Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

osj.exe? [RESOLVED]


  • This topic is locked This topic is locked

#1
DForce

DForce

    New Member

  • Member
  • Pip
  • 5 posts
Hey, looks like my I've contracted a virus over MSN. Since the virus has been running a mysterious "osj.exe" has appeared.
Any help is greatly appreciated!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:01 AM, on 9/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msvs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\winampa.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [osj] C:\WINDOWS\system32\osj.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.2.100.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53852.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C08AD9A-2E3B-44FB-9CFD-54BEC3ADB82A}: Domain = nsw.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C08AD9A-2E3B-44FB-9CFD-54BEC3ADB82A}: Domain = nsw.bigpond.net.au
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler Service (o6kagpmgo) - Unknown owner - C:\WINDOWS\system32\osj.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 15183 bytes
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Did you install PokerStars.NET?

Please print the below instructions or copy them to Notepad.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingc...showtutorial=61 ). Make sure to close any internet browsers that may still be open.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

WinBudget

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IE - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [osj] C:\WINDOWS\system32\osj.exe
O23 - Service: Print Spooler Service (o6kagpmgo) - Unknown owner - C:\WINDOWS\system32\osj.exe (file missing)


Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

sc stop o6kagpmgo
sc delete o6kagpmgo
del delete.bat


Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.


Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Program Files\WinBudget\
C:\WINDOWS\VirtualDNS.dll
C:\WINDOWS\system32\osj.exe


Restart and run a new HijackThis scan. Save the log file and post it here.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

Post a new HijackThis log here also.
  • 0

#3
DForce

DForce

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Yes, that is my fathers program...
Should I go ahead with all instructions?
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Yes, you may proceed with the other instructions :)
  • 0

#5
DForce

DForce

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the ComboFix Log...

ComboFix 08-02-15.2 - HP_Administrator 2008-02-16 3:46:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.789 [GMT 11:00]
Running from: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z93TMCAR\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\{3C684~1
C:\Program Files\Common Files\{3C684~1\Uninst.exe
C:\Program Files\Common Files\{4C684~1
C:\Program Files\inetget2
C:\Program Files\printview
C:\Program Files\printview\chnlist.dat
C:\Program Files\printview\hotlist.dat
C:\Program Files\printview\printhook030.dll
C:\Program Files\printview\remlist.dat
C:\Program Files\printview\setup.exe
C:\WINDOWS\Downloaded Program Files\speedtest2.dll
C:\WINDOWS\system32\drivers\sfsync03.sys
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC03
-------\sfsync03


((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-15 02:43 . 2008-02-15 02:44 <DIR> d-------- C:\Program Files\NINTENDO DS GAME BROWSER
2008-02-15 02:43 . 2008-02-15 02:43 286,720 --------- C:\WINDOWS\Setup1.exe
2008-02-15 02:43 . 2008-02-15 02:43 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-10 15:43 . 2008-02-10 15:44 <DIR> d-------- C:\Program Files\ACW
2008-02-09 04:26 . 2008-02-09 04:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 03:55 . 2008-02-10 15:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-02 00:11 . 2008-02-02 00:11 <DIR> d-------- C:\WINDOWS\system32\Plugins
2008-02-01 17:28 . 2008-02-01 17:28 <DIR> d-------- C:\Program Files\Unity
2008-01-29 12:23 . 2008-01-29 12:23 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-29 12:23 . 2008-01-29 17:08 <DIR> d-------- C:\WINDOWS\system\bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 17:06 --------- d-----w C:\Program Files\Steam2
2008-02-15 11:05 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2008-02-15 05:35 --------- d-----w C:\Documents and Settings\Victoria.COMPUTER\Application Data\LimeWire
2008-02-15 03:55 --------- d-----w C:\Program Files\BitTorrent
2008-02-14 22:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-13 09:12 --------- d-----w C:\Program Files\WiFiConnector
2008-02-12 08:20 --------- d-----w C:\Program Files\PokerStars.NET
2008-02-10 04:30 --------- d-----w C:\Program Files\MyFree Codec
2008-02-09 05:18 --------- d-----w C:\Program Files\MSN Messenger
2008-02-08 06:30 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-08 06:22 --------- d-----w C:\Program Files\PhanTim3
2008-02-08 06:21 --------- d-----w C:\Program Files\DAP
2008-02-08 06:19 --------- d-----w C:\Program Files\Google
2008-01-29 09:41 --------- d-----w C:\Program Files\MySpace
2008-01-29 01:30 --------- d-----w C:\Program Files\Winamp
2008-01-29 01:30 --------- d-----w C:\Program Files\QuickTime
2008-01-29 01:30 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-29 01:30 --------- d-----w C:\Program Files\iTunes
2008-01-11 12:19 --------- d-----w C:\Program Files\City of Heroes
2008-01-05 04:38 --------- d-----w C:\Documents and Settings\Victoria.COMPUTER\Application Data\Winamp
2008-01-03 07:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 08:25 --------- d-----w C:\Documents and Settings\Victoria.COMPUTER\Application Data\MusicNet
2008-01-02 07:19 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-01-02 07:19 --------- d-----w C:\Program Files\MarkAny
2008-01-02 07:19 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\DataCast
2008-01-02 07:18 --------- d-----w C:\Program Files\Samsung
2008-01-02 07:17 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
2007-12-24 12:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
2007-12-23 09:58 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype
2007-12-23 07:10 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-23 07:10 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\skypePM
2007-12-23 07:08 --------- d-----w C:\Program Files\Skype
2007-12-23 07:08 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-23 07:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-20 16:10 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-15 02:10 --------- d-----w C:\Documents and Settings\Ken\Application Data\Winamp
2007-12-15 02:04 --------- d-----w C:\Documents and Settings\Ken\Application Data\MySpace
2006-10-22 11:06 113,664 ----a-w C:\Documents and Settings\Ailiesh.COMPUTER\goll.exe
2006-10-22 11:06 109,056 ----a-w C:\Documents and Settings\Ailiesh.COMPUTER\drv.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 253,952 2005-05-11 00:50:42 C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe
----a-w 14,348 2008-01-29 01:28:26 C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

----a-w 61,440 2005-02-02 23:44:24 C:\hp\KBD\bak\KBD.EXE
----a-w 14,348 2008-01-29 01:28:26 C:\hp\KBD\KBD.EXE

----a-w 153,136 2007-03-01 05:57:24 C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe

----a-w 152,872 2007-06-27 09:03:40 C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe

----a-w 284,184 2006-10-30 14:03:48 C:\Program Files\Common Files\Logitech\LComMgr\bak\Communications_Helper.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

----a-w 244,512 2006-11-15 11:01:52 C:\Program Files\Common Files\Logitech\LComMgr\bak\LVComSX.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

----a-w 49,824 2006-04-12 01:54:46 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

----a-w 49,152 2005-06-02 06:35:56 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

----a-w 49,152 2005-05-11 20:12:54 C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

----a-w 256,576 2006-10-29 22:36:36 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 132,496 2007-09-24 14:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

----a-w 746,520 2006-11-15 10:58:40 C:\Program Files\Logitech\QuickCam10\bak\QuickCam10.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

----a-w 22,656 2005-03-30 00:03:18 C:\Program Files\Norton Internet Security\bak\UrlLstCk.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Norton Internet Security\UrlLstCk.exe

----a-w 282,624 2006-10-25 07:58:18 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\QuickTime\qttask.exe

----a-w 132,624 2007-09-19 21:23:44 C:\Program Files\Samsung\Samsung Media Studio 5\bak\SMSTray.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

----a-w 81,920 2006-01-06 16:36:10 C:\Program Files\Sony\SonicStage\bak\SsAAD.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Sony\SonicStage\SsAAD.exe

----a-w 36,352 2007-10-10 05:28:32 C:\Program Files\Winamp\bak\winampa.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Winamp\winampa.exe

----a-w 663,552 2004-12-13 15:23:44 C:\WINDOWS\CREATOR\bak\Remind_XP.exe
----a-w 14,348 2008-01-29 01:28:26 C:\WINDOWS\CREATOR\Remind_XP.exe

----a-w 64,512 2005-08-05 10:56:34 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-05 10:56:34 C:\WINDOWS\ehome\ehtray.exe

----a-w 208,952 2004-08-10 11:00:00 C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-08-10 11:00:00 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

----a-w 233,472 2004-04-14 20:43:46 C:\WINDOWS\SMINST\bak\RECGUARD.EXE
----a-w 14,348 2008-01-29 01:28:26 C:\WINDOWS\SMINST\RECGUARD.EXE

----a-w 181 2008-02-12 08:46:53 C:\WINDOWS\system\bak\hpsysdrv.DAT
----a-w 246 2008-01-29 05:38:07 C:\WINDOWS\system\hpsysdrv.dat

----a-w 52,736 1998-05-07 16:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe
----a-w 14,348 2008-01-29 01:28:26 C:\WINDOWS\system\hpsysdrv.exe

----a-w 15,360 2004-08-10 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-10 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 59,392 2004-08-10 11:00:00 C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe
----a-w 59,392 2004-08-10 11:00:00 C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe

----a-w 455,168 2004-08-10 11:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE
----a-w 455,168 2004-08-10 11:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 23:00 15360]
"MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2004-10-14 10:24 1694208]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 10:01 43008]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\dlm.exe" [2007-03-05 14:57 1103480]
"Steam"="C:\Program Files\Steam2\Steam.exe" [2007-12-01 22:16 1266936]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-17 02:29 3313664]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 12:47 8720384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 22:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 22:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 22:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 22:00 455168]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 00:19 77312 C:\WINDOWS\arpwrmsg.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-29 12:28 14348]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2008-01-29 12:28 14348]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 01:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-04 12:43 90112 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-05 04:01 2805248 C:\WINDOWS\ALCWZRD.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2008-01-29 12:28 14348]
"KBD"="C:\HP\KBD\KBD.EXE" [2008-01-29 12:28 14348]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2008-01-29 12:28 14348]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-29 12:28 14348]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2008-01-29 12:28 14348]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2008-01-29 12:28 14348]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2008-01-29 12:28 14348]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2008-01-29 12:28 14348]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2008-01-29 12:28 14348]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-29 12:28 14348]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-29 12:28 14348]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [ ]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2008-01-29 12:28 14348]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2008-01-29 12:28 14348]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2008-01-29 12:28 14348]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"WinampAgent"="C:\PROGRAM FILES\WINAMP\winampa.exe" [2008-01-29 12:28 14348]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2008-01-29 12:28 14348]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 12:47 8720384]

C:\Documents and Settings\Victoria.COMPUTER\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-08-17 09:00:00 147456]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-01-20 16:19:19 229376]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 12:44:06 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 07:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
S2 o6kagpmgo;Print Spooler Service;C:\WINDOWS\system32\osj.exe []
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 01:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 09:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-10 02:00:00 C:\WINDOWS\Tasks\Rising Conflicts Updates.job"
- C:\WINDOWS\Installer\Rising Conflicts Updates.lnk
"2006-10-12 23:20:02 C:\WINDOWS\Tasks\Update Rising Conflicts.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 04:05:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2008-02-16 4:13:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 17:13:53
.
2007-12-20 16:10:45 --- E O F ---









And the HijackThis log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:57 AM, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Steam2\Steam.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\winampa.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.2.100.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53852.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C08AD9A-2E3B-44FB-9CFD-54BEC3ADB82A}: Domain = nsw.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C08AD9A-2E3B-44FB-9CFD-54BEC3ADB82A}: Domain = nsw.bigpond.net.au
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler Service (o6kagpmgo) - Unknown owner - C:\WINDOWS\system32\osj.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 14377 bytes

Edited by DForce, 15 February 2008 - 11:26 AM.

  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

sc stop o6kagpmgo
sc delete o6kagpmgo
del delete.bat


Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.


Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\Documents and Settings\Ailiesh.COMPUTER\goll.exe
C:\Documents and Settings\Ailiesh.COMPUTER\drv.exe

Driver::
LEGACY_SFSYNC03
sfsync03
o6kagpmgo

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Post a new HijackThis log here.

Any improvements?
  • 0

#7
DForce

DForce

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Combofix Log...

ComboFix 08-02-16.2 - HP_Administrator 2008-02-16 15:59:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.741 [GMT 11:00]
Running from: C:\Documents and Settings\HP_Administrator\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\My Documents\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-15 02:43 . 2008-02-15 02:44 <DIR> d-------- C:\Program Files\NINTENDO DS GAME BROWSER
2008-02-15 02:43 . 2008-02-15 02:43 286,720 --------- C:\WINDOWS\Setup1.exe
2008-02-15 02:43 . 2008-02-15 02:43 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-10 15:43 . 2008-02-10 15:44 <DIR> d-------- C:\Program Files\ACW
2008-02-09 04:26 . 2008-02-09 04:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 03:55 . 2008-02-10 15:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-02 00:11 . 2008-02-02 00:11 <DIR> d-------- C:\WINDOWS\system32\Plugins
2008-02-01 17:28 . 2008-02-01 17:28 <DIR> d-------- C:\Program Files\Unity
2008-01-29 12:23 . 2008-01-29 12:23 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-29 12:23 . 2008-01-29 17:08 <DIR> d-------- C:\WINDOWS\system\bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 20:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-15 17:21 --------- d-----w C:\Program Files\Steam2
2008-02-15 11:05 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2008-02-15 05:35 --------- d-----w C:\Documents and Settings\Victoria.COMPUTER\Application Data\LimeWire
2008-02-15 03:55 --------- d-----w C:\Program Files\BitTorrent
2008-02-13 09:12 --------- d-----w C:\Program Files\WiFiConnector
2008-02-12 08:20 --------- d-----w C:\Program Files\PokerStars.NET
2008-02-10 04:30 --------- d-----w C:\Program Files\MyFree Codec
2008-02-09 05:18 --------- d-----w C:\Program Files\MSN Messenger
2008-02-08 06:30 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-08 06:22 --------- d-----w C:\Program Files\PhanTim3
2008-02-08 06:21 --------- d-----w C:\Program Files\DAP
2008-02-08 06:19 --------- d-----w C:\Program Files\Google
2008-01-29 09:41 --------- d-----w C:\Program Files\MySpace
2008-01-29 01:30 --------- d-----w C:\Program Files\Winamp
2008-01-29 01:30 --------- d-----w C:\Program Files\QuickTime
2008-01-29 01:30 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-29 01:30 --------- d-----w C:\Program Files\iTunes
2008-01-11 12:19 --------- d-----w C:\Program Files\City of Heroes
2008-01-05 04:38 --------- d-----w C:\Documents and Settings\Victoria.COMPUTER\Application Data\Winamp
2008-01-03 07:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 08:25 --------- d-----w C:\Documents and Settings\Victoria.COMPUTER\Application Data\MusicNet
2008-01-02 07:19 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-01-02 07:19 --------- d-----w C:\Program Files\MarkAny
2008-01-02 07:19 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\DataCast
2008-01-02 07:18 --------- d-----w C:\Program Files\Samsung
2008-01-02 07:17 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
2007-12-24 12:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
2007-12-23 09:58 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype
2007-12-23 07:10 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-23 07:10 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\skypePM
2007-12-23 07:08 --------- d-----w C:\Program Files\Skype
2007-12-23 07:08 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-23 07:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-20 16:10 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-14 06:19 40,960 ------w C:\WINDOWS\system32\MAMACExtract.dll
2007-11-20 04:36 118,784 ----a-w C:\WINDOWS\system32\MaDRM.dll
2006-10-22 11:06 113,664 ----a-w C:\Documents and Settings\Ailiesh.COMPUTER\goll.exe
2006-10-22 11:06 109,056 ----a-w C:\Documents and Settings\Ailiesh.COMPUTER\drv.exe
2005-05-11 20:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 253,952 2005-05-11 00:50:42 C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe
----a-w 14,348 2008-01-29 01:28:26 C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

----a-w 61,440 2005-02-02 23:44:24 C:\hp\KBD\bak\KBD.EXE
----a-w 14,348 2008-01-29 01:28:26 C:\hp\KBD\KBD.EXE

----a-w 153,136 2007-03-01 05:57:24 C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe

----a-w 152,872 2007-06-27 09:03:40 C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe

----a-w 284,184 2006-10-30 14:03:48 C:\Program Files\Common Files\Logitech\LComMgr\bak\Communications_Helper.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

----a-w 244,512 2006-11-15 11:01:52 C:\Program Files\Common Files\Logitech\LComMgr\bak\LVComSX.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

----a-w 49,824 2006-04-12 01:54:46 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

----a-w 49,152 2005-06-02 06:35:56 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

----a-w 49,152 2005-05-11 20:12:54 C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

----a-w 256,576 2006-10-29 22:36:36 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 132,496 2007-09-24 14:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

----a-w 746,520 2006-11-15 10:58:40 C:\Program Files\Logitech\QuickCam10\bak\QuickCam10.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

----a-w 22,656 2005-03-30 00:03:18 C:\Program Files\Norton Internet Security\bak\UrlLstCk.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Norton Internet Security\UrlLstCk.exe

----a-w 282,624 2006-10-25 07:58:18 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\QuickTime\qttask.exe

----a-w 132,624 2007-09-19 21:23:44 C:\Program Files\Samsung\Samsung Media Studio 5\bak\SMSTray.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

----a-w 81,920 2006-01-06 16:36:10 C:\Program Files\Sony\SonicStage\bak\SsAAD.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Sony\SonicStage\SsAAD.exe

----a-w 36,352 2007-10-10 05:28:32 C:\Program Files\Winamp\bak\winampa.exe
----a-w 14,348 2008-01-29 01:28:26 C:\Program Files\Winamp\winampa.exe

----a-w 663,552 2004-12-13 15:23:44 C:\WINDOWS\CREATOR\bak\Remind_XP.exe
----a-w 14,348 2008-01-29 01:28:26 C:\WINDOWS\CREATOR\Remind_XP.exe

----a-w 64,512 2005-08-05 10:56:34 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-05 10:56:34 C:\WINDOWS\ehome\ehtray.exe

----a-w 208,952 2004-08-10 11:00:00 C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-08-10 11:00:00 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

----a-w 233,472 2004-04-14 20:43:46 C:\WINDOWS\SMINST\bak\RECGUARD.EXE
----a-w 14,348 2008-01-29 01:28:26 C:\WINDOWS\SMINST\RECGUARD.EXE

----a-w 181 2008-02-12 08:46:53 C:\WINDOWS\system\bak\hpsysdrv.DAT
----a-w 246 2008-01-29 05:38:07 C:\WINDOWS\system\hpsysdrv.dat

----a-w 52,736 1998-05-07 16:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe
----a-w 14,348 2008-01-29 01:28:26 C:\WINDOWS\system\hpsysdrv.exe

----a-w 15,360 2004-08-10 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-10 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 59,392 2004-08-10 11:00:00 C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe
----a-w 59,392 2004-08-10 11:00:00 C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe

----a-w 455,168 2004-08-10 11:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE
----a-w 455,168 2004-08-10 11:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 23:00 15360]
"MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2004-10-14 10:24 1694208]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 10:01 43008]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\dlm.exe" [2007-03-05 14:57 1103480]
"Steam"="C:\Program Files\Steam2\Steam.exe" [2007-12-01 22:16 1266936]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-17 02:29 3313664]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 12:47 8720384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56 64512]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 22:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 22:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 22:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 22:00 455168]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 00:19 77312 C:\WINDOWS\arpwrmsg.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-29 12:28 14348]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2008-01-29 12:28 14348]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 01:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-04 12:43 90112 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-05 04:01 2805248 C:\WINDOWS\ALCWZRD.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2008-01-29 12:28 14348]
"KBD"="C:\HP\KBD\KBD.EXE" [2008-01-29 12:28 14348]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2008-01-29 12:28 14348]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-29 12:28 14348]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2008-01-29 12:28 14348]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2008-01-29 12:28 14348]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2008-01-29 12:28 14348]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2008-01-29 12:28 14348]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2008-01-29 12:28 14348]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-29 12:28 14348]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-29 12:28 14348]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [ ]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2008-01-29 12:28 14348]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2008-01-29 12:28 14348]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2008-01-29 12:28 14348]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"WinampAgent"="C:\PROGRAM FILES\WINAMP\winampa.exe" [2008-01-29 12:28 14348]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2008-01-29 12:28 14348]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 12:47 8720384]

C:\Documents and Settings\Victoria.COMPUTER\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-08-17 09:00:00 147456]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-01-20 16:19:19 229376]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 12:44:06 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 07:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 01:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 09:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-10 02:00:00 C:\WINDOWS\Tasks\Rising Conflicts Updates.job"
- C:\WINDOWS\Installer\Rising Conflicts Updates.lnk
"2006-10-12 23:20:02 C:\WINDOWS\Tasks\Update Rising Conflicts.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 16:05:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-16 16:06:05
ComboFix-quarantined-files.txt 2008-02-16 05:06:02
ComboFix2.txt 2008-02-15 17:13:58
.
2007-12-20 16:10:45 --- E O F ---



HijackThis log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:32 PM, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\winampa.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1239316921-429620801-3097731554-1008\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Ailiesh')
O4 - HKUS\S-1-5-21-1239316921-429620801-3097731554-1008\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Ailiesh')
O4 - HKUS\S-1-5-21-1239316921-429620801-3097731554-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Ailiesh')
O4 - HKUS\S-1-5-21-1239316921-429620801-3097731554-1008\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Ailiesh')
O4 - HKUS\S-1-5-21-1239316921-429620801-3097731554-1008\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Ailiesh')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-21-1239316921-429620801-3097731554-1008 Startup: Xfire.lnk (User 'Ailiesh')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.2.100.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53852.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C08AD9A-2E3B-44FB-9CFD-54BEC3ADB82A}: Domain = nsw.bigpond.net.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C08AD9A-2E3B-44FB-9CFD-54BEC3ADB82A}: Domain = nsw.bigpond.net.au
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 15054 bytes
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Delete these:

C:\WINDOWS\system32\bak
C:\WINDOWS\system\bak
C:\Documents and Settings\Ailiesh.COMPUTER\goll.exe
C:\Documents and Settings\Ailiesh.COMPUTER\drv.exe


Let me know if you have problems deleting any of them.

What's inside this folder -> C:\WINDOWS\system32\Plugins

Still having any problems now?
  • 0

#9
DForce

DForce

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I followed all those instructions and I think it's okay now. I just deleted that plugin folder anyway...
Thanks alot for the help!
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Make sure you are able to delete all those files mentioned.....

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.
  • 0

#11
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP