Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spy Away and Perfect Cleaner fake ads.

Started by ChrisCox86 , Mar 01 2008 05:15 PM

  • Please log in to reply

#1
ChrisCox86
Posted 01 March 2008 - 05:15 PM

ChrisCox86

    New Member

  • Member
  • Pip
  • 5 posts
I saw a thread on here that was posted a few days ago about someone who is having the same problem as I am. My background has turned blue and there is yellow text saying that I have spyware and should click on the link to get rid of it. I also get messages in my desktop tray at random that look like windows alerts, but they take me to the same site as the link on the desktop. It makes fake windows security windows that contain the same link yet again.

So I was wondering if anyone could help me. I ran that DSS program that you have available on here and it says I should post a log for someone to look at so here ya go.


Deckard's System Scanner v20071014.68
Run by Jamie on 2008-03-01 17:58:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
42: 2008-03-01 22:58:41 UTC - RP42 - Deckard's System Scanner Restore Point
41: 2008-03-01 21:45:53 UTC - RP41 - Installed Ad-Aware 2007
40: 2008-02-29 21:22:25 UTC - RP40 - System Checkpoint
39: 2008-02-28 12:02:09 UTC - RP39 - System Checkpoint
38: 2008-02-27 04:34:29 UTC - RP38 - System Checkpoint


-- First Restore Point --
1: 2008-01-30 01:58:09 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-01 17:59:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jamie\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbsnews.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b652a4c2-1dd1-11b2-8632-cbb17eccefd0} - C:\WINDOWS\wzyfqpcd.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [sjspmnyv] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\sjspmnyv.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\Program Files\webHancer\Programs\webhdll.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: https://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: https://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: https://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: https://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201659533162
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


--
End of file - 10126 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-01 17:14:25 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-02-01 and 2008-03-01 -----------------------------

2008-03-01 17:59:51 8704 --a------ C:\WINDOWS\xadbrk.dll
2008-03-01 17:59:51 9984 --a------ C:\WINDOWS\liqui.dll
2008-03-01 17:59:51 32512 --a------ C:\WINDOWS\kkcomp.dll
2008-03-01 17:59:50 23296 --a------ C:\WINDOWS\pbsysie.dll
2008-03-01 17:59:50 17920 --a------ C:\WINDOWS\liqad.dll
2008-03-01 17:59:50 29440 --a------ C:\WINDOWS\kvnab.exe
2008-03-01 17:59:50 15360 --a------ C:\WINDOWS\kvnab.dll
2008-03-01 17:59:50 15616 --a------ C:\WINDOWS\kvnab$.exe
2008-03-01 17:59:49 11520 --a------ C:\WINDOWS\wbeCheck.exe
2008-03-01 17:59:49 0 d-------- C:\Program Files\Accoona
2008-03-01 17:59:49 0 d-------- C:\Program Files\3721
2008-03-01 17:49:32 0 d-------- C:\Documents and Settings\Jamie\Application Data\Mozilla
2008-03-01 17:25:31 12544 --a------ C:\WINDOWS\vxddsk.exe
2008-03-01 17:25:31 15872 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-03-01 17:03:59 21248 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2008-03-01 17:03:59 28160 --a------ C:\WINDOWS\liqui.exe
2008-03-01 17:03:59 24320 --a------ C:\WINDOWS\fhfmm.exe
2008-03-01 17:03:58 9984 --a------ C:\WINDOWS\xadbrk_.exe
2008-03-01 17:03:58 9472 --a------ C:\WINDOWS\xadbrk.exe
2008-03-01 17:03:58 9472 --a------ C:\WINDOWS\liqad.exe
2008-03-01 17:03:58 12800 --a------ C:\WINDOWS\liqad$.exe
2008-03-01 17:03:58 10240 --a------ C:\WINDOWS\kkcomp.exe
2008-03-01 17:03:58 15872 --a------ C:\WINDOWS\kkcomp$.exe
2008-03-01 17:03:58 21248 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2008-03-01 17:03:57 26368 --a------ C:\WINDOWS\hcwprn.exe
2008-03-01 17:03:57 22784 --a------ C:\WINDOWS\cbinst$.exe
2008-03-01 17:03:56 14336 --a------ C:\WINDOWS\wbeInst$.exe
2008-03-01 17:03:54 22272 --a------ C:\WINDOWS\ie_32.exe
2008-03-01 17:03:54 12032 --a------ C:\WINDOWS\aconti.exe
2008-03-01 17:03:54 0 d-------- C:\Program Files\amsys
2008-03-01 17:03:53 26112 --a------ C:\WINDOWS\xxxvideo.exe
2008-03-01 17:03:53 13312 --a------ C:\WINDOWS\hotporn.exe
2008-03-01 17:03:51 13312 --a------ C:\WINDOWS\wml.exe
2008-03-01 17:03:51 22016 --a------ C:\WINDOWS\764.exe
2008-03-01 17:03:51 0 d-------- C:\Program Files\akl
2008-03-01 16:59:53 0 d-------- C:\Program Files\e-zshopper
2008-03-01 16:45:56 0 d-------- C:\Program Files\Lavasoft
2008-03-01 16:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 16:45:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 13:42:33 18432 --a------ C:\WINDOWS\system32\msole32.exe
2008-03-01 13:42:33 23808 --a------ C:\WINDOWS\eventlowg.dll
2008-03-01 13:42:33 18944 --a------ C:\WINDOWS\daxtime.dll
2008-03-01 13:42:28 20992 --a------ C:\WINDOWS\settn.dll
2008-03-01 13:42:26 30976 --a------ C:\WINDOWS\iexplorr23.dll
2008-03-01 13:42:25 32256 --a------ C:\WINDOWS\jd2002.dll
2008-03-01 13:42:25 24576 --a------ C:\WINDOWS\adbar.dll
2008-03-01 13:42:24 30976 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2008-03-01 13:42:24 23552 --a------ C:\WINDOWS\spredirect.dll
2008-03-01 13:42:18 0 d-------- C:\WINDOWS\system32\acespy
2008-03-01 13:42:18 30976 --a------ C:\WINDOWS\system32\ace16win.dll
2008-03-01 13:42:17 30976 --a------ C:\WINDOWS\ngd.dll
2008-03-01 13:42:16 8960 --a------ C:\WINDOWS\dp0.dll
2008-03-01 13:42:15 0 d-------- C:\Program Files\p2pnetworks
2008-03-01 13:42:12 8448 --a------ C:\WINDOWS\system32\wml.exe
2008-03-01 13:42:11 13312 --a------ C:\WINDOWS\pbar.dll
2008-03-01 13:42:11 9728 --a------ C:\WINDOWS\flt.dll
2008-03-01 13:42:11 30208 --a------ C:\WINDOWS\7search.dll
2008-03-01 13:27:14 0 d-------- C:\Program Files\webHancer
2008-03-01 13:27:06 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-01 13:27:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-01 13:27:02 89099 --a------ C:\WINDOWS\system32\mgmrwmrv.exe <Not Verified; Microsoft; runbll>
2008-03-01 13:27:01 86528 --a------ C:\WINDOWS\wzyfqpcd.dll
2008-03-01 13:27:01 0 d-------- C:\Program Files\Batco
2008-03-01 13:27:01 86528 --a------ C:\Documents and Settings\All Users\Application Data\sjspmnyv.dll
2008-03-01 13:26:28 0 d-------- C:\Program Files\QdrDrive
2008-03-01 13:26:11 385024 --a------ C:\WINDOWS\system32\WinNB57.dll <Not Verified; ; MBar IES AFF ATD>
2008-03-01 13:26:11 90112 --a------ C:\WINDOWS\system32\service.exe <Not Verified; M i r a r; M i r a r ErrorDnsTest>
2008-03-01 10:56:22 278793 --a------ C:\WINDOWS\system32\000070.exe
2008-02-23 20:47:35 0 d-------- C:\WINDOWS\Sun
2008-02-18 11:32:39 0 d-------- C:\WINDOWS\47D5D869FE574F2FA35883CFAA7B4968.TMP
2008-02-17 22:59:45 0 d-------- C:\Documents and Settings\Jamie\Application Data\MSNInstaller
2008-02-15 13:07:38 0 d-------- C:\HyperCD
2008-02-04 22:21:32 0 d-------- C:\Documents and Settings\Jamie\Application Data\Viewpoint
2008-02-04 21:57:28 0 d-------- C:\Documents and Settings\Jamie\Application Data\acccore
2008-02-04 21:56:39 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-04 21:56:14 0 d-------- C:\Program Files\AIM6
2008-02-03 23:02:43 0 d-------- C:\Documents and Settings\Jamie\Application Data\Corel Photo Album
2008-02-02 13:03:34 0 d-------- C:\Documents and Settings\Jamie\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-03-01 17:13:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-01 16:58:21 0 d-------- C:\Program Files\RGB
2008-03-01 16:45:21 0 d-------- C:\Program Files\Common Files
2008-02-16 13:09:14 6580 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-16 13:09:13 88 -r-hs---- C:\WINDOWS\system32\E2681A3CD6.sys
2008-02-05 13:06:57 0 d-------- C:\Program Files\Common Files\AOL
2008-02-04 21:56:51 0 d-------- C:\Program Files\Viewpoint
2008-01-31 13:43:20 0 d-------- C:\Documents and Settings\Jamie\Application Data\AdobeUM
2008-01-31 13:43:12 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-31 13:43:12 0 d-------- C:\Documents and Settings\Jamie\Application Data\Adobe
2008-01-31 11:10:09 56 -r-hs---- C:\WINDOWS\system32\D63C1A68E2.sys
2008-01-30 04:41:46 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-29 22:38:43 0 d-------- C:\Program Files\DIGStream
2008-01-29 22:23:10 0 d-------- C:\Program Files\Norton AntiVirus
2008-01-29 22:08:27 0 d-------- C:\Program Files\MSXML 4.0
2008-01-29 21:14:35 32 --ahs---- C:\WINDOWS\system32\{67446532-51E5-4624-96E9-F86ED86446B6}.dat
2008-01-29 21:14:35 32 --ahs---- C:\WINDOWS\{266B1F73-8840-4A0E-ADE3-8A3A1F19F35D}.dat
2008-01-29 21:14:07 14 --a------ C:\WINDOWS\system32\SR2.dat
2008-01-29 21:13:41 0 d-------- C:\Program Files\Symantec
2008-01-29 21:13:21 0 d-------- C:\Documents and Settings\Jamie\Application Data\Symantec
2008-01-29 21:01:35 0 d--h----- C:\Documents and Settings\Jamie\Application Data\Gtek


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b652a4c2-1dd1-11b2-8632-cbb17eccefd0}]
03/01/2008 01:27 PM 86528 --a------ C:\WINDOWS\wzyfqpcd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 08:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 08:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 08:50 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/29/2005 04:56 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 02:59 PM]
"SigmatelSysTrayApp"="stsystra.exe" [09/09/2005 11:19 PM C:\WINDOWS\stsystra.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/19/2002 10:22 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [08/19/2002 10:23 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/19/2006 11:25 AM]
"MDNS"="C:\WINDOWS\system32\service.exe" [03/01/2008 01:26 PM]
"sjspmnyv"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\sjspmnyv.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 04:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-03-01 18:01:11 ------------

Attached Files


  • 0

Advertisements

#2
kahdah
Posted 01 March 2008 - 08:00 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello ChrisCox86

Welcome to G2Go. :)
=====================
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
ChrisCox86
Posted 04 March 2008 - 10:22 AM

ChrisCox86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here's the HijackThis first:

Deckard's System Scanner v20071014.68
Run by Jamie on 2008-03-04 11:20:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jamie.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:38 AM, on 3/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jamie\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jamie.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbsnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201659533162
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8857 bytes

-- Files created between 2008-02-04 and 2008-03-04 -----------------------------

2008-03-04 11:21:09 0 d-------- C:\Program Files\Trend Micro
2008-03-04 11:17:14 31232 --a------ C:\WINDOWS\eventlowg.dll
2008-03-04 11:17:13 32768 --a------ C:\WINDOWS\daxtime.dll
2008-03-04 11:17:12 26112 --a------ C:\WINDOWS\system32\msole32.exe
2008-03-04 11:17:11 21504 --a------ C:\WINDOWS\liqui.exe
2008-03-04 11:17:11 13824 --a------ C:\WINDOWS\liqui.dll
2008-03-04 11:17:10 14848 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2008-03-04 11:17:10 31232 --a------ C:\WINDOWS\fhfmm.exe
2008-03-04 11:17:09 18176 --a------ C:\WINDOWS\xadbrk_.exe
2008-03-04 11:17:09 10496 --a------ C:\WINDOWS\xadbrk.exe
2008-03-04 11:17:09 9472 --a------ C:\WINDOWS\xadbrk.dll
2008-03-04 11:17:09 17152 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2008-03-04 11:17:08 32000 --a------ C:\WINDOWS\liqad.dll
2008-03-04 11:17:08 14336 --a------ C:\WINDOWS\kkcomp.exe
2008-03-04 11:17:08 15872 --a------ C:\WINDOWS\kkcomp.dll
2008-03-04 11:17:08 11520 --a------ C:\WINDOWS\kkcomp$.exe
2008-03-04 11:17:07 30208 --a------ C:\WINDOWS\liqad.exe
2008-03-04 11:17:06 32512 --a------ C:\WINDOWS\liqad$.exe
2008-03-04 11:17:05 16384 --a------ C:\WINDOWS\kvnab.exe
2008-03-04 11:17:05 15616 --a------ C:\WINDOWS\kvnab.dll
2008-03-04 11:17:04 29952 --a------ C:\WINDOWS\kvnab$.exe
2008-03-04 11:17:03 29184 --a------ C:\WINDOWS\settn.dll
2008-03-04 11:17:03 30208 --a------ C:\WINDOWS\hcwprn.exe
2008-03-04 11:17:02 11008 --a------ C:\WINDOWS\cbinst$.exe
2008-03-04 11:17:01 24064 --a------ C:\WINDOWS\wbeInst$.exe
2008-03-04 11:17:01 10752 --a------ C:\WINDOWS\wbeCheck.exe
2008-03-04 11:17:01 19456 --a------ C:\WINDOWS\pbsysie.dll
2008-03-04 11:17:01 27136 --a------ C:\WINDOWS\iexplorr23.dll
2008-03-04 11:17:00 32256 --a------ C:\WINDOWS\jd2002.dll
2008-03-04 11:17:00 14080 --a------ C:\WINDOWS\adbar.dll
2008-03-04 11:16:59 19712 --a------ C:\WINDOWS\spredirect.dll
2008-03-04 11:16:58 14336 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2008-03-04 11:16:58 0 d-------- C:\Program Files\e-zshopper
2008-03-04 11:16:54 0 d-------- C:\Program Files\amsys
2008-03-04 11:16:51 18432 --a------ C:\WINDOWS\ie_32.exe
2008-03-04 11:16:51 11776 --a------ C:\WINDOWS\aconti.exe
2008-03-04 11:16:50 0 d-------- C:\WINDOWS\system32\acespy
2008-03-04 11:16:50 16640 --a------ C:\WINDOWS\system32\ace16win.dll
2008-03-04 11:16:49 11520 --a------ C:\WINDOWS\xxxvideo.exe
2008-03-04 11:16:49 19200 --a------ C:\WINDOWS\ngd.dll
2008-03-04 11:16:49 31232 --a------ C:\WINDOWS\hotporn.exe
2008-03-04 11:16:49 0 d-------- C:\Program Files\Accoona
2008-03-04 11:16:47 12544 --a------ C:\WINDOWS\dp0.dll
2008-03-04 11:16:46 0 d-------- C:\Program Files\p2pnetworks
2008-03-04 11:16:42 30208 --a------ C:\WINDOWS\vxddsk.exe
2008-03-04 11:16:42 0 d-------- C:\Program Files\akl
2008-03-04 11:16:41 10752 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-03-04 11:16:40 29440 --a------ C:\WINDOWS\system32\wml.exe
2008-03-04 11:16:39 26112 --a------ C:\WINDOWS\wml.exe
2008-03-04 11:16:39 30464 --a------ C:\WINDOWS\7search.dll
2008-03-04 11:16:38 17152 --a------ C:\WINDOWS\flt.dll
2008-03-04 11:16:37 20736 --a------ C:\WINDOWS\pbar.dll
2008-03-04 11:16:37 17664 --a------ C:\WINDOWS\764.exe
2008-03-04 11:16:34 0 d-------- C:\Program Files\3721
2008-03-04 11:12:37 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-04 11:12:37 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-04 11:12:36 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-04 11:12:36 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-03 18:59:38 0 d-------- C:\Program Files\SpyAway
2008-03-01 18:44:34 0 d--h----- C:\WINDOWS\PIF
2008-03-01 18:15:18 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-01 17:49:32 0 d-------- C:\Documents and Settings\Jamie\Application Data\Mozilla
2008-03-01 16:45:56 0 d-------- C:\Program Files\Lavasoft
2008-03-01 16:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 16:45:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 13:27:06 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-01 13:27:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-01 13:27:02 89099 --a------ C:\WINDOWS\system32\mgmrwmrv.exe <Not Verified; Microsoft; runbll>
2008-03-01 13:27:01 0 d-------- C:\Program Files\Batco
2008-03-01 13:26:11 385024 --a------ C:\WINDOWS\system32\WinNB57.dll <Not Verified; ; MBar IES AFF ATD>
2008-02-23 20:47:35 0 d-------- C:\WINDOWS\Sun
2008-02-18 11:32:39 0 d-------- C:\WINDOWS\47D5D869FE574F2FA35883CFAA7B4968.TMP
2008-02-17 22:59:45 0 d-------- C:\Documents and Settings\Jamie\Application Data\MSNInstaller
2008-02-15 13:07:38 0 d-------- C:\HyperCD
2008-02-04 22:21:32 0 d-------- C:\Documents and Settings\Jamie\Application Data\Viewpoint
2008-02-04 21:57:28 0 d-------- C:\Documents and Settings\Jamie\Application Data\acccore
2008-02-04 21:56:39 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-04 21:56:14 0 d-------- C:\Program Files\AIM6


-- Find3M Report ---------------------------------------------------------------

2008-03-04 11:20:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-01 16:58:21 0 d-------- C:\Program Files\RGB
2008-03-01 16:45:21 0 d-------- C:\Program Files\Common Files
2008-02-16 13:09:14 6580 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-16 13:09:13 88 -r-hs---- C:\WINDOWS\system32\E2681A3CD6.sys
2008-02-05 13:06:57 0 d-------- C:\Program Files\Common Files\AOL
2008-02-04 21:56:51 0 d-------- C:\Program Files\Viewpoint
2008-02-03 23:02:43 0 d-------- C:\Documents and Settings\Jamie\Application Data\Corel Photo Album
2008-02-02 13:03:34 0 d-------- C:\Documents and Settings\Jamie\Application Data\Macromedia
2008-01-31 13:43:20 0 d-------- C:\Documents and Settings\Jamie\Application Data\AdobeUM
2008-01-31 13:43:12 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-31 13:43:12 0 d-------- C:\Documents and Settings\Jamie\Application Data\Adobe
2008-01-31 11:10:09 56 -r-hs---- C:\WINDOWS\system32\D63C1A68E2.sys
2008-01-30 04:41:46 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-29 22:38:43 0 d-------- C:\Program Files\DIGStream
2008-01-29 22:23:10 0 d-------- C:\Program Files\Norton AntiVirus
2008-01-29 22:08:27 0 d-------- C:\Program Files\MSXML 4.0
2008-01-29 21:14:35 32 --ahs---- C:\WINDOWS\system32\{67446532-51E5-4624-96E9-F86ED86446B6}.dat
2008-01-29 21:14:35 32 --ahs---- C:\WINDOWS\{266B1F73-8840-4A0E-ADE3-8A3A1F19F35D}.dat
2008-01-29 21:14:07 14 --a------ C:\WINDOWS\system32\SR2.dat
2008-01-29 21:13:41 0 d-------- C:\Program Files\Symantec
2008-01-29 21:13:21 0 d-------- C:\Documents and Settings\Jamie\Application Data\Symantec
2008-01-29 21:01:35 0 d--h----- C:\Documents and Settings\Jamie\Application Data\Gtek


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 08:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 08:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 08:50 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/29/2005 04:56 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 02:59 PM]
"SigmatelSysTrayApp"="stsystra.exe" [09/09/2005 11:19 PM C:\WINDOWS\stsystra.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/19/2002 10:22 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [08/19/2002 10:23 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/19/2006 11:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 04:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-03-04 11:22:44 ------------
  • 0

#4
ChrisCox86
Posted 04 March 2008 - 10:25 AM

ChrisCox86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Now the ComboFix report:

ComboFix 08-03-04.2 - Jamie 2008-03-04 11:13:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.584 [GMT -5:00]
Running from: C:\Documents and Settings\Jamie\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\sjspmnyv.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\QdrDrive
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\webhdll.dll
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\000070.exe
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\wzyfqpcd.dll
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-03 18:59 . 2008-03-03 19:03 <DIR> d-------- C:\Program Files\SpyAway
2008-03-03 12:17 . 2004-08-10 05:00 388,608 --a------ C:\CF32361.exe
2008-03-01 18:44 . 2008-03-01 18:44 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-01 18:44 . 2008-03-01 18:44 2,855 --a------ C:\WINDOWS\Shortcut to wbeInst$.exe.pif
2008-03-01 18:15 . 2008-03-03 19:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-01 16:45 . 2008-03-01 16:45 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-01 16:45 . 2008-03-01 16:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 16:45 . 2008-03-01 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 13:27 . 2008-03-01 17:03 <DIR> d-------- C:\Program Files\Batco
2008-03-01 13:27 . 2008-03-01 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-01 13:27 . 2008-03-01 13:27 89,099 --a------ C:\WINDOWS\system32\mgmrwmrv.exe
2008-03-01 13:27 . 2008-03-01 13:27 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-01 13:26 . 2008-01-25 20:01 385,024 --a------ C:\WINDOWS\system32\WinNB57.dll
2008-03-01 08:24 . 2008-03-01 08:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-01 08:24 . 2008-03-01 08:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-23 20:47 . 2008-02-23 20:47 <DIR> d-------- C:\WINDOWS\Sun
2008-02-18 11:32 . 2008-02-18 11:32 <DIR> d-------- C:\WINDOWS\47D5D869FE574F2FA35883CFAA7B4968.TMP
2008-02-17 22:59 . 2008-02-17 22:59 <DIR> d-------- C:\Documents and Settings\Jamie\Application Data\MSNInstaller
2008-02-15 13:07 . 2008-02-15 13:07 <DIR> d-------- C:\HyperCD
2008-02-05 13:06 . 2008-02-05 13:06 2 --a------ C:\WINDOWS\msoffice.ini
2008-02-04 22:21 . 2008-02-04 22:21 <DIR> d-------- C:\Documents and Settings\Jamie\Application Data\Viewpoint
2008-02-04 21:57 . 2008-02-04 21:57 <DIR> d-------- C:\Documents and Settings\Jamie\Application Data\acccore
2008-02-04 21:56 . 2008-02-04 21:57 <DIR> d-------- C:\Program Files\AIM6
2008-02-04 21:56 . 2008-02-04 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 15:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-01 21:58 --------- d-----w C:\Program Files\RGB
2008-02-16 18:09 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-05 18:06 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-05 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-05 02:56 --------- d-----w C:\Program Files\Viewpoint
2008-02-05 02:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-04 04:02 --------- d-----w C:\Documents and Settings\Jamie\Application Data\Corel Photo Album
2008-01-31 18:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-31 18:43 --------- d-----w C:\Documents and Settings\Jamie\Application Data\AdobeUM
2008-01-30 09:41 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-30 03:38 --------- d-----w C:\Program Files\DIGStream
2008-01-30 03:23 --------- d-----w C:\Program Files\Norton AntiVirus
2008-01-30 03:08 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-30 02:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-30 02:13 --------- d-----w C:\Program Files\Symantec
2008-01-30 02:13 --------- d-----w C:\Documents and Settings\Jamie\Application Data\Symantec
2008-01-30 02:01 --------- d--h--w C:\Documents and Settings\Jamie\Application Data\Gtek
2008-01-30 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-01-30 02:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Gtek
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 04:56 761947]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 23:19 393216 C:\WINDOWS\stsystra.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 22:22 50880]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 22:23 34504]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-19 11:25 98304]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 10:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 10:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-09-08 19:20 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-09-08 19:20 110592 C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-04-19 11:25 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-04-19 11:25 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 17:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-04 15:11:13 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 11:16:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-04 11:16:49
ComboFix-quarantined-files.txt 2008-03-04 16:16:29
.
2008-02-13 17:16:32 --- E O F ---
  • 0

#5
kahdah
Posted 04 March 2008 - 07:46 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\CF32361.exe
C:\WINDOWS\Shortcut to wbeInst$.exe.pif
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\WinNB57.dll
C:\WINDOWS\47D5D869FE574F2FA35883CFAA7B4968.TMP
Folder::
C:\Program Files\SpyAway
C:\Program Files\Batco
C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\Jamie\Application Data\Viewpoint
C:\Program Files\Viewpoint
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
Driver::
Viewpoint Manager Service


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#6
ChrisCox86
Posted 05 March 2008 - 09:09 AM

ChrisCox86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
First is the ComboFix log.

ComboFix 08-03-04.2 - Jamie 2008-03-05 10:01:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510 [GMT -5:00]
Running from: C:\Documents and Settings\Jamie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jamie\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\CF32361.exe
C:\WINDOWS\47D5D869FE574F2FA35883CFAA7B4968.TMP
C:\WINDOWS\Shortcut to wbeInst$.exe.pif
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\WinNB57.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CF32361.exe
C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\Jamie\Application Data\Viewpoint
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1650514018.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-532422749.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-63503002.swf
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\170555914.swf
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\1806836137.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\1857989002.swf
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\617277824.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\902493430.mtz
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1128607594.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1327187542.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-2073281855.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-283959102.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1060114281.mtz
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1505643891.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\914847292.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1849393718.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-2014189944.swf
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-2068688266.mtz
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-2114108058.swf
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-300094071.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-517971225.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\1389759543.mzv
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\1802913530.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\2029675698.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\460113803.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\465838257.mzv
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1560069467.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\1551940033.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\306357989.swf
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\455471290.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\902493437.mts
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\Jamie\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Batco
C:\Program Files\Batco\bat.dll
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\SpyAway
C:\Program Files\SpyAway\stat.bin
C:\Program Files\SpyAway\uninstall.exe
C:\Program Files\SpyAway\uninstall.log
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\Shortcut to wbeInst$.exe.pif
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\WinNB57.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_VIEWPOINT_MANAGER_SERVICE
-------\Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-03-04 11:21 . 2008-03-04 11:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-01 18:44 . 2008-03-01 18:44 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-01 18:15 . 2008-03-03 19:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-01 16:45 . 2008-03-01 16:45 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-01 16:45 . 2008-03-01 16:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 16:45 . 2008-03-01 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 08:24 . 2008-03-01 08:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-01 08:24 . 2008-03-01 08:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-23 20:47 . 2008-02-23 20:47 <DIR> d-------- C:\WINDOWS\Sun
2008-02-18 11:32 . 2008-02-18 11:32 <DIR> d-------- C:\WINDOWS\47D5D869FE574F2FA35883CFAA7B4968.TMP
2008-02-17 22:59 . 2008-02-17 22:59 <DIR> d-------- C:\Documents and Settings\Jamie\Application Data\MSNInstaller
2008-02-15 13:07 . 2008-02-15 13:07 <DIR> d-------- C:\HyperCD
2008-02-05 13:06 . 2008-02-05 13:06 2 --a------ C:\WINDOWS\msoffice.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 15:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-01 21:58 --------- d-----w C:\Program Files\RGB
2008-02-16 18:09 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-05 18:06 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-05 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-05 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-05 02:57 --------- d-----w C:\Program Files\AIM6
2008-02-05 02:57 --------- d-----w C:\Documents and Settings\Jamie\Application Data\acccore
2008-02-05 02:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-04 04:02 --------- d-----w C:\Documents and Settings\Jamie\Application Data\Corel Photo Album
2008-01-31 18:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-31 18:43 --------- d-----w C:\Documents and Settings\Jamie\Application Data\AdobeUM
2008-01-30 09:41 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-30 03:38 --------- d-----w C:\Program Files\DIGStream
2008-01-30 03:23 --------- d-----w C:\Program Files\Norton AntiVirus
2008-01-30 03:08 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-30 02:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-30 02:13 --------- d-----w C:\Program Files\Symantec
2008-01-30 02:13 --------- d-----w C:\Documents and Settings\Jamie\Application Data\Symantec
2008-01-30 02:01 --------- d--h--w C:\Documents and Settings\Jamie\Application Data\Gtek
2008-01-30 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-01-30 02:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Gtek
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 04:56 761947]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 23:19 393216 C:\WINDOWS\stsystra.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 22:22 50880]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 22:23 34504]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-19 11:25 98304]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 03:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 10:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 10:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-09-08 19:20 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-09-08 19:20 110592 C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-04-19 11:25 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-04-19 11:25 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 17:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-05 15:06:41 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 10:05:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-03-05 10:08:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-05 15:08:21
ComboFix2.txt 2008-03-04 16:16:51
.
2008-02-13 17:16:32 --- E O F ---
  • 0

#7
ChrisCox86
Posted 05 March 2008 - 09:10 AM

ChrisCox86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
And now the HijackThis report:



Deckard's System Scanner v20071014.68
Run by Jamie on 2008-03-05 10:08:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jamie.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:01 AM, on 3/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jamie\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jamie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbsnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201659533162
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6877 bytes

-- Files created between 2008-02-05 and 2008-03-05 -----------------------------

2008-03-04 11:21:09 0 d-------- C:\Program Files\Trend Micro
2008-03-04 11:12:37 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-04 11:12:37 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-04 11:12:36 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-04 11:12:36 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-01 18:44:34 0 d--h----- C:\WINDOWS\PIF
2008-03-01 18:15:18 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-01 17:49:32 0 d-------- C:\Documents and Settings\Jamie\Application Data\Mozilla
2008-03-01 16:45:56 0 d-------- C:\Program Files\Lavasoft
2008-03-01 16:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 16:45:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-23 20:47:35 0 d-------- C:\WINDOWS\Sun
2008-02-18 11:32:39 0 d-------- C:\WINDOWS\47D5D869FE574F2FA35883CFAA7B4968.TMP
2008-02-17 22:59:45 0 d-------- C:\Documents and Settings\Jamie\Application Data\MSNInstaller
2008-02-15 13:07:38 0 d-------- C:\HyperCD


-- Find3M Report ---------------------------------------------------------------

2008-03-05 10:05:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-01 16:58:21 0 d-------- C:\Program Files\RGB
2008-03-01 16:45:21 0 d-------- C:\Program Files\Common Files
2008-02-16 13:09:14 6580 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-16 13:09:13 88 -r-hs---- C:\WINDOWS\system32\E2681A3CD6.sys
2008-02-05 13:06:57 0 d-------- C:\Program Files\Common Files\AOL
2008-02-04 21:57:30 0 d-------- C:\Documents and Settings\Jamie\Application Data\acccore
2008-02-04 21:57:04 0 d-------- C:\Program Files\AIM6
2008-02-03 23:02:43 0 d-------- C:\Documents and Settings\Jamie\Application Data\Corel Photo Album
2008-02-02 13:03:34 0 d-------- C:\Documents and Settings\Jamie\Application Data\Macromedia
2008-01-31 13:43:20 0 d-------- C:\Documents and Settings\Jamie\Application Data\AdobeUM
2008-01-31 13:43:12 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-31 13:43:12 0 d-------- C:\Documents and Settings\Jamie\Application Data\Adobe
2008-01-31 11:10:09 56 -r-hs---- C:\WINDOWS\system32\D63C1A68E2.sys
2008-01-30 04:41:46 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-29 22:38:43 0 d-------- C:\Program Files\DIGStream
2008-01-29 22:23:10 0 d-------- C:\Program Files\Norton AntiVirus
2008-01-29 22:08:27 0 d-------- C:\Program Files\MSXML 4.0
2008-01-29 21:14:35 32 --ahs---- C:\WINDOWS\system32\{67446532-51E5-4624-96E9-F86ED86446B6}.dat
2008-01-29 21:14:35 32 --ahs---- C:\WINDOWS\{266B1F73-8840-4A0E-ADE3-8A3A1F19F35D}.dat
2008-01-29 21:14:07 14 --a------ C:\WINDOWS\system32\SR2.dat
2008-01-29 21:13:41 0 d-------- C:\Program Files\Symantec
2008-01-29 21:13:21 0 d-------- C:\Documents and Settings\Jamie\Application Data\Symantec
2008-01-29 21:01:35 0 d--h----- C:\Documents and Settings\Jamie\Application Data\Gtek


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 08:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 08:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 08:50 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/29/2005 04:56 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 02:59 PM]
"SigmatelSysTrayApp"="stsystra.exe" [09/09/2005 11:19 PM C:\WINDOWS\stsystra.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 05:20 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/19/2002 10:22 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [08/19/2002 10:23 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/19/2006 11:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 04:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-03-05 10:09:22 ------------
  • 0

#8
kahdah
Posted 05 March 2008 - 06:28 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\{67446532-51E5-4624-96E9-F86ED86446B6}.dat
C:\WINDOWS\{266B1F73-8840-4A0E-ADE3-8A3A1F19F35D}.dat
C:\WINDOWS\47D5D869FE574F2FA35883CFAA7B4968.TMP
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
========================
Then:
Please download SUPERAntiSpyware Home Edition (free version).
–Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Scan for Alternate Data streams
  • Terminate memory threats before quarantining.
  • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.
Then run Superantispyware.
  • Double click on the icon to start Superantispyware.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
1. To retrieve the removal information for me please do the following:
2. After reboot, double-click the SUPERAntispyware icon on your desktop.
3. Click Preferences. Click the Statistics/Logs tab.
4. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
5. It will open in your default text editor (such as Notepad/Wordpad).
6. Please highlight everything in the notepad, then right-click and choose copy.
7. Click close and close again to exit the program.
Save the log information. If needed (still infected) paste this info along with your HijackThis log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP