Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

VMalum.BWWC VIRUS also Unknown spyware. consistent problems

Started by richington , Feb 27 2008 05:29 AM

Please log in to reply

#1
richington

Posted 27 February 2008 - 05:29 AM

New Member

Member
4 posts

Hello.

I've been experiencing a high number of pop ups for quite some time. I downloaded ad aware, spyware blaster and vundofix and they seemed to get rid of them, along with stopping my web browser being continually redirected to malware sites.

However, Zone Alarm keeps popping up and alerting me that various virus have been found, in particular the VMalum.BWWC virus. Zone Alarm fails to remove it, but it enables me to delete it. The virus keeps being found later, showing that it hasnt been entirely removed.

I ran vundofix and it fixed quite a few problems (Virtumonde was on there plus a few others) but the virus is still being detected and I have noticed some sluggish speed in my CPU usage. Also, when i run ad-watch, the 'changes' to system registy field rapidly increases with no indication of slowing - is this normal?

Any possibility of giving this a scan through to see if there might still be problems? Thanks for any help - much appreciated!

Cheers team.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:40, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.uk.acer.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {20730691-ce3a-4748-0fc4-16dd40e97b90} - {09b79e04-dd61-4cf0-8474-a3ec19603702} - C:\WINDOWS\system32\cbdcmjyg.dll
O2 - BHO: (no name) - {125B69C8-3C0A-4CAE-AA33-22DB610C1350} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {23FBC518-315F-4D61-A35A-EAC250A0F835} - (no file)
O2 - BHO: (no name) - {4099A50E-7187-482B-A534-0AF3571CB72E} - (no file)
O2 - BHO: (no name) - {428AA68F-5A18-4723-A364-3789B5CCE3E8} - (no file)
O2 - BHO: (no name) - {50D53DFA-B8AB-4EEC-82D1-CA6D97A4F7DB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5E21A865-0D62-4464-B249-7D78D832E911} - (no file)
O2 - BHO: (no name) - {6269D15B-F4A8-4574-9348-BC9AE5DB1AFA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D2FE55E5-5F39-4636-9717-B620FBB3AA78} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [1d0f117a] rundll32.exe "C:\WINDOWS\system32\bawgnnyl.dll",b
O4 - HKLM\..\Run: [BM1e3c22e6] Rundll32.exe "C:\WINDOWS\system32\pbaijiyh.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddccywu - ddccywu.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 11714 bytes

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Here too is my uninstall list:

Acer eDataSecurity Management 1.00.26
Acer eLock Management
Acer Empowering Technology framework
Acer eNet Management
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer OrbiCam Driver
Acer OrbiCam Software
Acer Screensaver
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Azureus Vuze
BarSim 1.5.3
BurnInTest v4.0 Pro
DC++ 0.699
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB909667)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB935448)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
iTunes
Java™ 6 Update 3
Launch Manager
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
mCore
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Professional with FrontPage
mMHouse
Mozilla Firefox (2.0.0.12)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mXML
NTI Backup NOW! 4.5
NTI CD & DVD-Maker
Ontrack Internet Cleanup
PowerDVD
PowerProducer
QuickTime
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Skype™ 3.6
Sonic Encoders
Spybot - Search & Destroy
SpywareBlaster v3.5.1
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update Rollup 2 for Windows XP Media Center Edition 2005
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB912067
WinRAR archiver
ZoneAlarm Security Suite

Edited by richington, 27 February 2008 - 06:42 AM.

#2
sari

Posted 28 February 2008 - 05:06 PM

GeekU Admin

Community Leader
21,806 posts

richington,

Hello, and welcome to Geeks to Go. You do still have some nasties in your log, as well as the remnants of vundo. Let's get you cleaned up.

Download ComboFix from Here or Here
or Here
to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Thanks,

sari

#3
richington

Posted 29 February 2008 - 05:53 PM

New Member

Topic Starter
Member
4 posts

Hi Sari

thanks for your reply. PLease find my combofix and hijackthis logs below.

Also, I have a RunDLL error box now appearing when windows boots. It reads: Error loading c:\system32\pbaijiyh.dll.

COMBOFIX

ComboFix 08-03-01 - Richard Bourne 2008-02-29 23:36:49.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.329 [GMT 0:00]
Running from: C:\Documents and Settings\Richard Bourne\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Richard Bourne\Application Data\inst.exe
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\_000015_.tmp.dll
C:\WINDOWS\system32\btksklil.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\tqlbfbcs.ini
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF

((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-02-27 15:14 . 2008-02-27 15:14 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-27 15:11 . 2008-02-27 15:11 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-27 11:58 . 2008-02-27 11:58 <DIR> d--hs---- C:\FOUND.011
2008-02-27 11:17 . 2008-02-27 11:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-27 10:49 . 2008-02-27 10:49 <DIR> d-------- C:\Program Files\BarSim
2008-02-27 10:42 . 2008-02-27 10:42 <DIR> d--hs---- C:\FOUND.010
2008-02-27 10:04 . 2008-02-27 10:04 <DIR> d-------- C:\VundoFix Backups
2008-02-26 20:36 . 2008-02-28 18:26 774 ---hs---- C:\WINDOWS\system32\lynngwab.ini
2008-02-26 20:31 . 2008-02-27 09:59 63,923 --a------ C:\WINDOWS\BM1e3c22e6.xml
2008-02-26 20:31 . 2008-02-27 10:44 22 --a------ C:\WINDOWS\pskt.ini
2008-02-25 11:37 . 2008-02-25 11:37 <DIR> d--hs---- C:\FOUND.009
2008-02-25 11:26 . 2008-02-25 11:26 1,254 ---hs---- C:\WINDOWS\system32\opchwfvr.ini
2008-02-25 10:55 . 2008-02-25 10:55 <DIR> d--hs---- C:\FOUND.008
2008-02-25 02:50 . 2008-02-25 02:50 <DIR> d--hs---- C:\FOUND.007
2008-02-24 23:05 . 2008-02-24 23:05 <DIR> d--hs---- C:\FOUND.006
2008-02-24 22:52 . 2008-02-24 22:52 <DIR> d--hs---- C:\FOUND.005
2008-02-24 22:36 . 2008-02-24 22:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-24 21:13 . 2008-02-25 11:16 1,194 ---hs---- C:\WINDOWS\system32\ohfnhlak.ini
2008-02-23 19:34 . 2008-03-01 23:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-23 19:34 . 2008-02-23 19:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-23 19:33 . 2008-02-23 19:33 <DIR> d-------- C:\Program Files\iTunes
2008-02-23 19:33 . 2008-02-23 19:33 <DIR> d-------- C:\Program Files\iPod
2008-02-23 19:24 . 2008-02-23 19:24 <DIR> d-------- C:\Program Files\QuickTime
2008-02-23 19:21 . 2008-02-23 19:21 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-23 09:36 . 2008-02-24 10:28 774 ---hs---- C:\WINDOWS\system32\psqohqgl.ini
2008-02-23 09:35 . 2008-02-23 09:35 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-23 09:35 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-22 23:59 . 2008-02-22 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-22 09:03 . 2008-02-23 01:57 654 ---hs---- C:\WINDOWS\system32\kmulimie.ini
2008-02-22 08:03 . 2008-02-22 08:03 <DIR> d-------- C:\Program Files\CONEXANT
2008-02-22 00:57 . 2008-02-22 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-02-21 08:59 . 2008-02-22 08:01 474 ---hs---- C:\WINDOWS\system32\huhxjdbl.ini
2008-02-20 01:35 . 2008-02-20 01:35 <DIR> d--hs---- C:\FOUND.004
2008-02-20 01:18 . 2008-02-20 01:18 <DIR> d--hs---- C:\FOUND.003
2008-02-19 17:37 . 2008-02-19 17:38 252 --a------ C:\WINDOWS\wininit.ini
2008-02-19 16:54 . 2008-02-19 16:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-19 09:26 . 2008-02-19 09:26 268 --ah----- C:\sqmdata05.sqm
2008-02-19 09:26 . 2008-02-19 09:26 244 --ah----- C:\sqmnoopt05.sqm
2008-02-04 10:41 . 2008-02-04 10:41 <DIR> d-------- C:\Program Files\DC++

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 11:54 2,283,008 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-02-27 11:41 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-02-27 11:11 41,472 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2008-02-27 11:10 2,282,496 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-02-27 11:01 59,904 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-02-27 11:01 2,286,592 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-02-27 10:11 58,880 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-02-27 10:11 2,290,176 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-02-25 11:32 49,152 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-02-25 11:32 2,259,968 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-02-25 10:52 2,255,872 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-02-25 10:39 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-02-24 23:21 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-02-24 23:21 2,255,872 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-02-24 23:02 2,255,872 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-02-24 23:00 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-02-24 22:49 3,342,336 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2008-02-24 22:46 108,544 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-02-21 17:54 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-02-21 17:54 2,219,008 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2008-02-20 01:24 17,920 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2008-02-20 01:22 2,212,352 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2008-02-20 00:45 2,214,400 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-02-20 00:43 69,120 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-02-18 15:59 2,201,600 ----a-w C:\WINDOWS\Internet Logs\xDB191.tmp
2008-02-18 15:59 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB192.tmp
2008-02-14 08:08 2,183,680 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-02-14 08:01 84,992 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2008-02-11 18:46 244,736 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-02-11 18:21 2,160,640 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-02-01 00:31 2,087,424 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-01-30 15:39 --------- d-----w C:\Program Files\Need2Find
2008-01-30 15:38 --------- d-----w C:\Program Files\Kazaa
2008-01-30 14:46 51,712 ----a-w C:\WINDOWS\Internet Logs\xDBCB.tmp
2008-01-30 14:46 2,064,384 ----a-w C:\WINDOWS\Internet Logs\xDBCA.tmp
2008-01-28 01:49 2,072,064 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-01-28 01:48 32,768 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-01-27 11:56 1,155,139 ----a-w C:\WINDOWS\Internet Logs\imsDebug.zip
2008-01-27 11:53 2,045,440 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-01-27 11:29 96,768 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-01-24 13:13 --------- d-----w C:\Program Files\Apple Software Update
2008-01-24 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-22 13:25 3,080,192 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-01-22 13:18 13,828,096 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-01-22 13:12 --------- d-----w C:\Documents and Settings\Richard Bourne\Application Data\DivX
2008-01-20 11:32 1,114,112 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-01-20 11:00 1,956,352 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-01-19 02:54 151,552 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-01-19 02:53 1,945,600 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-01-14 13:26 123,392 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-01-14 13:26 1,918,464 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-01-12 16:51 301,056 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-01-12 16:19 1,879,552 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-06 22:02 1,870,336 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-01-06 21:52 59,904 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-01-05 13:49 47,360 ----a-w C:\Documents and Settings\Richard Bourne\Application Data\pcouffin.sys
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-04 18:35 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-04 18:35 --------- d-----w C:\Documents and Settings\Richard Bourne\Application Data\Vso
2008-01-04 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
2008-01-04 16:57 32,768 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-01-04 16:57 1,736,704 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-01-03 19:35 376,320 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-01-03 19:18 1,740,800 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 11:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 18:10 2,850,816 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-12-11 18:10 1,708,544 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-12-09 12:05 286,720 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-12-09 12:05 1,685,504 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-12-08 10:51 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 00:44 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 00:44 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 00:44 1,499,136 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 00:44 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-14 21:15 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-14 21:15 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09b79e04-dd61-4cf0-8474-a3ec19603702}]
C:\WINDOWS\system32\cbdcmjyg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{125B69C8-3C0A-4CAE-AA33-22DB610C1350}]
C:\WINDOWS\system32\mljgh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23FBC518-315F-4D61-A35A-EAC250A0F835}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4099A50E-7187-482B-A534-0AF3571CB72E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{428AA68F-5A18-4723-A364-3789B5CCE3E8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50D53DFA-B8AB-4EEC-82D1-CA6D97A4F7DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E21A865-0D62-4464-B249-7D78D832E911}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6269D15B-F4A8-4574-9348-BC9AE5DB1AFA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2FE55E5-5F39-4636-9717-B620FBB3AA78}]
C:\WINDOWS\system32\pmkhe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-07-14 05:10 705808]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"BM1e3c22e6"="C:\WINDOWS\system32\pbaijiyh.dll" [ ]

C:\Documents and Settings\Richard Bourne\Start Menu\Programs\Startup\
Cleanup.lnk - C:\Program Files\Ontrack\Internet Cleanup\onictask.exe [2001-05-17 15:46:26 86016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccywu]
ddccywu.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kazaa\\kazaa.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 19:18:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 23:45:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\libeay32_0.9.6l.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2008-03-01 23:48:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-01 23:48:36
.
2008-02-29 18:12:20 --- E O F ---

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:26, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.uk.acer.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {20730691-ce3a-4748-0fc4-16dd40e97b90} - {09b79e04-dd61-4cf0-8474-a3ec19603702} - C:\WINDOWS\system32\cbdcmjyg.dll (file missing)
O2 - BHO: (no name) - {125B69C8-3C0A-4CAE-AA33-22DB610C1350} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {D2FE55E5-5F39-4636-9717-B620FBB3AA78} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM1e3c22e6] Rundll32.exe "C:\WINDOWS\system32\pbaijiyh.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddccywu - ddccywu.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 11260 bytes

Best wishes.

Richie

#4
sari

Posted 04 March 2008 - 03:28 PM

GeekU Admin

Community Leader
21,806 posts

richington,

To be on the safe side, let's install the recovery console first.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.

Posted Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

I have the rest of your fix done, so I can post it once I see this.

sari

#5
richington

Posted 04 March 2008 - 04:21 PM

New Member

Topic Starter
Member
4 posts

Hey Sari.

Thanks so much for getting back to me!

The log (kinda short) is as below:

WinXP_EN_HOM_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

I guess its saying that I have Windows XP media edition, but there didnt seem to be an option to download? Am I just being slow?

thanks.

richie

#6
sari

Posted 04 March 2008 - 04:30 PM

GeekU Admin

Community Leader
21,806 posts

Richington,

That's fine, I was just checking that you had the recovery console installed correctly now.

A. Please RUN HijackThis

Click the SCAN button to produce a log.
Place a check mark beside each one of the following items:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: {20730691-ce3a-4748-0fc4-16dd40e97b90} - {09b79e04-dd61-4cf0-8474-a3ec19603702} - C:\WINDOWS\system32\cbdcmjyg.dll (file missing)
O2 - BHO: (no name) - {125B69C8-3C0A-4CAE-AA33-22DB610C1350} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {D2FE55E5-5F39-4636-9717-B620FBB3AA78} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O4 - HKLM\..\Run: [BM1e3c22e6] Rundll32.exe "C:\WINDOWS\system32\pbaijiyh.dll",s
O20 - Winlogon Notify: ddccywu - ddccywu.dll (file missing)
Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

B. 1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\lynngwab.ini
C:\WINDOWS\BM1e3c22e6.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\opchwfvr.ini
C:\WINDOWS\system32\ohfnhlak.ini
C:\WINDOWS\system32\psqohqgl.ini
C:\WINDOWS\system32\kmulimie.ini
C:\WINDOWS\system32\huhxjdbl.ini

Folder::
C:\Program Files\Need2Find

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

#7
richington

Posted 05 March 2008 - 03:10 AM

New Member

Topic Starter
Member
4 posts

Here they are:

Combo fix.txt:

ComboFix 08-03-01 - Richard Bourne 2008-03-06 2:43:09.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.411 [GMT 0:00]
Running from: C:\Documents and Settings\Richard Bourne\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Richard Bourne\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.

2008-03-05 22:17 . 2004-08-10 20:00 388,608 --a------ C:\WINDOWS\system32\CF15.exe
2008-03-05 12:09 . 2008-03-05 12:09 <DIR> d--hs---- C:\FOUND.012
2008-02-27 15:14 . 2008-02-27 15:14 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-27 15:11 . 2008-02-27 15:11 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-27 11:58 . 2008-02-27 11:58 <DIR> d--hs---- C:\FOUND.011
2008-02-27 11:17 . 2008-02-27 11:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-27 10:49 . 2008-02-27 10:49 <DIR> d-------- C:\Program Files\BarSim
2008-02-27 10:42 . 2008-02-27 10:42 <DIR> d--hs---- C:\FOUND.010
2008-02-27 10:04 . 2008-02-27 10:04 <DIR> d-------- C:\VundoFix Backups
2008-02-26 20:36 . 2008-02-28 18:26 774 ---hs---- C:\WINDOWS\system32\lynngwab.ini
2008-02-26 20:31 . 2008-02-27 09:59 63,923 --a------ C:\WINDOWS\BM1e3c22e6.xml
2008-02-26 20:31 . 2008-02-27 10:44 22 --a------ C:\WINDOWS\pskt.ini
2008-02-25 11:37 . 2008-02-25 11:37 <DIR> d--hs---- C:\FOUND.009
2008-02-25 11:26 . 2008-02-25 11:26 1,254 ---hs---- C:\WINDOWS\system32\opchwfvr.ini
2008-02-25 10:55 . 2008-02-25 10:55 <DIR> d--hs---- C:\FOUND.008
2008-02-25 02:50 . 2008-02-25 02:50 <DIR> d--hs---- C:\FOUND.007
2008-02-24 23:05 . 2008-02-24 23:05 <DIR> d--hs---- C:\FOUND.006
2008-02-24 22:52 . 2008-02-24 22:52 <DIR> d--hs---- C:\FOUND.005
2008-02-24 22:36 . 2008-02-24 22:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-24 21:13 . 2008-02-25 11:16 1,194 ---hs---- C:\WINDOWS\system32\ohfnhlak.ini
2008-02-23 19:34 . 2008-03-05 12:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-23 19:34 . 2008-02-23 19:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-23 19:33 . 2008-02-23 19:33 <DIR> d-------- C:\Program Files\iTunes
2008-02-23 19:33 . 2008-02-23 19:33 <DIR> d-------- C:\Program Files\iPod
2008-02-23 19:24 . 2008-02-23 19:24 <DIR> d-------- C:\Program Files\QuickTime
2008-02-23 19:21 . 2008-02-23 19:21 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-23 09:36 . 2008-02-24 10:28 774 ---hs---- C:\WINDOWS\system32\psqohqgl.ini
2008-02-23 09:35 . 2008-02-23 09:35 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-23 09:35 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-22 23:59 . 2008-02-22 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-22 09:03 . 2008-02-23 01:57 654 ---hs---- C:\WINDOWS\system32\kmulimie.ini
2008-02-22 08:03 . 2008-02-22 08:03 <DIR> d-------- C:\Program Files\CONEXANT
2008-02-22 00:57 . 2008-02-22 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-02-21 08:59 . 2008-02-22 08:01 474 ---hs---- C:\WINDOWS\system32\huhxjdbl.ini
2008-02-20 01:35 . 2008-02-20 01:35 <DIR> d--hs---- C:\FOUND.004
2008-02-20 01:18 . 2008-02-20 01:18 <DIR> d--hs---- C:\FOUND.003
2008-02-19 17:37 . 2008-02-19 17:38 252 --a------ C:\WINDOWS\wininit.ini
2008-02-19 16:54 . 2008-02-19 16:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-19 09:26 . 2008-02-19 09:26 268 --ah----- C:\sqmdata05.sqm
2008-02-19 09:26 . 2008-02-19 09:26 244 --ah----- C:\sqmnoopt05.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 12:11 2,342,400 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-03-05 12:11 17,920 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2008-03-05 12:06 2,343,424 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-03-05 11:51 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-03-04 20:14 295,424 ----a-w C:\WINDOWS\Internet Logs\xDB8B.tmp
2008-03-04 20:14 2,360,320 ----a-w C:\WINDOWS\Internet Logs\xDB8A.tmp
2008-02-27 11:54 2,283,008 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-02-27 11:41 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-02-27 11:11 41,472 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2008-02-27 11:10 2,282,496 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-02-27 11:01 59,904 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-02-27 11:01 2,286,592 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-02-27 10:11 58,880 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-02-27 10:11 2,290,176 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-02-25 11:32 49,152 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-02-25 11:32 2,259,968 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-02-25 10:52 2,255,872 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-02-25 10:39 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-02-24 23:21 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-02-24 23:21 2,255,872 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-02-24 23:02 2,255,872 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2008-02-24 23:00 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-02-24 22:49 3,342,336 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2008-02-24 22:46 108,544 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-02-21 17:54 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2008-02-21 17:54 2,219,008 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2008-02-20 01:24 17,920 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2008-02-20 01:22 2,212,352 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2008-02-20 00:45 2,214,400 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-02-20 00:43 69,120 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2008-02-18 15:59 2,201,600 ----a-w C:\WINDOWS\Internet Logs\xDB191.tmp
2008-02-18 15:59 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB192.tmp
2008-02-14 08:08 2,183,680 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-02-14 08:01 84,992 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2008-02-11 18:46 244,736 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-02-11 18:21 2,160,640 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-02-04 10:41 --------- d-----w C:\Program Files\DC++
2008-02-01 00:31 2,087,424 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-01-30 15:39 --------- d-----w C:\Program Files\Need2Find
2008-01-30 15:38 --------- d-----w C:\Program Files\Kazaa
2008-01-30 14:46 51,712 ----a-w C:\WINDOWS\Internet Logs\xDBCB.tmp
2008-01-30 14:46 2,064,384 ----a-w C:\WINDOWS\Internet Logs\xDBCA.tmp
2008-01-28 01:49 2,072,064 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-01-28 01:48 32,768 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-01-27 11:56 1,155,139 ----a-w C:\WINDOWS\Internet Logs\imsDebug.zip
2008-01-27 11:53 2,045,440 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-01-27 11:29 96,768 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-01-24 13:13 --------- d-----w C:\Program Files\Apple Software Update
2008-01-24 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-22 13:25 3,080,192 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-01-22 13:18 13,828,096 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-01-22 13:12 --------- d-----w C:\Documents and Settings\Richard Bourne\Application Data\DivX
2008-01-20 11:32 1,114,112 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-01-20 11:00 1,956,352 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-01-19 02:54 151,552 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-01-19 02:53 1,945,600 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-01-14 13:26 123,392 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-01-14 13:26 1,918,464 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-01-12 16:51 301,056 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-01-12 16:19 1,879,552 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-06 22:02 1,870,336 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-01-06 21:52 59,904 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-01-05 13:49 47,360 ----a-w C:\Documents and Settings\Richard Bourne\Application Data\pcouffin.sys
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-04 16:57 32,768 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-01-04 16:57 1,736,704 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-01-03 19:35 376,320 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-01-03 19:18 1,740,800 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 11:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 18:10 2,850,816 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-12-11 18:10 1,708,544 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-12-09 12:05 286,720 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-12-09 12:05 1,685,504 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-12-08 10:51 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 00:44 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 00:44 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 00:44 1,499,136 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-14 21:15 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-14 21:15 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-07-14 05:10 705808]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

C:\Documents and Settings\Richard Bourne\Start Menu\Programs\Startup\
Cleanup.lnk - C:\Program Files\Ontrack\Internet Cleanup\onictask.exe [2001-05-17 15:46:26 86016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 19:18:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 02:46:43
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-06 2:49:59
ComboFix-quarantined-files.txt 2008-03-06 02:49:44
ComboFix2.txt 2008-03-01 23:48:56
.
2008-02-29 18:12:20 --- E O F ---

********************************************************************************
*********************************************

Hijackthislog

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:05:24, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.uk.acer.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09b79e04-dd61-4cf0-8474-a3ec19603702} - (no file)
O2 - BHO: (no name) - {125B69C8-3C0A-4CAE-AA33-22DB610C1350} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {D2FE55E5-5F39-4636-9717-B620FBB3AA78} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 10902 bytes