Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Softwarereferral bug

Started by Lazarusfive , Feb 07 2008 02:13 PM

  • This topic is locked This topic is locked

#1
Lazarusfive
Posted 07 February 2008 - 02:13 PM

Lazarusfive

    New Member

  • Member
  • Pip
  • 5 posts
Please help me with this.

Thanx,
L5


Deckard's System Scanner v20071014.68
Run by Pete on 2008-02-07 11:43:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-02-07 19:43:58 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-02-07 16:38:52 UTC - RP4 - Windows Defender Checkpoint
3: 2008-02-07 08:59:33 UTC - RP3 - Installed Trend Micro Internet Security
2: 2008-02-07 08:43:32 UTC - RP2 - Removed Ad-Aware 2007
1: 2008-02-07 07:28:14 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Pete.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:15 AM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1152926926\ee\AOLSoftware.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\tunebite\tunebite.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Gigabyte\Gigabyte GN-WIAG 802.11g WLan\G-EzLink.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wacom\TabUserW.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Pete\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pete.exe
C:\WINDOWS\system32\HPZipm12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152926926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GN-WIAG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WIAG 802.11g WLan\G-EzLink.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O21 - SSODL: afxlspw - {A3F9AB44-9D61-46A8-B5F0-585A8FEC3D2F} - C:\WINDOWS\afxlspw.dll
O21 - SSODL: bfrgnos - {3C6FDAE4-AC76-416D-986D-1A7B224DF033} - C:\WINDOWS\bfrgnos.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11254 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080207-111558-409 O2 - BHO: SXG Advisor - {1C28A9A9-8704-4F4A-93B9-7983115F6E10} - C:\WINDOWS\dwrmntslwx.dll
backup-20080207-111558-678 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
backup-20080207-111559-271 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080207-111559-471 O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
backup-20080207-111600-118 O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
backup-20080207-111600-208 O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
backup-20080207-111600-370 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080207-111600-406 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
backup-20080207-111600-695 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080207-111600-941 O3 - Toolbar: edfqvrw - {2E7789D2-AEF7-45BE-8CBF-2CEF5EF9F03B} - C:\WINDOWS\edfqvrw.dll
backup-20080207-111600-948 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20080207-111603-424 O21 - SSODL: afxlspw - {8378DF92-D82D-490E-9548-398DC31E3CCF} - C:\WINDOWS\afxlspw.dll
backup-20080207-111604-366 O21 - SSODL: bfrgnos - {5224958F-4C69-479E-BC07-F15562941681} - C:\WINDOWS\bfrgnos.dll
backup-20080207-111604-427 O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
backup-20080207-111604-513 O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R0 ENECBPTH (ENE Cardbus Patch Driver) - c:\windows\system32\drivers\enecbpth.sys <Not Verified; EnE Technology Inc.; EnE Cardbus Patch Driver for Windows ® 2000/XP>
R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R2 MDC8021X (WPA Security Protocol (IEEE 802.1x) v2.2.0.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>

S1 vcdrom (Virtual CD-ROM Device Driver) - c:\documents and settings\pete\desktop\vcdrom.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 MovRVDrv32 - c:\windows\system32\drivers\movrvdrv32.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 SndTDriverV32 - c:\windows\system32\drivers\sndtdriverv32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>
S3 usbbus (LGE CDMA Composite USB Device) - c:\windows\system32\drivers\lgusbbus.sys (file missing)
S3 UsbDiag (LGE CDMA USB Serial Port) - c:\windows\system32\drivers\lgusbdiag.sys (file missing)
S3 USBModem (LGE CDMA USB Modem) - c:\windows\system32\drivers\lgusbmodem.sys (file missing)
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-07 11:22:57 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-01-07 and 2008-02-07 -----------------------------

2008-02-07 01:00:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-02-07 00:59:39 0 d-------- C:\Program Files\Trend Micro
2008-02-06 11:58:14 204800 --a------ C:\WINDOWS\edfqvrw.dll <Not Verified; ; edfqvrw Module>
2008-02-06 11:58:14 294912 --a------ C:\WINDOWS\bfrgnos.dll
2008-02-06 11:58:14 241664 --a------ C:\WINDOWS\afxlspw.dll <Not Verified; ; afxlspw>
2008-01-23 01:05:04 0 d-------- C:\Documents and Settings\Pete\browser - logitech
2008-01-23 01:04:27 0 d-------- C:\Documents and Settings\Pete\logitech
2008-01-23 01:02:41 0 d-------- C:\Program Files\Common Files\Remote Control Software Common
2008-01-23 01:02:29 0 d-------- C:\Program Files\Logitech
2008-01-23 01:02:22 0 d-------- C:\Program Files\Common Files\Remote Control USB Driver
2008-01-18 16:56:36 0 d-------- C:\Program Files\LG Data Transfer
2008-01-09 02:00:17 0 d-------- C:\Documents and Settings\All Users\Application Data\SeekmoSA
2008-01-09 02:00:17 0 d-------- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2008-01-09 01:59:59 0 d-------- C:\Program Files\Seekmo
2008-01-09 01:59:17 0 d-------- C:\Program Files\ShoppingReport
2008-01-09 01:59:17 0 d-------- C:\Documents and Settings\Pete\Application Data\ShoppingReport


-- Find3M Report ---------------------------------------------------------------

2008-02-07 11:21:41 0 d-------- C:\Documents and Settings\Pete\Application Data\tunebite
2008-02-07 11:20:08 318 --a------ C:\WINDOWS\system32\wacom.dat
2008-02-07 00:43:58 0 d-------- C:\Program Files\Lavasoft
2008-02-04 17:18:14 0 d-------- C:\Documents and Settings\Pete\Application Data\Adobe
2008-02-04 12:05:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-23 01:02:41 0 d-------- C:\Program Files\Common Files
2008-01-23 01:02:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-22 08:14:35 0 d-------- C:\Documents and Settings\Pete\Application Data\AdobeUM
2008-01-17 03:01:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-17 03:00:58 0 d-------- C:\Documents and Settings\Pete\Application Data\Symantec
2008-01-11 20:27:32 0 d-------- C:\Program Files\Symantec
2008-01-02 00:16:29 0 d-------- C:\Program Files\Google
2007-12-30 20:18:50 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-21 21:40:01 0 d-------- C:\Program Files\Verizon Wireless
2007-12-18 10:33:46 0 d-------- C:\Program Files\RegScrubXP
2007-12-16 19:20:53 0 d-------- C:\Program Files\Palm
2007-12-15 19:27:12 0 d-------- C:\Documents and Settings\Pete\Application Data\Canon
2007-12-14 17:11:54 0 d-------- C:\Documents and Settings\Pete\Application Data\Skype
2007-12-13 12:19:50 0 d-------- C:\Documents and Settings\Pete\Application Data\Snapfish
2007-12-13 12:19:42 3595 --a----c- C:\WINDOWS\mozver.dat
2007-12-12 21:37:12 0 d-------- C:\Program Files\iTunes
2007-12-12 21:36:56 0 d-------- C:\Program Files\iPod
2007-12-12 21:29:15 0 d-------- C:\Program Files\QuickTime
2007-12-09 22:46:01 0 d-------- C:\Program Files\AIM6
2007-12-09 22:41:38 0 d-------- C:\Program Files\Viewpoint
2007-11-09 22:57:40 294 --a------ C:\WINDOWS\aikconf.dat
2007-11-09 22:18:54 1 --a------ C:\WINDOWS\system32\exp16sys.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [05/14/2003 05:20 AM C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/12/2003 08:10 PM]
"CHotkey"="mHotkey.exe" [12/26/2001 01:12 PM C:\WINDOWS\mHotkey.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [04/24/2003 08:51 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/24/2003 08:44 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 AM]
"HostManager"="C:\Program Files\Common Files\AOL\1152926926\ee\AOLSoftware.exe" [05/09/2006 04:24 PM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 08:59 AM]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [03/25/2003 10:13 AM]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [02/27/2003 03:36 AM]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [02/26/2003 03:50 PM]
"CTHelper"="CTHELPER.EXE" [12/08/2005 11:06 AM C:\WINDOWS\CTHELPER.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/23/2005 11:08 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [06/03/2003 07:29 PM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [11/15/2007 09:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 01:34 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [01/21/2008 12:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 07:20 AM]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" [07/14/2006 12:54 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/18/2007 05:47 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Pete\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/10/2006 7:18:46 AM]
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [7/18/2002 11:58:46 AM]
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [12/21/2007 9:40:03 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 12:19:50 AM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/10/2006 7:18:46 AM]
GN-WIAG Utility.lnk - C:\Program Files\Gigabyte\Gigabyte GN-WIAG 802.11g WLan\G-EzLink.exe [7/10/2006 12:09:08 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/4/2007 8:37:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/23/2005 11:28:44 PM]
TabUserW.lnk - C:\Program Files\Wacom\TabUserW.exe [7/18/2006 4:43:15 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"afxlspw"= {A3F9AB44-9D61-46A8-B5F0-585A8FEC3D2F} - C:\WINDOWS\afxlspw.dll [02/05/2008 07:30 PM 241664]
"bfrgnos"= {3C6FDAE4-AC76-416D-986D-1A7B224DF033} - C:\WINDOWS\bfrgnos.dll [02/05/2008 07:30 PM 294912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-02-07 11:53:37 ------------
  • 0

Advertisements

#2
RatHat
Posted 08 February 2008 - 08:37 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with.

Next, I would like to make sure that you can view hidden files and folders;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please post me an Uninstall List from HijackThis:
  • Re-Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please uninstall the following programs if found:


Viewpoint (Anything that has Viewpoint in the name)
SeekMo
ShoppingReport

  • Go to Start then Settings, then Control Panel
  • Choose Add or Remove Programs
  • Remove all of the above
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O21 - SSODL: afxlspw - {A3F9AB44-9D61-46A8-B5F0-585A8FEC3D2F} - C:\WINDOWS\afxlspw.dll
O21 - SSODL: bfrgnos - {3C6FDAE4-AC76-416D-986D-1A7B224DF033} - C:\WINDOWS\bfrgnos.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please read this Combofix tutorial before continuing, then follow the instructions below.

Download ComboFix from Here, Here or Here to your Desktop. (If you already have ComboFix, please delete it and download this new version).

When asked to "Save As" save Combofix.exe as Combo-Fix.exe
  • Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Save this log to your desktop as Combofix.txt and post it in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next reply, please include:
  • The HijackThis Uninstall list
  • The contents of Combofix.txt
  • The Kaspersky log (you may need to include this in a separate post if it is very long)
  • A fresh HijackThis log taken after completing all of the above.
And let me know how your computer is behaving now.

Regards,
RatHat
  • 0

#3
Lazarusfive
Posted 08 February 2008 - 10:09 PM

Lazarusfive

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I followed the instructions and nothing has changed. The Kaspersky scan found quite a bit, but there was no option to fix what it had found.

HIJACK THIS UNINSTALL LIST:

Adobe Acrobat 6.0 Professional
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Illustrator CS
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Ahead Nero Burning ROM
AIM 6
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avanquest update
CheckIt Diagnostics
Creative Audio Console
Creative Commons Add-in for Microsoft Office
Creative Jukebox Driver
Creative MediaSource
Creative NOMAD Jukebox Zen Xtra
DVD Decrypter (Remove Only)
Easy CD & DVD Creator 6
EPSON Printer Software
e-Sword
Gigabyte GN-WIAG 802.11g WLan
Google Earth
Google Talk (remove only)
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet 6900 series
HP Extended Capabilities 6.0
HP Imaging Device Functions 6.0
HP Photosmart Essential
HP Solution Center and Imaging Support Tools 6.0
HP Update
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
jetAudio
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Harmony Remote Software 7
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveX Control Pad
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9
Microsoft Digital Image Pro 9
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motorola Driver Installation
Motorola Phone Tools
Mozilla Firefox (2.0.0.11)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multimedia / Internet Keyboard Driver VerR8.15
MySpaceIM
OCR Software by I.R.I.S 7.0
Palm Desktop
PerformanceTest v6.0
Pinnacle Hollywood FX 5
QuickTime
Quivic
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit Ethenet NIC Driver Setup
RegScrubXP 3.25
Remote Control USB Driver
Roxio DVDMAX Player
ScanToWeb
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Smart Link 56K Modem
Sony DVD Architect Studio 3.0b
Sony Vegas Movie Studio 6.0
Studio 9
Studio 9.1 Patch
Studio Content DVD
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
Trend Micro Internet Security
Trend Micro Internet Security
tunebite 3.0.1.8
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
V CAST Music Manager
Viewpoint Media Player
Wacom Tablet Driver
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)



COMBOFIX:

ComboFix 08-02.05.3 - Pete 2008-02-08 14:48:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.457 [GMT -8:00]
Running from: C:\Documents and Settings\Pete\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf_update.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht
C:\Documents and Settings\Pete\Application Data\FunWebProducts
C:\Documents and Settings\Pete\Application Data\FunWebProducts\Data\Pete\avatar.dat
C:\Documents and Settings\Pete\Application Data\FunWebProducts\Data\Pete\register.dat
C:\Documents and Settings\Pete\Application Data\macromedia\Flash Player\#SharedObjects\PGWD7QPA\www.broadcaster.com
C:\Documents and Settings\Pete\Application Data\macromedia\Flash Player\#SharedObjects\PGWD7QPA\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Pete\Application Data\macromedia\Flash Player\#SharedObjects\PGWD7QPA\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Pete\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Pete\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Pete\Application Data\ShoppingReport
C:\Documents and Settings\Pete\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Pete\Desktop\Error Cleaner.url
C:\Documents and Settings\Pete\Desktop\Privacy Protector.url
C:\Documents and Settings\Pete\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Pete\Favorites\Error Cleaner.url
C:\Documents and Settings\Pete\Favorites\Privacy Protector.url
C:\Documents and Settings\Pete\Favorites\Spyware&Malware Protection.url
C:\Program Files\seekmo
C:\Program Files\seekmo\bin\10.0.406.0\SeekmoSADF.exe
C:\Program Files\seekmo\bin\10.0.406.0\SeekmoSAHook.dll
C:\Program Files\ShoppingReport
C:\WINDOWS\dat.txt
C:\WINDOWS\edfqvrw.dll
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\exp16sys.dll

----- BITS: Possible infected sites -----

hxxp://58.65.234.25
hxxp://softworldnetwork.com
hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-08 14:45 . 2008-02-08 14:45 <DIR> d-------- C:\ComboFix
2008-02-08 14:45 . 2008-02-08 14:45 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-02-08 13:27 . 2008-02-08 14:10 <DIR> d-------- C:\xpsp2
2008-02-08 13:26 . 2008-02-08 13:27 <DIR> d-------- C:\xpcd
2008-02-07 14:08 . 2008-02-07 15:37 <DIR> d-------- C:\SDFix
2008-02-07 11:42 . 2008-02-07 11:42 <DIR> d-------- C:\Deckard
2008-02-07 01:02 . 2007-09-11 11:55 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-02-07 01:02 . 2007-09-11 11:55 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-02-07 01:00 . 2008-02-07 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-02-07 00:59 . 2008-02-07 11:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-06 16:34 . 2007-09-11 11:55 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-06 11:58 . 2008-02-05 19:30 294,912 --a------ C:\WINDOWS\bfrgnos.dll
2008-02-06 11:58 . 2008-02-05 19:30 241,664 --a------ C:\WINDOWS\afxlspw.dll
2008-01-23 01:05 . 2008-02-03 22:30 <DIR> d-------- C:\Documents and Settings\Pete\browser - logitech
2008-01-23 01:04 . 2008-01-23 01:04 <DIR> d-------- C:\Documents and Settings\Pete\logitech
2008-01-23 01:02 . 2008-01-23 01:02 <DIR> d-------- C:\Program Files\Logitech
2008-01-23 01:02 . 2008-01-23 01:02 <DIR> d-------- C:\Program Files\Common Files\Remote Control USB Driver
2008-01-23 01:02 . 2008-01-23 01:04 <DIR> d-------- C:\Program Files\Common Files\Remote Control Software Common
2008-01-18 16:56 . 2008-01-18 19:10 <DIR> d-------- C:\Program Files\LG Data Transfer
2008-01-09 02:00 . 2008-01-09 02:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-08 20:50 --------- d-----w C:\Documents and Settings\Pete\Application Data\tunebite
2008-02-08 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-08 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-02-07 08:43 --------- d-----w C:\Program Files\Lavasoft
2008-02-07 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-04 20:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 09:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-22 16:14 --------- d-----w C:\Documents and Settings\Pete\Application Data\AdobeUM
2008-01-17 11:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-17 11:00 --------- d-----w C:\Documents and Settings\Pete\Application Data\Symantec
2008-01-17 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-12 04:27 --------- d-----w C:\Program Files\Symantec
2008-01-02 08:16 --------- d-----w C:\Program Files\Google
2007-12-22 05:40 --------- d-----w C:\Program Files\Verizon Wireless
2007-12-18 18:33 --------- d-----w C:\Program Files\RegScrubXP
2007-12-17 03:20 --------- d-----w C:\Program Files\Palm
2007-12-16 03:27 --------- d-----w C:\Documents and Settings\Pete\Application Data\Canon
2007-12-15 01:11 --------- d-----w C:\Documents and Settings\Pete\Application Data\Skype
2007-12-15 01:06 513,152 ----a-w C:\WINDOWS\system32\drivers\SndTDriverV32.sys
2007-12-15 01:06 3,768 ----a-w C:\WINDOWS\system32\drivers\MovRVDrv32.sys
2007-12-13 20:19 --------- d-----w C:\Documents and Settings\Pete\Application Data\Snapfish
2007-12-13 05:37 --------- d-----w C:\Program Files\iTunes
2007-12-13 05:36 --------- d-----w C:\Program Files\iPod
2007-12-13 05:29 --------- d-----w C:\Program Files\QuickTime
2007-12-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\YesVideo
2007-12-10 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-10 06:46 --------- d-----w C:\Program Files\AIM6
2007-04-10 00:39 92,064 ----a-w C:\Documents and Settings\Pete\mqdmmdm.sys
2007-04-10 00:39 9,232 ----a-w C:\Documents and Settings\Pete\mqdmmdfl.sys
2007-04-10 00:39 79,328 ----a-w C:\Documents and Settings\Pete\mqdmserd.sys
2007-04-10 00:39 66,656 ----a-w C:\Documents and Settings\Pete\mqdmbus.sys
2007-04-10 00:39 6,208 ----a-w C:\Documents and Settings\Pete\mqdmcmnt.sys
2007-04-10 00:39 5,936 ----a-w C:\Documents and Settings\Pete\mqdmwhnt.sys
2007-04-10 00:39 4,048 ----a-w C:\Documents and Settings\Pete\mqdmcr.sys
2007-04-10 00:39 25,600 ----a-w C:\Documents and Settings\Pete\usbsermptxp.sys
2007-04-10 00:39 22,768 ----a-w C:\Documents and Settings\Pete\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 07:20 50528]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" [2006-07-14 12:54 1957977]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 17:47 8720384]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-05-14 05:20 55296 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 20:10 335872]
"CHotkey"="mHotkey.exe" [2001-12-26 13:12 472576 C:\WINDOWS\mHotkey.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 08:51 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 08:44 610304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 01:50 155648]
"HostManager"="C:\Program Files\Common Files\AOL\1152926926\ee\AOLSoftware.exe" [2006-05-09 16:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 08:59 124520]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-03-25 10:13 69632]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-02-27 03:36 757760]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-02-26 15:50 253952]
"CTHelper"="CTHELPER.EXE" [2005-12-08 11:06 16384 C:\WINDOWS\CTHELPER.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-23 23:08 49152]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-03 19:29 50688]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 21:51 166304]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 13:34 3739648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-01-21 12:16 1393928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 17:47 8720384]

C:\Documents and Settings\Pete\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-10 07:18:46 110592]
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2002-07-18 11:58:46 299008]
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-12-21 21:40:03 951640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-10 07:18:46 110592]
GN-WIAG Utility.lnk - C:\Program Files\Gigabyte\Gigabyte GN-WIAG 802.11g WLan\G-EzLink.exe [2006-07-10 00:09:08 1765376]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-05-04 20:37:26 124912]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-23 23:28:44 282624]
TabUserW.lnk - C:\Program Files\Wacom\TabUserW.exe [2006-07-18 16:43:15 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bfrgnos"= {DBA22AE8-DC29-460B-BCE0-5DDFBC1323BB} - C:\WINDOWS\bfrgnos.dll [2008-02-05 19:30 294912]
"afxlspw"= {5A5EB878-5790-4585-9BE6-7CBDF710B3DD} - C:\WINDOWS\afxlspw.dll [2008-02-05 19:30 241664]

R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 16:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 16:09]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
S1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Pete\Desktop\VCdRom.sys []
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 15:32]
S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-12-14 17:06]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\WG511ICB.sys [2004-03-22 15:50]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-12-14 17:06]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 04:15:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 14:53:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-08 14:57:08
ComboFix-quarantined-files.txt 2008-02-08 22:57:04
.
2008-02-08 20:51:25 --- E O F ---


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 08, 2008 7:55:52 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/02/2008
Kaspersky Anti-Virus database records: 555663
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 111137
Number of viruses found: 15
Number of infected objects: 43
Number of suspicious objects: 0
Duration of the scan process: 04:34:02

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080207124122\backup\DOCUME~1\Pete\LOCALS~1\Temp\BIT412.tmp/stream/Script Infected: not-a-virus:AdWare.Win32.Vapsup.avw skipped
C:\Deckard\System Scanner\20080207124122\backup\DOCUME~1\Pete\LOCALS~1\Temp\BIT412.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.ave skipped
C:\Deckard\System Scanner\20080207124122\backup\DOCUME~1\Pete\LOCALS~1\Temp\BIT412.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Vapsup.avf skipped
C:\Deckard\System Scanner\20080207124122\backup\DOCUME~1\Pete\LOCALS~1\Temp\BIT412.tmp/stream/data0005 Infected: not-a-virus:AdWare.Win32.Vapsup.avg skipped
C:\Deckard\System Scanner\20080207124122\backup\DOCUME~1\Pete\LOCALS~1\Temp\BIT412.tmp/stream/data0006 Infected: not-a-virus:AdWare.Win32.Vapsup.avh skipped
C:\Deckard\System Scanner\20080207124122\backup\DOCUME~1\Pete\LOCALS~1\Temp\BIT412.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.avi skipped
C:\Deckard\System Scanner\20080207124122\backup\DOCUME~1\Pete\LOCALS~1\Temp\BIT412.tmp/stream/data0009 Infected: not-a-virus:AdWare.Win32.Vapsup.avj skipped
C:\Deckard\System Scanner\20080207124122\backup\DOCUME~1\Pete\LOCALS~1\Temp\BIT412.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.avj skipped
C:\Deckard\System Scanner\20080207124122\backup\DOCUME~1\Pete\LOCALS~1\Temp\BIT412.tmp NSIS: infected - 8 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00d8065a351285528ae2ffd215cebb1c_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10be74aaf6c4bd6b0c8f6bbda3fdf7ad_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\139a26d1681111b28b83a4934844be30_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1473a13ef5da0232a15f359364f76cb9_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44e7bda0a270f9ca59a18aacedbda87d_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50d77f5c31f6a3587a5ccae3e5114ed0_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5caecc4bdc4ee11cc597ecdf1a7ab3a1_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\687a5bc3eb9c61d675e0e296f4d28ef5_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f7a7f827cb18e33860ef03456f3d7e1_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7254b8019dff9ecacf527874e5e244de_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7351fab778f501727121965dd42ec140_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7824a037537478f1a53b17dfcfa11d19_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7bfc0405dcf6684bf0ba9e7286ef676e_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94f5ffd0314162be84f341e103d746d5_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a44b9d87b2013ea9cef5572d38fc436a_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6b690dfa26caaf21781b462f583b524_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf1782c66bc724acd3e3354b9ae3dd02_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cba80b2f7efd7b43f5494c06875e13ca_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d264178e26a9e0439b95e55d71ac4d3d_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4482ed4e720e9305f37c2e90eadea02_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da2bf8bf83b6824e9200d80b1258b165_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e60b0dced10b367118f2918e80514ba2_84e67c48-e5de-46d5-811b-ba210b51315b Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12102006-175701.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Zune\ZuneNSSStore.sdf Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\Advanced Invisible Keylogger.exe.bac_a05144 Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.15 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05144/Crack/Advanced Invisible Keylogger.exe Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.15 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05144/Setup.exe/stream/data0005 Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.15 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05144/Setup.exe/stream/data0006 Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.15 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05144/Setup.exe/stream/data0007 Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.24 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05144/Setup.exe/stream Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.24 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05144/Setup.exe Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.24 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05144 RAR: infected - 6 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05144 CryptFF.b: infected - 6 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05292/Crack/Advanced Invisible Keylogger.exe Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.15 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05292/Setup.exe/stream/data0005 Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.15 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05292/Setup.exe/stream/data0006 Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.15 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05292/Setup.exe/stream/data0007 Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.24 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05292/Setup.exe/stream Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.24 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05292/Setup.exe Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.24 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05292 RAR: infected - 6 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\HTG.rar.bac_a05292 CryptFF.b: infected - 6 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\kslogger.exe.bac_a05144 Infected: Trojan-Spy.Win32.KeyLogger.qm skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\ksLogger.zip.bac_a05144/sys007s.exe Infected: Trojan-Spy.Win32.KeyLogger.qm skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\ksLogger.zip.bac_a05144/Sys007dll.dll Infected: Trojan-Spy.Win32.KeyLogger.qm skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\ksLogger.zip.bac_a05144/kslogger.exe Infected: Trojan-Spy.Win32.KeyLogger.qm skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\ksLogger.zip.bac_a05144 ZIP: infected - 3 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\ksLogger.zip.bac_a05144 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\Sys007dll.dll.bac_a05144 Infected: Trojan-Spy.Win32.KeyLogger.qm skipped
C:\Documents and Settings\Pete\.housecall6.6\Quarantine\sys007s.exe.bac_a05144 Infected: Trojan-Spy.Win32.KeyLogger.qm skipped
C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\z6abujzy.default\cert8.db Object is locked skipped
C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\z6abujzy.default\history.dat Object is locked skipped
C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\z6abujzy.default\key3.db Object is locked skipped
C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\z6abujzy.default\parent.lock Object is locked skipped
C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\z6abujzy.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Pete\Application Data\Mozilla\Firefox\Profiles\z6abujzy.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Pete\Application Data\MySpace\IM\Logs\MySpaceIM-20080207-201730.log Object is locked skipped
C:\Documents and Settings\Pete\Application Data\MySpace\IM\SkypeCache\myspace#3alazarusfive\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Pete\Application Data\MySpace\IM\SkypeCache\myspace#3alazarusfive\index2.dat Object is locked skipped
C:\Documents and Settings\Pete\Application Data\MySpace\IM\SkypeCache\myspace#3alazarusfive\profile256.dbb Object is locked skipped
C:\Documents and Settings\Pete\Application Data\MySpace\IM\SkypeCache\myspace#3alazarusfive\user1024.dbb Object is locked skipped
C:\Documents and Settings\Pete\Application Data\MySpace\IM\SkypeCache\myspace#3alazarusfive\user256.dbb Object is locked skipped
C:\Documents and Settings\Pete\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Pete\Desktop\Quivic_net\kgb_undetectable.exe/file199 Infected: not-a-virus:Monitor.Win32.KGBSpy.i skipped
C:\Documents and Settings\Pete\Desktop\Quivic_net\kgb_undetectable.exe Inno: infected - 1 skipped
C:\Documents and Settings\Pete\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Pete\Local Settings\Application Data\Mozilla\Firefox\Profiles\z6abujzy.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Pete\Local Settings\Application Data\Mozilla\Firefox\Profiles\z6abujzy.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Pete\Local Settings\Application Data\Mozilla\Firefox\Profiles\z6abujzy.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Pete\Local Settings\Application Data\Mozilla\Firefox\Profiles\z6abujzy.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Pete\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pete\Local Settings\History\History.IE5\MSHist012008020820080209\index.dat Object is locked skipped
C:\Documents and Settings\Pete\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Pete\Local Settings\Temp\Perflib_Perfdata_ffc.dat Object is locked skipped
C:\Documents and Settings\Pete\Local Settings\Temp\~DFB263.tmp Object is locked skipped
C:\Documents and Settings\Pete\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Pete\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pete\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Pete\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080207-111558-409.dll Infected: not-a-virus:AdWare.Win32.Vapsup.awl skipped
C:\QooBox\Quarantine\C\WINDOWS\edfqvrw.dll.vir Infected: not-a-virus:AdWare.Win32.Vapsup.avg skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F1FFDA57-6AC3-4D60-94D5-63F7B72BB448}\RP4\A0000343.exe Infected: not-a-virus:AdWare.Win32.Vapsup.awn skipped
C:\System Volume Information\_restore{F1FFDA57-6AC3-4D60-94D5-63F7B72BB448}\RP4\A0000354.dll Infected: not-a-virus:AdWare.Win32.Vapsup.awl skipped
C:\System Volume Information\_restore{F1FFDA57-6AC3-4D60-94D5-63F7B72BB448}\RP7\A0002490.dll Infected: not-a-virus:AdWare.Win32.Vapsup.avg skipped
C:\System Volume Information\_restore{F1FFDA57-6AC3-4D60-94D5-63F7B72BB448}\RP7\change.log Object is locked skipped
C:\WINDOWS\afxlspw.dll Infected: not-a-virus:AdWare.Win32.Vapsup.awm skipped
C:\WINDOWS\bfrgnos.dll Infected: not-a-virus:AdWare.Win32.Vapsup.awk skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_318.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



NEW HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:17 PM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1152926926\ee\AOLSoftware.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Gigabyte\Gigabyte GN-WIAG 802.11g WLan\G-EzLink.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wacom\TabUserW.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152926926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GN-WIAG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WIAG 802.11g WLan\G-EzLink.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O21 - SSODL: bfrgnos - {DBA22AE8-DC29-460B-BCE0-5DDFBC1323BB} - C:\WINDOWS\bfrgnos.dll
O21 - SSODL: afxlspw - {5A5EB878-5790-4585-9BE6-7CBDF710B3DD} - C:\WINDOWS\afxlspw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Li
  • 0

#4
RatHat
Posted 08 February 2008 - 10:44 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Please uninstall the following programs:


J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
Viewpoint Media Player

  • Go to Start then Settings, then Control Panel
  • Choose Add or Remove Programs
  • Remove all of the above
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\bfrgnos.dll
C:\WINDOWS\afxlspw.dll
C:\Documents and Settings\Pete\Desktop\Quivic_net\kgb_undetectable.exe

Folder::
C:\Documents and Settings\All Users\Application Data\Viewpoint

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bfrgnos"= -
"afxlspw"= -


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Start Update" link under Manual Update.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Do Not Automatically generate report"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan along with the combofix log and a fresh HijackThis log, and let me know how your computer is behaving.

Regards,
RatHat
  • 0

#5
Lazarusfive
Posted 09 February 2008 - 04:53 PM

Lazarusfive

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
It seems okay for now, but it's running really slow.

COMBOFIX LOG:

ComboFix 08-02.05.3 - Pete 2008-02-09 1:13:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.351 [GMT -8:00]
Running from: C:\Documents and Settings\Pete\Desktop\Virus stuff\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Pete\Desktop\Virus stuff\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\Pete\Desktop\Quivic_net\kgb_undetectable.exe
C:\WINDOWS\afxlspw.dll
C:\WINDOWS\bfrgnos.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Pete\Desktop\Quivic_net\kgb_undetectable.exe
C:\WINDOWS\afxlspw.dll
C:\WINDOWS\bfrgnos.dll

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-08 20:17 . 2004-08-03 23:56 388,608 --a------ C:\kmd.exe
2008-02-08 15:05 . 2008-02-08 15:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-08 15:05 . 2008-02-08 15:05 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-08 15:05 . 2008-02-08 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-08 14:45 . 2008-02-08 22:35 <DIR> d-------- C:\ComboFix
2008-02-08 14:45 . 2008-02-08 14:45 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-02-08 13:27 . 2008-02-08 14:10 <DIR> d-------- C:\xpsp2
2008-02-08 13:26 . 2008-02-08 13:27 <DIR> d-------- C:\xpcd
2008-02-07 14:08 . 2008-02-07 15:37 <DIR> d-------- C:\SDFix
2008-02-07 11:42 . 2008-02-07 11:42 <DIR> d-------- C:\Deckard
2008-02-07 01:02 . 2007-09-11 11:55 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-02-07 01:02 . 2007-09-11 11:55 52,368 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-02-07 01:00 . 2008-02-07 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-02-07 00:59 . 2008-02-07 11:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-06 16:34 . 2007-09-11 11:55 138,512 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-23 01:05 . 2008-02-03 22:30 <DIR> d-------- C:\Documents and Settings\Pete\browser - logitech
2008-01-23 01:04 . 2008-01-23 01:04 <DIR> d-------- C:\Documents and Settings\Pete\logitech
2008-01-23 01:02 . 2008-01-23 01:02 <DIR> d-------- C:\Program Files\Logitech
2008-01-23 01:02 . 2008-01-23 01:02 <DIR> d-------- C:\Program Files\Common Files\Remote Control USB Driver
2008-01-23 01:02 . 2008-01-23 01:04 <DIR> d-------- C:\Program Files\Common Files\Remote Control Software Common
2008-01-18 16:56 . 2008-01-18 19:10 <DIR> d-------- C:\Program Files\LG Data Transfer
2008-01-09 02:00 . 2008-01-09 02:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 08:57 --------- d-----w C:\Program Files\Java
2008-02-08 20:50 --------- d-----w C:\Documents and Settings\Pete\Application Data\tunebite
2008-02-08 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-08 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-02-07 08:43 --------- d-----w C:\Program Files\Lavasoft
2008-02-07 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-04 20:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 09:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-22 16:14 --------- d-----w C:\Documents and Settings\Pete\Application Data\AdobeUM
2008-01-17 11:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-17 11:00 --------- d-----w C:\Documents and Settings\Pete\Application Data\Symantec
2008-01-17 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-12 04:27 --------- d-----w C:\Program Files\Symantec
2008-01-02 08:16 --------- d-----w C:\Program Files\Google
2007-12-22 05:40 --------- d-----w C:\Program Files\Verizon Wireless
2007-12-18 18:33 --------- d-----w C:\Program Files\RegScrubXP
2007-12-17 03:20 --------- d-----w C:\Program Files\Palm
2007-12-16 03:27 --------- d-----w C:\Documents and Settings\Pete\Application Data\Canon
2007-12-15 01:11 --------- d-----w C:\Documents and Settings\Pete\Application Data\Skype
2007-12-15 01:06 513,152 ----a-w C:\WINDOWS\system32\drivers\SndTDriverV32.sys
2007-12-15 01:06 3,768 ----a-w C:\WINDOWS\system32\drivers\MovRVDrv32.sys
2007-12-13 20:19 --------- d-----w C:\Documents and Settings\Pete\Application Data\Snapfish
2007-12-13 05:37 --------- d-----w C:\Program Files\iTunes
2007-12-13 05:36 --------- d-----w C:\Program Files\iPod
2007-12-13 05:29 --------- d-----w C:\Program Files\QuickTime
2007-12-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\YesVideo
2007-12-10 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-10 06:46 --------- d-----w C:\Program Files\AIM6
2007-11-16 05:51 80,288 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2007-11-16 05:51 72,608 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2007-11-16 05:51 59,296 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2007-11-16 05:51 45,472 ----a-w C:\WINDOWS\system32\ZuneUsbConnection.dll
2007-11-16 05:51 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2007-11-16 05:51 155,552 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2007-04-10 00:39 92,064 ----a-w C:\Documents and Settings\Pete\mqdmmdm.sys
2007-04-10 00:39 9,232 ----a-w C:\Documents and Settings\Pete\mqdmmdfl.sys
2007-04-10 00:39 79,328 ----a-w C:\Documents and Settings\Pete\mqdmserd.sys
2007-04-10 00:39 66,656 ----a-w C:\Documents and Settings\Pete\mqdmbus.sys
2007-04-10 00:39 6,208 ----a-w C:\Documents and Settings\Pete\mqdmcmnt.sys
2007-04-10 00:39 5,936 ----a-w C:\Documents and Settings\Pete\mqdmwhnt.sys
2007-04-10 00:39 4,048 ----a-w C:\Documents and Settings\Pete\mqdmcr.sys
2007-04-10 00:39 25,600 ----a-w C:\Documents and Settings\Pete\usbsermptxp.sys
2007-04-10 00:39 22,768 ----a-w C:\Documents and Settings\Pete\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 07:20 50528]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" [2006-07-14 12:54 1957977]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 17:47 8720384]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-05-14 05:20 55296 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 20:10 335872]
"CHotkey"="mHotkey.exe" [2001-12-26 13:12 472576 C:\WINDOWS\mHotkey.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 08:51 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 08:44 610304]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 01:50 155648]
"HostManager"="C:\Program Files\Common Files\AOL\1152926926\ee\AOLSoftware.exe" [2006-05-09 16:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 08:59 124520]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-03-25 10:13 69632]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-02-27 03:36 757760]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-02-26 15:50 253952]
"CTHelper"="CTHELPER.EXE" [2005-12-08 11:06 16384 C:\WINDOWS\CTHELPER.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-23 23:08 49152]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-03 19:29 50688]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 21:51 166304]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 13:34 3739648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-01-21 12:16 1393928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 17:47 8720384]

C:\Documents and Settings\Pete\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-10 07:18:46 110592]
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2002-07-18 11:58:46 299008]
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-12-21 21:40:03 951640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-10 07:18:46 110592]
GN-WIAG Utility.lnk - C:\Program Files\Gigabyte\Gigabyte GN-WIAG 802.11g WLan\G-EzLink.exe [2006-07-10 00:09:08 1765376]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-05-04 20:37:26 124912]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-23 23:28:44 282624]
TabUserW.lnk - C:\Program Files\Wacom\TabUserW.exe [2006-07-18 16:43:15 77824]

R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 16:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 16:09]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
R3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\WG511ICB.sys [2004-03-22 15:50]
S1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Pete\Desktop\VCdRom.sys []
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 15:32]
S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-12-14 17:06]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-12-14 17:06]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 04:15:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 01:36:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-09 1:47:27
ComboFix-quarantined-files.txt 2008-02-09 09:47:03
ComboFix2.txt 2008-02-09 04:34:24
ComboFix3.txt 2008-02-08 22:57:10
.
2008-02-08 20:51:25 --- E O F ---





HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:44 PM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1152926926\ee\AOLSoftware.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Gigabyte\Gigabyte GN-WIAG 802.11g WLan\G-EzLink.exe
C:\Program Files\Wacom\TabUserW.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.net/index.php
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152926926\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GN-WIAG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WIAG 802.11g WLan\G-EzLink.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 9940 bytes
  • 0

#6
Lazarusfive
Posted 09 February 2008 - 05:07 PM

Lazarusfive

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
AVG LOG
  • 0

#7
RatHat
Posted 09 February 2008 - 08:10 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
AVG Log did not come through, could you post it again?


Please run ATF Cleaner again.

Now lets do a bit of a tune up of your machine.

Firstly, lets get rid of all the old prefetch files, that could be slowing things down a bit:

Click Start then Run, type prefetch then press enter. Click Edit then Select All, (all files will highlight), right click any file, click delete, confirm. This will empty all the old prefetch files, and Windows will rebuild the new ones that it needs. If you want to find out more about what Prefetch does, click here.

Now, lets run Disk Cleanup:

Click Start then All Programmes, then Accessories, then system tools. Locate Disk Cleanup and click to run it. Clean all your drives, then reboot your computer.

Next run a defrag: Start then All Programmes, then Accessories, then system tools. Locate Disk Defragmenter and click to run it. Highlight a drive, and click Defragment. Repeat for each of your drives.

Another good way to improve the speed of your computer is by downloading and installing Tune-Up Utilities.

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable the anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor.

Let me know if your speed improves.

Regards,
RatHat
  • 0

#8
Lazarusfive
Posted 09 February 2008 - 10:05 PM

Lazarusfive

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
For some reason, it won't upload and it's a huge notepad doc.
  • 0

#9
RatHat
Posted 09 February 2008 - 11:49 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Can you attach it instead:

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Also let me know how your computer is behaving now.

Regards,
RatHat
  • 0

#10
RatHat
Posted 13 February 2008 - 04:12 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Do you still require assistance with this log?

Regards,
RatHat
  • 0

#11
RatHat
Posted 16 February 2008 - 07:47 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact myself or another staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP