washer\washidx.exe

C:\Documents and Settings\kim\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 12:36:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 12:36:04 PM]
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2/3/2007 3:26:02 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebcy

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - IPOD_SERVICE



-- End of Deckard's System Scanner: finished at 2008-02-04 21:43:37 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 85%
Physical Memory (total/avail): 254 MiB / 36.24 MiB
Pagefile Memory (total/avail): 1005.9 MiB / 538.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.23 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 5.33 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75DEA0 - 37.25 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:

\\.\PHYSICALDRIVE1 - HP photosmart 7200 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton AntiVirus v15.0.0.58 (Symantec Corporation) Disabled
AV: Norton AntiVirus v15.0.0.58 (Symantec Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_server.exe:*:Disabled:TODO: <File description>"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\SYSTEM32\\Lexpps.exe"="C:\\WINDOWS\\SYSTEM32\\Lexpps.exe:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\WINDOWS\\SYSTEM32\\dxdiag.exe"="C:\\WINDOWS\\SYSTEM32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"="C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe:*:Enabled:fgfs"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\omtpbalj.exe"="C:\\WINDOWS\\system32\\omt"
"C:\\WINDOWS\\SYSTEM32\\LEXPPS .EXE"="C:\\WINDOWS\\SYSTEM32\\LEXPPS .EXE:*:Disabled:LEXPPS.EXE"
"C:\\WINDOWS\\system32\\nnvkvcsf.exe"="C:\\WINDOWS\\system32\\nnv"
"C:\\WINDOWS\\system32\\ftcbikgy.exe"="C:\\WINDOWS\\system32\\ftc"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\kim\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DFVVTQ41
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kim
LOGONSERVER=\\DFVVTQ41
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\backburner 2\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\kim\LOCALS~1\Temp
TMP=C:\DOCUME~1\kim\LOCALS~1\Temp
USERDOMAIN=DFVVTQ41
USERNAME=kim
USERPROFILE=C:\Documents and Settings\kim
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

kim (admin)
Administrator (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
Anti-Spyware (Aluria) --> MsiExec.exe /I{5D52D604-F3C0-45B4-9128-630B4AF57B13}
Anti-Virus (Command Software) --> MsiExec.exe /I{C1A5671F-3BD1-4EAE-B613-946BB890662D}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{797703D4-461B-4BC9-AACA-292917F3A47F}\setup.exe" -l0x9 -uninst
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Broadcom Management Programs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cda Product Service - shared component --> C:\WINDOWS\CdaC13BA.EXE /uninstall
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Cox (CVUS) --> MsiExec.exe /I{5BD7238A-6B67-41FE-AC97-E59A71838F4D}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Support --> MsiExec.exe /X{43FCA273-9534-40DB-B7C5-D7758875616A}
DVD Photo Slideshow Pro 7.55 --> C:\Program Files\DVD Photo Slideshow Professional\uninst.exe
ESP --> MsiExec.exe /I{F61BC717-3F50-457D-86AC-DA5D537D1850}
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9
FinePixViewer Ver.5.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9
Firewall (Core) --> MsiExec.exe /I{B01F6BFA-2761-4621-A47F-CD46532D40B4}
Firewall (User) --> MsiExec.exe /I{3BEFC9CE-F87D-4D98-8E82-36C5FA90D4D2}
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySpaceIM --> MsiExec.exe /I{FE242C4A-4AF0-4E9F-ABFF-92CA3CEE8761}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_0_0_58\Setup.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\setup\hpzscr01.exe -datfile hphscr01.dat
Popup Blocker --> MsiExec.exe /I{5A79D76E-D50E-46A6-9D78-F689CF58AC9D}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Secure Delivery --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\kdx\kdx.inf,DefaultUninstall,5
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sony MP4 Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9 -removeonly
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Third Party Prerequisites --> MsiExec.exe /I{F6A31EEF-7DB9-4A46-B3BB-9DB5F117508D}
V3750 Digital Camera Driver --> C:\PROGRA~1\V3750D~1\UNWISE.EXE C:\PROGRA~1\V3750D~1\INSTALL.LOG
Watchtower Library 2006 - English Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42EED331-936C-446E-9374-077F7B028518}\Setup.exe"
Web Filtering (Base 2) --> MsiExec.exe /I{D3AB0F01-C515-4470-B9CA-8CB78FD42AE8}
Web Filtering (Base) --> MsiExec.exe /I{6AC20055-5E5B-48FA-9F5F-E778D354CE50}
Web Filtering (Kids Page) --> MsiExec.exe /I{2D02E0B0-D759-4F33-88E5-B83DDCB58473}
Web Filtering (RuleSpace Anti-Phishing) --> MsiExec.exe /I{634B7897-EDEA-4893-9A8A-54DA037928A5}
Web Filtering (Rulespace) --> MsiExec.exe /I{9043ED00-BEA5-44EE-AA13-44C71149AFAD}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8729 / Error
Event Submitted/Written: 02/04/2008 01:43:06 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D.

Event Record #/Type8714 / Error
Event Submitted/Written: 02/03/2008 06:13:13 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16574, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00009dea.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type8710 / Error
Event Submitted/Written: 02/03/2008 05:49:01 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D.

Event Record #/Type8703 / Error
Event Submitted/Written: 02/03/2008 00:20:27 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D.

Event Record #/Type8690 / Error
Event Submitted/Written: 02/02/2008 10:45:44 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16574, faulting module ieui.dll, version 7.0.5730.11, fault address 0x000061aa.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type73329 / Warning
Event Submitted/Written: 02/04/2008 09:30:38 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000F1F515CC6. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type73322 / Error
Event Submitted/Written: 02/04/2008 06:11:04 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SABProcEnum service failed to start due to the following error:
%%2

Event Record #/Type73320 / Error
Event Submitted/Written: 02/04/2008 06:07:23 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Event Record #/Type73313 / Error
Event Submitted/Written: 02/04/2008 01:43:39 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.

Event Record #/Type73312 / Error
Event Submitted/Written: 02/04/2008 01:43:05 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service LiveUpdate with arguments ""
in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}



-- End of Deckard's System Scanner: finished at 2008-02-04 21:43:37 ------------
  • 0

#4
kahdah
Posted 04 February 2008 - 10:06 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome. :)
=================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\vqqamcwg.dll
C:\WINDOWS\system32\qedjyemn.dll
C:\WINDOWS\system32\sgpskpgk.dll
C:\WINDOWS\system32\pokrhybn.dll
C:\WINDOWS\system32\bnlathau.dll
C:\WINDOWS\system32\anixafkm.dll
C:\WINDOWS\system32\wvfenilr.dll
C:\WINDOWS\system32\bcqbxcqr.dll
C:\WINDOWS\system32\gebcy.exe
C:\WINDOWS\system32\wwpuyqwg.dll
C:\WINDOWS\system32\mhnyrnrg.dll
C:\WINDOWS\system32\wdttdtyf.dll
C:\WINDOWS\system32\ivxrlugx.dll
C:\WINDOWS\system32\nfucgfbm.dll
C:\WINDOWS\system32\wiytmjgr.dll
C:\WINDOWS\system32\iersglpw.dll
C:\WINDOWS\system32\edmoqstf.dll
C:\WINDOWS\system32\bvakyuwn.dll
C:\WINDOWS\system32\okbfjosg.dll
C:\WINDOWS\system32\eccdcbnr.dll
C:\WINDOWS\system32\wcrsuxxe.dll
C:\WINDOWS\system32\ywimnvwi.dll
C:\WINDOWS\system32\fhxaxulx.dll
C:\WINDOWS\system32\fepiuinv.dll
C:\WINDOWS\system32\ijfwiduh.dll
C:\WINDOWS\system32\ytaygyht.dll
C:\WINDOWS\system32\fjibiuov.dll
C:\WINDOWS\system32\bubyehgl.dll
C:\WINDOWS\system32\wunwyeln.dll
C:\WINDOWS\system32\ycbeg.ini2
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\ehkmp.ini2
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\B08DF75570.dll
C:\WINDOWS\system32\vqqamcwg.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBA4A5C7-F3B7-4881-9FA5-2963395AE1F8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5b46e5a-4b99-446f-bc02-f27c99c061b4}]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\f0914bc8
purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=====================================
PLease run dss again and post the log that it produces and the OTMove it2 log.
  • 0

#5
khuggi4
Posted 04 February 2008 - 11:48 PM

khuggi4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here is the first run:

[Custom Input]
< C:\WINDOWS\system32\vqqamcwg.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vqqamcwg.dll
C:\WINDOWS\system32\vqqamcwg.dll NOT unregistered.
C:\WINDOWS\system32\vqqamcwg.dll moved successfully.
< C:\WINDOWS\system32\qedjyemn.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qedjyemn.dll
C:\WINDOWS\system32\qedjyemn.dll NOT unregistered.
C:\WINDOWS\system32\qedjyemn.dll moved successfully.
< C:\WINDOWS\system32\sgpskpgk.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sgpskpgk.dll
C:\WINDOWS\system32\sgpskpgk.dll NOT unregistered.
C:\WINDOWS\system32\sgpskpgk.dll moved successfully.
< C:\WINDOWS\system32\pokrhybn.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pokrhybn.dll
C:\WINDOWS\system32\pokrhybn.dll NOT unregistered.
C:\WINDOWS\system32\pokrhybn.dll moved successfully.
< C:\WINDOWS\system32\bnlathau.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bnlathau.dll
C:\WINDOWS\system32\bnlathau.dll NOT unregistered.
C:\WINDOWS\system32\bnlathau.dll moved successfully.
< C:\WINDOWS\system32\anixafkm.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\anixafkm.dll
C:\WINDOWS\system32\anixafkm.dll NOT unregistered.
C:\WINDOWS\system32\anixafkm.dll moved successfully.
< C:\WINDOWS\system32\wvfenilr.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wvfenilr.dll
C:\WINDOWS\system32\wvfenilr.dll NOT unregistered.
C:\WINDOWS\system32\wvfenilr.dll moved successfully.
< C:\WINDOWS\system32\bcqbxcqr.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bcqbxcqr.dll
C:\WINDOWS\system32\bcqbxcqr.dll NOT unregistered.
C:\WINDOWS\system32\bcqbxcqr.dll moved successfully.
< C:\WINDOWS\system32\gebcy.exe >
C:\WINDOWS\system32\gebcy.exe moved successfully.
< C:\WINDOWS\system32\wwpuyqwg.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wwpuyqwg.dll
C:\WINDOWS\system32\wwpuyqwg.dll NOT unregistered.
C:\WINDOWS\system32\wwpuyqwg.dll moved successfully.
< C:\WINDOWS\system32\mhnyrnrg.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mhnyrnrg.dll
C:\WINDOWS\system32\mhnyrnrg.dll NOT unregistered.
C:\WINDOWS\system32\mhnyrnrg.dll moved successfully.
< C:\WINDOWS\system32\wdttdtyf.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wdttdtyf.dll
C:\WINDOWS\system32\wdttdtyf.dll NOT unregistered.
C:\WINDOWS\system32\wdttdtyf.dll moved successfully.
< C:\WINDOWS\system32\ivxrlugx.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ivxrlugx.dll
C:\WINDOWS\system32\ivxrlugx.dll NOT unregistered.
C:\WINDOWS\system32\ivxrlugx.dll moved successfully.
< C:\WINDOWS\system32\nfucgfbm.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nfucgfbm.dll
C:\WINDOWS\system32\nfucgfbm.dll NOT unregistered.
C:\WINDOWS\system32\nfucgfbm.dll moved successfully.
< C:\WINDOWS\system32\wiytmjgr.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wiytmjgr.dll
C:\WINDOWS\system32\wiytmjgr.dll NOT unregistered.
C:\WINDOWS\system32\wiytmjgr.dll moved successfully.
< C:\WINDOWS\system32\iersglpw.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iersglpw.dll
C:\WINDOWS\system32\iersglpw.dll NOT unregistered.
C:\WINDOWS\system32\iersglpw.dll moved successfully.
< C:\WINDOWS\system32\edmoqstf.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\edmoqstf.dll
C:\WINDOWS\system32\edmoqstf.dll NOT unregistered.
C:\WINDOWS\system32\edmoqstf.dll moved successfully.
< C:\WINDOWS\system32\bvakyuwn.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bvakyuwn.dll
C:\WINDOWS\system32\bvakyuwn.dll NOT unregistered.
C:\WINDOWS\system32\bvakyuwn.dll moved successfully.
< C:\WINDOWS\system32\okbfjosg.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\okbfjosg.dll
C:\WINDOWS\system32\okbfjosg.dll NOT unregistered.
C:\WINDOWS\system32\okbfjosg.dll moved successfully.
< C:\WINDOWS\system32\eccdcbnr.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\eccdcbnr.dll
C:\WINDOWS\system32\eccdcbnr.dll NOT unregistered.
C:\WINDOWS\system32\eccdcbnr.dll moved successfully.
< C:\WINDOWS\system32\wcrsuxxe.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wcrsuxxe.dll
C:\WINDOWS\system32\wcrsuxxe.dll NOT unregistered.
C:\WINDOWS\system32\wcrsuxxe.dll moved successfully.
< C:\WINDOWS\system32\ywimnvwi.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ywimnvwi.dll
C:\WINDOWS\system32\ywimnvwi.dll NOT unregistered.
C:\WINDOWS\system32\ywimnvwi.dll moved successfully.
< C:\WINDOWS\system32\fhxaxulx.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fhxaxulx.dll
C:\WINDOWS\system32\fhxaxulx.dll NOT unregistered.
C:\WINDOWS\system32\fhxaxulx.dll moved successfully.
< C:\WINDOWS\system32\fepiuinv.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fepiuinv.dll
C:\WINDOWS\system32\fepiuinv.dll NOT unregistered.
C:\WINDOWS\system32\fepiuinv.dll moved successfully.
< C:\WINDOWS\system32\ijfwiduh.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ijfwiduh.dll
C:\WINDOWS\system32\ijfwiduh.dll NOT unregistered.
C:\WINDOWS\system32\ijfwiduh.dll moved successfully.
< C:\WINDOWS\system32\ytaygyht.dll >
LoadLibrary failed for C:\WINDOWS\system32\ytaygyht.dll
C:\WINDOWS\system32\ytaygyht.dll NOT unregistered.
C:\WINDOWS\system32\ytaygyht.dll moved successfully.
< C:\WINDOWS\system32\fjibiuov.dll >
LoadLibrary failed for C:\WINDOWS\system32\fjibiuov.dll
C:\WINDOWS\system32\fjibiuov.dll NOT unregistered.
C:\WINDOWS\system32\fjibiuov.dll moved successfully.
< C:\WINDOWS\system32\bubyehgl.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bubyehgl.dll
C:\WINDOWS\system32\bubyehgl.dll NOT unregistered.
C:\WINDOWS\system32\bubyehgl.dll moved successfully.
< C:\WINDOWS\system32\wunwyeln.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wunwyeln.dll
C:\WINDOWS\system32\wunwyeln.dll NOT unregistered.
C:\WINDOWS\system32\wunwyeln.dll moved successfully.
< C:\WINDOWS\system32\ycbeg.ini2 >
C:\WINDOWS\system32\ycbeg.ini2 moved successfully.
< C:\WINDOWS\system32\gebcy.dll >
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\gebcy.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\gebcy.dll scheduled to be moved on reboot.
< C:\WINDOWS\system32\ehkmp.ini2 >
C:\WINDOWS\system32\ehkmp.ini2 moved successfully.
< C:\WINDOWS\system32\qtvwa.ini2 >
C:\WINDOWS\system32\qtvwa.ini2 moved successfully.
< C:\WINDOWS\system32\B08DF75570.dll >
LoadLibrary failed for C:\WINDOWS\system32\B08DF75570.dll
C:\WINDOWS\system32\B08DF75570.dll NOT unregistered.
C:\WINDOWS\system32\B08DF75570.dll moved successfully.
< C:\WINDOWS\system32\vqqamcwg.dll >
File/Folder C:\WINDOWS\system32\vqqamcwg.dll not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBA4A5C7-F3B7-4881-9FA5-2963395AE1F8} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBA4A5C7-F3B7-4881-9FA5-2963395AE1F8}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5b46e5a-4b99-446f-bc02-f27c99c061b4}] >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5b46e5a-4b99-446f-bc02-f27c99c061b4}]\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\f0914bc8 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\f0914bc8 deleted successfully.
< purity >
C:\WINDOWS\??curity moved successfully.
C:\Program Files\?ymbols moved successfully.
C:\Program Files\Common Files\?ppPatch\PPPATC~1 moved successfully.
C:\Program Files\Common Files\?ppPatch moved successfully.
C:\Documents and Settings\kim\My Documents\?ystem32 moved successfully.

OTMoveIt2 v1.0.17 log created on 02042008_231829


After rebooting and the second run:

< C:\WINDOWS\system32\ehkmp.ini2 >
File/Folder C:\WINDOWS\system32\ehkmp.ini2 not found.
< C:\WINDOWS\system32\qtvwa.ini2 >
File/Folder C:\WINDOWS\system32\qtvwa.ini2 not found.
< C:\WINDOWS\system32\B08DF75570.dll >
File/Folder C:\WINDOWS\system32\B08DF75570.dll not found.
< C:\WINDOWS\system32\vqqamcwg.dll >
File/Folder C:\WINDOWS\system32\vqqamcwg.dll not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBA4A5C7-F3B7-4881-9FA5-2963395AE1F8} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBA4A5C7-F3B7-4881-9FA5-2963395AE1F8}\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5b46e5a-4b99-446f-bc02-f27c99c061b4}] >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5b46e5a-4b99-446f-bc02-f27c99c061b4}]\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\f0914bc8 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\f0914bc8 not found.
< purity >

OTMoveIt2 v1.0.17 log created on 02042008_234720
  • 0

#6
kahdah
Posted 05 February 2008 - 03:11 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Edited by kahdah, 05 February 2008 - 03:12 AM.

  • 0

#7
khuggi4
Posted 05 February 2008 - 05:09 PM

khuggi4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
A few programs I don't know how to disable.
HijackThis
SuperantiSpyware
Another question:
Is the Panda Active Scan active or only activated by going online?
Kim
  • 0

#8
kahdah
Posted 05 February 2008 - 07:40 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hijackthis is not a running program.
Right click on the Superantispyware icaon and click on exit.

Active scan is only an online scanner and not running.
  • 0

#9
khuggi4
Posted 05 February 2008 - 08:53 PM

khuggi4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here's the combofix log:

ComboFix 08-02.05.3 - kim 2008-02-05 20:19:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.65 [GMT -6:00]
Running from: C:\Documents and Settings\kim\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\kim\err.log
C:\Documents and Settings\kim\My Documents\SSEMBL~1
c:\Program Files\Cox\Applications\App\start .exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\SYSTEM32\aisxugte.ini
C:\WINDOWS\SYSTEM32\ajegydqv.ini
C:\WINDOWS\SYSTEM32\bcmjxeej.ini
C:\WINDOWS\SYSTEM32\bhuahkgm.ini
C:\WINDOWS\SYSTEM32\bqeeeory.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\SYSTEM32\dshjqlkn.ini
C:\WINDOWS\SYSTEM32\echqjbpf.ini
C:\WINDOWS\SYSTEM32\eormlpkx.ini
C:\WINDOWS\SYSTEM32\exxusrcw.ini
C:\WINDOWS\SYSTEM32\fqpkkhhf.ini
C:\WINDOWS\SYSTEM32\gbwmhprl.ini
C:\WINDOWS\SYSTEM32\gwcmaqqv.ini
C:\WINDOWS\SYSTEM32\ikvdoted.ini
C:\WINDOWS\SYSTEM32\iuktdupq.ini
C:\WINDOWS\SYSTEM32\iwvnmiwy.ini
C:\WINDOWS\SYSTEM32\kgpkspgs.ini
C:\WINDOWS\SYSTEM32\ktpqfcvq.ini
C:\WINDOWS\SYSTEM32\lfqbfdbf.ini
C:\WINDOWS\SYSTEM32\lgheybub.ini
C:\WINDOWS\SYSTEM32\mbfgcufn.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\nhtnhgxe.ini
C:\WINDOWS\SYSTEM32\nkjiudpt.ini
C:\WINDOWS\SYSTEM32\nleywnuw.ini
C:\WINDOWS\SYSTEM32\nwuykavb.ini
C:\WINDOWS\SYSTEM32\omtdchks.ini
C:\WINDOWS\SYSTEM32\paupvbnv.ini
C:\WINDOWS\SYSTEM32\pbbnrvvp.ini
C:\WINDOWS\SYSTEM32\qajktnkg.ini
C:\WINDOWS\SYSTEM32\qeuanalg.ini
C:\WINDOWS\SYSTEM32\qrnorpvw.ini
C:\WINDOWS\SYSTEM32\qtvwa.ini
C:\WINDOWS\SYSTEM32\rlinefvw.ini
C:\WINDOWS\SYSTEM32\rxkcprhs.ini
C:\WINDOWS\SYSTEM32\sixacbom.ini
C:\WINDOWS\SYSTEM32\tbiaxuwr.ini
C:\WINDOWS\SYSTEM32\uahtalnb.ini
C:\WINDOWS\SYSTEM32\uvdfobiy.ini
C:\WINDOWS\SYSTEM32\vniuipef.ini
C:\WINDOWS\SYSTEM32\vsebmyxt.ini
C:\WINDOWS\SYSTEM32\wplgsrei.ini
C:\WINDOWS\SYSTEM32\xgulrxvi.ini
C:\WINDOWS\SYSTEM32\xtnqysyi.ini
C:\WINDOWS\SYSTEM32\ycbeg.ini
C:\WINDOWS\system32\yibofdvu.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-04 23:18 . 2008-02-04 23:18 <DIR> d-------- C:\_OTMoveIt
2008-02-04 21:33 . 2008-02-04 21:33 <DIR> d-------- C:\Deckard
2008-02-04 18:41 . 2008-02-04 18:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 16:54 . 2008-01-28 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-28 16:53 . 2008-02-04 15:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-28 16:53 . 2008-01-28 16:53 <DIR> d-------- C:\Documents and Settings\kim\Application Data\SUPERAntiSpyware.com
2008-01-28 15:52 . 2008-01-28 15:52 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\2E24A38A-CD61-4270-8938-E75280F9090E.cxv
2008-01-28 11:54 . 2008-01-28 11:54 <DIR> d-------- C:\Documents and Settings\kim\Application Data\Grisoft
2008-01-28 11:53 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-01-28 11:52 . 2008-01-28 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-28 09:59 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2008-01-28 09:56 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\doxahacacnep.sys
2008-01-28 09:41 . 2008-01-28 09:41 156,160 --a------ C:\WINDOWS\SYSTEM32\D3.tmp
2008-01-27 00:30 . 2008-01-27 00:30 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\6123D187-1DFE-4405-B813-F17BEF579219.cxv
2008-01-27 00:25 . 2008-02-04 09:08 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-27 00:25 . 2008-01-27 00:25 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-27 00:25 . 2008-02-04 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-25 00:19 . 2008-01-25 00:19 <DIR> d-------- C:\Program Files\CCleaner
2008-01-24 02:26 . 2008-01-28 10:56 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-24 02:19 . 2008-01-24 02:19 <DIR> d-------- C:\Program Files\MSBuild
2008-01-24 02:11 . 2008-01-24 02:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
2008-01-24 02:07 . 2008-01-24 02:07 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-24 02:05 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
2008-01-24 02:03 . 2008-01-24 02:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-24 02:03 . 2008-01-24 02:03 <DIR> d-------- C:\74c32015e95a4c429486495272
2008-01-24 02:01 . 2006-10-04 08:06 1,197,294 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
2008-01-24 02:01 . 2006-10-04 08:06 764,868 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
2008-01-24 02:01 . 2006-10-04 08:06 217,118 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
2008-01-24 01:58 . 2008-01-24 01:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-24 01:43 . 2006-11-13 00:02 288,768 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-01-24 01:43 . 2006-11-13 00:02 116,736 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2008-01-24 01:43 . 2006-11-13 00:02 36,352 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-01-23 22:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\qnptamuyyngn.sys
2008-01-23 21:58 . 2008-01-28 11:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-01-23 21:58 . 2008-01-28 09:50 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-01-23 21:58 . 2008-01-28 09:50 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-01-23 21:58 . 2008-01-28 09:50 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-01-13 21:07 . 2008-01-17 06:51 123,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-01-13 21:07 . 2008-01-17 06:51 60,800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-01-13 21:07 . 2008-01-17 06:51 10,740 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-01-13 21:07 . 2008-01-17 06:51 805 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-01-13 20:37 . 2008-01-13 20:37 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-01-13 20:10 . 2008-01-13 20:10 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-13 20:10 . 2008-01-28 19:30 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-10 18:23 . 2008-01-24 02:26 <DIR> d-------- C:\temp
2008-01-06 09:05 . 2008-01-06 09:05 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 04:14 --------- d-----w C:\Program Files\iTunes
2008-02-04 20:48 --------- d-----w C:\Program Files\Intel
2008-02-04 15:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 15:22 --------- d-----w C:\Program Files\ArcSoft
2008-02-01 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-29 03:52 --------- d-----w C:\Documents and Settings\kim\Application Data\MSN6
2008-01-28 22:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 22:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-28 16:50 --------- d-----w C:\Program Files\FinePixViewer
2008-01-28 16:46 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-01-27 16:19 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-01-25 05:52 --------- d-----w C:\Program Files\CyberLink
2008-01-20 22:40 --------- d-----w C:\Program Files\QuickTime
2008-01-17 12:51 --------- d-----w C:\Program Files\Symantec
2008-01-15 15:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 11:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-14 02:09 --------- d-----w C:\Program Files\Common Files\Authentium Shared
2008-01-14 01:45 --------- d-----w C:\Program Files\Yahoo!
2008-01-13 00:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-05 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Authentium
2008-01-05 01:07 --------- d-----w C:\Program Files\Common Files\RuleSpace
2008-01-05 01:06 --------- d-----w C:\Program Files\Common Files\Aluria
2008-01-05 01:04 --------- d-----w C:\Program Files\Common Files\Authentium
2008-01-05 00:57 --------- d-----w C:\Program Files\Cox
2008-01-05 00:39 --------- d-----w C:\Program Files\Windows Defender
2008-01-05 00:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-05 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-28 05:22 --------- d-----w C:\Documents and Settings\kim\Application Data\AVG7
2007-12-27 03:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-27 03:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-12-27 03:24 --------- d-----w C:\Documents and Settings\kim\Application Data\Yahoo!
2007-12-27 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-27 03:21 --------- d-----w C:\Documents and Settings\kim\Application Data\Move Networks
2007-12-27 03:20 --------- d-----w C:\Program Files\IrfanView
2007-12-27 00:03 --------- d-----w C:\Program Files\REGSHAVE
2007-12-25 17:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-19 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Protexis
2007-01-10 04:23 4 ----a-w C:\Documents and Settings\kim\controls.dat
2007-01-10 04:20 60,928 ----a-w C:\Documents and Settings\kim\jbfmod.dll
2007-01-10 04:20 161,280 ----a-w C:\Documents and Settings\kim\fmod.dll
2005-07-06 01:32 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
<pre>
----a-w		   185,632 2007-12-26 23:24:43  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w			51,048 2008-01-14 02:16:11  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w				 0 2008-01-28 21:57:38  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w		   579,072 2007-12-26 23:24:55  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w			36,975 2007-12-26 23:24:48  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w		   282,624 2008-01-14 21:34:55  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   282,624 2008-01-14 21:34:56  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   282,624 2008-01-14 21:34:52  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   282,624 2008-01-14 21:34:54  C:\Program Files\QuickTime\qttask			.exe
----a-w		   282,624 2008-01-14 21:34:55  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   282,624 2008-01-14 21:35:02  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   282,624 2008-01-14 21:35:01  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   282,624 2008-01-14 21:35:01  C:\Program Files\QuickTime\qttask		.exe
----a-w		   282,624 2008-01-14 21:35:02  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   282,624 2008-01-14 21:34:58  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   282,624 2008-01-14 21:35:03  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   282,624 2008-01-14 21:35:03  C:\Program Files\QuickTime\qttask	.exe
----a-w		   282,624 2008-01-14 21:35:05  C:\Program Files\QuickTime\qttask   .exe
----a-w		   282,624 2008-01-14 21:35:04  C:\Program Files\QuickTime\qttask  .exe
----a-w		   282,624 2008-01-14 21:35:00  C:\Program Files\QuickTime\qttask .exe
----a-w			53,248 2007-12-26 23:24:38  C:\Program Files\REGSHAVE\REGSHAVE .EXE
----a-w		 1,310,720 2008-01-29 01:14:38  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w		   777,424 2007-12-26 23:24:33  C:\Program Files\Windows Defender\MSASCui .exe
----a-w		 4,670,704 2007-12-25 16:02:03  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w			15,360 2007-12-25 15:57:21  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w		   126,976 2007-12-26 23:24:21  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w		   155,648 2007-12-26 23:24:16  C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w		   169,984 2007-12-26 23:23:04  C:\WINDOWS\SYSTEM32\LEXPPS .EXE
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-30 22:06 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"washindex"="C:\Program Files\Washer\washidx.exe" [2002-08-15 04:07 33792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LexStart"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"ESP"="c:\Program Files\Cox\Applications\app\start.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-02-03 15:26:02 294912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 23:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 USBCamera;Bulk USB Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 10:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 00:24:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
"2008-01-14 03:36:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - kim.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 20:31:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-05 20:42:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-06 02:42:49
.
2008-01-25 12:35:51 --- E O F ---


Here's the JijackThis log done after combofix:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:36 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\FinePixViewer\QuickDCF2.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authenti.../bin/wizard.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122w.bay122...es/MsnPUpld.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119759937815
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152062713078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} - http://www.quest3d.c..._WebInstall.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.co.../AttachMail.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9821 bytes
  • 0

#10
kahdah
Posted 05 February 2008 - 09:04 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\SYSTEM32\DRIVERS\doxahacacnep.sys
C:\WINDOWS\SYSTEM32\DRIVERS\qnptamuyyngn.sys
C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
RenV::
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG7\avgcc .exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
C:\Program Files\QuickTime\qttask			   .exe
C:\Program Files\QuickTime\qttask			.exe
C:\Program Files\QuickTime\qttask		   .exe
C:\Program Files\QuickTime\qttask		  .exe
C:\Program Files\QuickTime\qttask		 .exe
C:\Program Files\QuickTime\qttask		.exe
C:\Program Files\QuickTime\qttask	   .exe
C:\Program Files\QuickTime\qttask	  .exe
C:\Program Files\QuickTime\qttask	 .exe
C:\Program Files\QuickTime\qttask	.exe
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\REGSHAVE\REGSHAVE .EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxtray .exe
C:\WINDOWS\SYSTEM32\LEXPPS .EXE


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

Advertisements

#11
khuggi4
Posted 05 February 2008 - 09:13 PM

khuggi4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Do I click ok in the run box?
  • 0

#12
kahdah
Posted 05 February 2008 - 09:26 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
yes
  • 0

#13
khuggi4
Posted 05 February 2008 - 09:48 PM

khuggi4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Combofix log:

ComboFix 08-02.05.3 - kim 2008-02-05 21:30:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.59 [GMT -6:00]
Running from: C:\Documents and Settings\kim\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\kim\Desktop\CFScript.txt.lnk
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-04 23:18 . 2008-02-04 23:18 <DIR> d-------- C:\_OTMoveIt
2008-02-04 21:33 . 2008-02-04 21:33 <DIR> d-------- C:\Deckard
2008-02-04 18:41 . 2008-02-04 18:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 16:54 . 2008-01-28 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-28 16:53 . 2008-02-04 15:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-28 16:53 . 2008-01-28 16:53 <DIR> d-------- C:\Documents and Settings\kim\Application Data\SUPERAntiSpyware.com
2008-01-28 15:52 . 2008-01-28 15:52 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\2E24A38A-CD61-4270-8938-E75280F9090E.cxv
2008-01-28 11:54 . 2008-01-28 11:54 <DIR> d-------- C:\Documents and Settings\kim\Application Data\Grisoft
2008-01-28 11:53 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-01-28 11:52 . 2008-01-28 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-28 09:59 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2008-01-28 09:56 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\doxahacacnep.sys
2008-01-28 09:41 . 2008-01-28 09:41 156,160 --a------ C:\WINDOWS\SYSTEM32\D3.tmp
2008-01-27 00:30 . 2008-01-27 00:30 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\6123D187-1DFE-4405-B813-F17BEF579219.cxv
2008-01-27 00:25 . 2008-02-04 09:08 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-27 00:25 . 2008-01-27 00:25 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-27 00:25 . 2008-02-04 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-25 00:19 . 2008-01-25 00:19 <DIR> d-------- C:\Program Files\CCleaner
2008-01-24 02:26 . 2008-01-28 10:56 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-24 02:19 . 2008-01-24 02:19 <DIR> d-------- C:\Program Files\MSBuild
2008-01-24 02:11 . 2008-01-24 02:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
2008-01-24 02:07 . 2008-01-24 02:07 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-24 02:05 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
2008-01-24 02:03 . 2008-01-24 02:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-24 02:03 . 2008-01-24 02:03 <DIR> d-------- C:\74c32015e95a4c429486495272
2008-01-24 02:01 . 2006-10-04 08:06 1,197,294 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
2008-01-24 02:01 . 2006-10-04 08:06 764,868 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
2008-01-24 02:01 . 2006-10-04 08:06 217,118 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
2008-01-24 01:58 . 2008-01-24 01:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-24 01:43 . 2006-11-13 00:02 288,768 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-01-24 01:43 . 2006-11-13 00:02 116,736 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2008-01-24 01:43 . 2006-11-13 00:02 36,352 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-01-23 22:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\qnptamuyyngn.sys
2008-01-23 21:58 . 2008-01-28 11:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-01-23 21:58 . 2008-01-28 09:50 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-01-23 21:58 . 2008-01-28 09:50 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-01-23 21:58 . 2008-01-28 09:50 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-01-13 21:07 . 2008-01-17 06:51 123,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-01-13 21:07 . 2008-01-17 06:51 60,800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-01-13 21:07 . 2008-01-17 06:51 10,740 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-01-13 21:07 . 2008-01-17 06:51 805 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-01-13 20:37 . 2008-01-13 20:37 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-01-13 20:10 . 2008-01-13 20:10 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-13 20:10 . 2008-01-28 19:30 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-10 18:23 . 2008-01-24 02:26 <DIR> d-------- C:\temp
2008-01-06 09:05 . 2008-01-06 09:05 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 04:14 --------- d-----w C:\Program Files\iTunes
2008-02-04 20:48 --------- d-----w C:\Program Files\Intel
2008-02-04 15:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 15:22 --------- d-----w C:\Program Files\ArcSoft
2008-02-01 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-29 03:52 --------- d-----w C:\Documents and Settings\kim\Application Data\MSN6
2008-01-28 22:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 22:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-28 16:50 --------- d-----w C:\Program Files\FinePixViewer
2008-01-28 16:46 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-01-27 16:19 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-01-25 05:52 --------- d-----w C:\Program Files\CyberLink
2008-01-20 22:40 --------- d-----w C:\Program Files\QuickTime
2008-01-17 12:51 --------- d-----w C:\Program Files\Symantec
2008-01-15 15:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 11:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-14 02:09 --------- d-----w C:\Program Files\Common Files\Authentium Shared
2008-01-14 01:45 --------- d-----w C:\Program Files\Yahoo!
2008-01-13 00:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-05 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Authentium
2008-01-05 01:07 --------- d-----w C:\Program Files\Common Files\RuleSpace
2008-01-05 01:06 --------- d-----w C:\Program Files\Common Files\Aluria
2008-01-05 01:04 --------- d-----w C:\Program Files\Common Files\Authentium
2008-01-05 00:57 --------- d-----w C:\Program Files\Cox
2008-01-05 00:39 --------- d-----w C:\Program Files\Windows Defender
2008-01-05 00:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-05 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-28 05:22 --------- d-----w C:\Documents and Settings\kim\Application Data\AVG7
2007-12-27 03:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-27 03:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-12-27 03:24 --------- d-----w C:\Documents and Settings\kim\Application Data\Yahoo!
2007-12-27 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-27 03:21 --------- d-----w C:\Documents and Settings\kim\Application Data\Move Networks
2007-12-27 03:20 --------- d-----w C:\Program Files\IrfanView
2007-12-27 00:03 --------- d-----w C:\Program Files\REGSHAVE
2007-12-26 23:24 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray .exe
2007-12-26 23:24 126,976 ----a-w C:\WINDOWS\SYSTEM32\hkcmd .exe
2007-12-26 23:23 169,984 ----a-w C:\WINDOWS\SYSTEM32\LEXPPS .EXE
2007-12-25 17:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-25 15:57 15,360 ----a-w C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-19 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Protexis
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-01-10 04:23 4 ----a-w C:\Documents and Settings\kim\controls.dat
2007-01-10 04:20 60,928 ----a-w C:\Documents and Settings\kim\jbfmod.dll
2007-01-10 04:20 161,280 ----a-w C:\Documents and Settings\kim\fmod.dll
2005-07-06 01:32 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
<pre>
----a-w		   185,632 2007-12-26 23:24:43  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w			51,048 2008-01-14 02:16:11  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w				 0 2008-01-28 21:57:38  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w		   579,072 2007-12-26 23:24:55  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w			36,975 2007-12-26 23:24:48  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w		   282,624 2008-01-14 21:34:55  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   282,624 2008-01-14 21:34:56  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   282,624 2008-01-14 21:34:52  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   282,624 2008-01-14 21:34:54  C:\Program Files\QuickTime\qttask			.exe
----a-w		   282,624 2008-01-14 21:34:55  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   282,624 2008-01-14 21:35:02  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   282,624 2008-01-14 21:35:01  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   282,624 2008-01-14 21:35:01  C:\Program Files\QuickTime\qttask		.exe
----a-w		   282,624 2008-01-14 21:35:02  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   282,624 2008-01-14 21:34:58  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   282,624 2008-01-14 21:35:03  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   282,624 2008-01-14 21:35:03  C:\Program Files\QuickTime\qttask	.exe
----a-w		   282,624 2008-01-14 21:35:05  C:\Program Files\QuickTime\qttask   .exe
----a-w		   282,624 2008-01-14 21:35:04  C:\Program Files\QuickTime\qttask  .exe
----a-w		   282,624 2008-01-14 21:35:00  C:\Program Files\QuickTime\qttask .exe
----a-w			53,248 2007-12-26 23:24:38  C:\Program Files\REGSHAVE\REGSHAVE .EXE
----a-w		 1,310,720 2008-01-29 01:14:38  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w		   777,424 2007-12-26 23:24:33  C:\Program Files\Windows Defender\MSASCui .exe
----a-w		 4,670,704 2007-12-25 16:02:03  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w			15,360 2007-12-25 15:57:21  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w		   126,976 2007-12-26 23:24:21  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w		   155,648 2007-12-26 23:24:16  C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w		   169,984 2007-12-26 23:23:04  C:\WINDOWS\SYSTEM32\LEXPPS .EXE
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-30 22:06 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"washindex"="C:\Program Files\Washer\washidx.exe" [2002-08-15 04:07 33792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LexStart"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"ESP"="c:\Program Files\Cox\Applications\app\start.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-02-03 15:26:02 294912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 23:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 USBCamera;Bulk USB Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 10:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 00:24:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
"2008-01-14 03:36:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - kim.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 21:35:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 21:39:04
ComboFix-quarantined-files.txt 2008-02-06 03:38:57
ComboFix2.txt 2008-02-06 02:42:57
.
2008-01-25 12:35:51 --- E O F ---




HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:56 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\FinePixViewer\QuickDCF2.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authenti.../bin/wizard.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122w.bay122...es/MsnPUpld.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119759937815
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152062713078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} - http://www.quest3d.c..._WebInstall.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.co.../AttachMail.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9840 bytes
  • 0

#14
kahdah
Posted 06 February 2008 - 03:05 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
That log is the first log that combofix produced.
If you could please lookk in this location>C:\Combofix.txt to see if there is another log there it should have this is the header if you open it up. >File::
  • 0

#15
khuggi4
Posted 06 February 2008 - 08:43 AM

khuggi4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
This is the other one, which you gave me to run.
File::
C:\WINDOWS\SYSTEM32\DRIVERS\doxahacacnep.sys
C:\WINDOWS\SYSTEM32\DRIVERS\qnptamuyyngn.sys
C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
RenV::
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG7\avgcc .exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\REGSHAVE\REGSHAVE .EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxtray .exe
C:\WINDOWS\SYSTEM32\LEXPPS .EXE
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP