Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ad.yieldmanager malware [RESOLVED]

Started by Mardukas , Mar 18 2008 08:49 PM

  • This topic is locked This topic is locked

#1
Mardukas
Posted 18 March 2008 - 08:49 PM

Mardukas

    New Member

  • Member
  • Pip
  • 5 posts
hey there,for the last week or so ive had really laggy image and website loads..and everytime it lags i get the egg timer mouse and text saying its loading things from sites such as m.md.uk.net, ad.yieldmanager and several others. Apart from severally cripply my firefox this malware also replaces images with ones that say "your computer is infected" and replaces banners along the same principle but when the banners are replaced it plays a looped 'dong' sound for an infinite timescale. This is causing me extreme frustration and nod32 eset,ad aware,avast! spyware doctor and spyware blaster have all failed to kill whatever it is that caused the infection..spyware doctor has claimed to have deleted the files but they always seem to return and lag me to annoyance. The initial problem arose when i think i was bugged with 'Trustedantivirus' and a program which claimed to remove it furthered the infection. Though i thought trusted anti virus was dead,in looking at my startup console earlier i realised it had 2 programs booting on startup,but cancelling the porgress hasnt fixed things. Heres my hijack this! readouts

thanks for any help ye can give me

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:39:37, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\will\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.aber.ac.uk:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1116CBC3-5726-5EFB-0A1B-2B00BCB788C7} - (no file)
O2 - BHO: (no name) - {124699C7-5576-0EFA-511B-2B00BCB78BC4} - (no file)
O2 - BHO: 0 - {44DF77FC-4C5C-4F58-FEA7-4D752E6A9705} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\TrustedAntivirus\bm.exe" dm=http://trustedantivirus.com ad=http://trustedantivirus.com sd=http://ykeeper.trustedantivirus.com
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ptask] C:\Program Files\TrustedAntivirus\ptask.exe
O4 - HKLM\..\Run: [TrustedAntivirus] C:\Program Files\TrustedAntivirus\pgs.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [{FA-A7-75-55-DW}] C:\WINDOWS\system32\b4\sysdr659.exe DWram
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BM479c9466] Rundll32.exe "C:\WINDOWS\system32\onwsqnky.dll",s
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\b4\sysdr659.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: rqrponm - rqrponm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10456 bytes


Ad-Aware 2007
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver (Omega 3.8.442)
AVG Anti-Spyware 7.5
CD/DVD Drive Acoustic Silencer
CDisplay 1.8
Combined Community Codec Pack 2007-07-22
Dawn of War - Soulstorm
Easy Button
ESET NOD32 Antivirus
Google Desktop
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Hamachi 1.0.2.5
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
InterActual Player
InterVideo WinDVD for TOSHIBA
Iomega Automatic Backup
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
LiveUpdate 1.90 (Symantec Corporation)
Macromedia Flash Player
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.12)
MSN
MSXML 4.0 SP2 (KB936181)
MultiRes (remove only)
myTunes Redux 1.0
Norton WMI Update
Picasa 2
QuickTime
RABCO
Radeon Omega Drivers v4.8.442 Setup Files and Tools
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
Return to Castle Wolfenstein
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SMSC IrCC V5.1.3600.5
Spybot - Search & Destroy
Spyware Doctor 5.5
SpywareBlaster 4.0
SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
SUPERAntiSpyware Free Edition
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Hotkey Utility
TOSHIBA Manuals
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Management Utility
TOSHIBA Software Modem
TOSHIBA Zooming Utility
Total Commander (Remove or Repair)
Touch and Launch
TouchPad On/Off Utility
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VideoLAN VLC media player 0.8.6d
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
  • 0

Advertisements

#2
Tigger93
Posted 23 March 2008 - 04:26 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello and Welcome to Geekstogo! :)

Sorry for the delay.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
Mardukas
Posted 23 March 2008 - 06:10 PM

Mardukas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ere ye go. thanks fer the reply :-)

ComboFix 08-03-23.2 - will 2008-03-23 23:47:07.1 - NTFSx86
Running from: C:\Documents and Settings\will\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Other TimeOuts --
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF16715.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\will\My Documents\ASEMBL~1
C:\Program Files\Common Files\mcroso~1.net
C:\Program Files\RABCO
C:\Program Files\RABCO\ExecutionDll.dll
C:\Program Files\RABCO\RABCO.dll
C:\Program Files\RABCO\RABCO.dll.intermediate.manifest
C:\Program Files\RABCO\RABCOse.exe
C:\Program Files\RABCO\RABCOse.info
C:\Program Files\RABCO\RABCOse.original
C:\Program Files\RABCO\Setup.log
C:\Program Files\RABCO\un_RABCOSetup_16230.exe
C:\Program Files\RABCO\un_RABCOSetup_16230.txt
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\RABCO\X_RABCOse.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\BM479c9466.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\b4
C:\WINDOWS\system32\b4\sysdr659.exe
C:\WINDOWS\system32\bphivbng.dll
C:\WINDOWS\system32\hxllnhne.dll
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\khfdebx.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\n5
C:\WINDOWS\system32\n5\madn1107.exe
C:\WINDOWS\system32\onwsqnky.dll
C:\WINDOWS\system32\t2
C:\WINDOWS\system32\x1
C:\WINDOWS\system32\x1\crecomdll1.exe
C:\WINDOWS\system32\ybeeg.ini2
C:\WINDOWS\system32\z8
C:\WINDOWS\system32\z8\key89104.exe
C:\WINDOWS\tsks~1
C:\WINDOWS\tsks~1\T?sks\

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP


((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 12:56 . 2008-03-23 13:32 <DIR> d-------- C:\Program Files\EphPod
2008-03-22 18:51 . 2008-03-22 18:53 <DIR> d-------- C:\Program Files\Winamp
2008-03-22 18:51 . 2008-03-23 04:13 <DIR> d-------- C:\Documents and Settings\will\Application Data\Winamp
2008-03-22 18:51 . 2007-03-07 23:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-03-22 00:14 . 2008-03-22 04:02 <DIR> d-------- C:\Documents and Settings\will\Application Data\ICQ
2008-03-22 00:13 . 2008-03-22 01:05 <DIR> d-------- C:\Program Files\ICQ6
2008-03-19 13:31 . 2008-03-19 13:31 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-03-19 13:30 . 2008-03-23 00:12 <DIR> d-------- C:\Program Files\Hitman Pro
2008-03-19 02:26 . 2008-03-19 02:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-19 02:26 . 2008-03-19 02:26 <DIR> d-------- C:\Documents and Settings\will\Application Data\SUPERAntiSpyware.com
2008-03-19 02:26 . 2008-03-19 02:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-19 01:07 . 2008-03-19 01:07 <DIR> d-------- C:\Documents and Settings\will\Application Data\Grisoft
2008-03-19 01:07 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-19 01:06 . 2008-03-19 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-18 23:49 . 2008-03-23 23:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-18 23:49 . 2008-03-18 23:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-18 22:11 . 2008-03-18 22:11 0 --a------ C:\WINDOWS\TPTray.INI
2008-03-18 20:23 . 2008-03-18 21:12 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-18 20:23 . 2008-03-18 20:23 <DIR> d-------- C:\Documents and Settings\will\Application Data\PC Tools
2008-03-18 20:23 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-18 20:23 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-18 20:23 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-18 20:23 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-15 02:03 . 2008-03-15 02:03 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-15 02:03 . 2008-03-15 02:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-15 02:01 . 2008-03-19 02:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 00:11 . 2006-10-05 02:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-15 00:11 . 2006-10-05 02:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-15 00:10 . 2008-03-15 00:11 <DIR> d-------- C:\Program Files\Picasa2
2008-03-15 00:08 . 2008-03-15 00:08 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-03-15 00:03 . 2008-03-15 00:08 <DIR> d-------- C:\Program Files\Google
2008-03-15 00:03 . 2008-03-23 09:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-14 23:44 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-03-14 23:43 . 2008-03-14 23:44 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-14 06:14 . 2008-03-14 23:48 1,347,044 ---hs---- C:\WINDOWS\system32\coboqlqu.ini
2008-03-13 23:36 . 2008-03-13 23:36 <DIR> d-------- C:\Documents and Settings\will\Application Data\atitray
2008-03-13 21:25 . 2007-12-07 02:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-13 21:25 . 2007-07-01 03:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-13 21:25 . 2007-07-01 03:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-13 21:25 . 2007-12-07 02:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-13 21:25 . 2007-12-07 02:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-13 21:25 . 2007-12-07 02:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-13 21:25 . 2007-12-07 02:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-13 21:25 . 2007-12-07 02:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-13 21:25 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-03-13 21:25 . 2007-12-06 11:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-13 06:19 . 2008-03-14 01:42 1,343,315 ---hs---- C:\WINDOWS\system32\gogwdefg.ini
2008-03-11 15:03 . 2008-03-23 21:28 <DIR> d-------- C:\Documents and Settings\will\Application Data\Hamachi
2008-03-11 15:02 . 2008-03-11 15:03 <DIR> d-------- C:\Program Files\Hamachi
2008-03-11 15:02 . 2008-03-11 15:02 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-10 23:13 . 2008-03-10 23:13 <DIR> d-------- C:\Program Files\CDisplay
2008-03-10 16:50 . 2008-03-19 01:43 7,480 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-10 16:36 . 2007-09-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-03-10 16:29 . 2008-03-10 16:29 <DIR> d-------- C:\Program Files\MultiRes
2008-03-10 16:29 . 2006-02-22 01:05 2,060,288 --a------ C:\WINDOWS\system32\atipuixx.dll
2008-03-10 16:29 . 2006-02-22 01:05 274,432 --a------ C:\WINDOWS\system32\atipdsxx.dll
2008-03-10 16:29 . 2007-12-05 02:14 180,224 --a------ C:\WINDOWS\system32\atiok3x2.dll
2008-03-10 16:29 . 2007-12-05 02:55 122,880 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-03-10 16:29 . 2006-02-22 01:05 114,688 --a------ C:\WINDOWS\system32\atippaxx.dll
2008-03-10 16:29 . 2006-02-22 08:13 6,144 --a------ C:\WINDOWS\system32\atiicdxx.sys
2008-03-10 16:28 . 2008-03-10 16:28 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2008-03-09 21:45 . 2008-03-09 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-03-09 21:35 . 2008-03-09 21:45 <DIR> d-------- C:\Program Files\ESET
2008-03-09 16:31 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-03-09 16:05 . 2008-03-09 16:05 <DIR> d-------- C:\Program Files\THQ
2008-03-09 15:49 . 2008-03-09 15:49 15,360 --ahs---- C:\Thumbs.db
2008-03-09 15:49 . 2008-03-20 22:11 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-09 04:28 . 2008-03-09 04:28 <DIR> d-------- C:\Documents and Settings\will\Application Data\MSNInstaller
2008-03-08 16:22 . 2008-03-17 19:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-08 16:22 . 2008-03-22 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-08 16:03 . 2008-03-08 16:03 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-08 15:57 . 2008-03-08 15:57 <DIR> d--hs---- C:\TrustedAntivirus
2008-03-08 15:56 . 2008-03-08 15:56 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-03-08 15:52 . 2004-10-07 13:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-08 15:52 . 2004-10-07 13:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-08 15:52 . 2004-10-07 13:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-03-08 15:52 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-08 15:52 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-08 15:45 . 2008-03-08 15:45 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-03-08 15:35 . 2008-03-15 02:22 <DIR> d--hs---- C:\WINDOWS\d2lsbA
2008-03-08 15:35 . 2008-03-23 23:49 <DIR> d-------- C:\Temp
2008-03-08 15:30 . 2008-03-08 15:30 <DIR> d-------- C:\WINDOWS\Sun
2008-03-08 15:19 . 2008-03-08 15:19 <DIR> d-------- C:\Documents and Settings\will\Application Data\DAEMON Tools
2008-03-08 15:19 . 2008-03-08 15:19 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-07 12:06 . 2008-03-07 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-06 17:36 . 2008-03-06 17:36 <DIR> d-------- C:\Program Files\Gravity
2008-03-06 12:31 . 2008-03-21 04:17 48,549 ---h----- C:\treeinfo.wc
2008-03-06 12:14 . 2008-03-07 01:23 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-03-05 22:14 . 2008-03-05 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-05 22:13 . 2008-03-05 23:11 <DIR> d-------- C:\Documents and Settings\will\Application Data\Azureus
2008-03-05 18:26 . 2008-03-05 18:26 <DIR> d-------- C:\Program Files\myTunes Redux
2008-03-05 18:02 . 2008-03-05 18:02 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 20:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-22 00:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 20:48 --------- d-----w C:\Documents and Settings\will\Application Data\Apple Computer
2008-03-10 16:28 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-03-07 01:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-05 18:02 --------- d-----w C:\Program Files\iTunes
2008-03-05 18:00 --------- d-----w C:\Program Files\QuickTime
2008-03-05 17:26 --------- d-----w C:\Program Files\Windows Live
2008-02-20 11:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 11:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 11:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-02-16 19:21 --------- d-----w C:\Program Files\InterActual
2008-02-13 15:01 --------- d-----w C:\Documents and Settings\will\Application Data\Iomega Automatic Backup
2008-02-13 00:15 --------- d-----w C:\Documents and Settings\will\Application Data\dvdcss
2008-02-10 18:49 --------- d-----w C:\Documents and Settings\will\Application Data\InterVideo
2008-02-08 22:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-08 09:17 --------- d-----w C:\Program Files\Symantec
2008-02-08 09:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-05 16:16 --------- d-----w C:\Program Files\Iomega
2008-02-05 16:14 --------- d-----w C:\Documents and Settings\will\Application Data\Leadertech
2008-02-01 11:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-30 19:37 --------- d-----w C:\Program Files\Lionhead Studios Ltd
2008-01-27 22:02 --------- d-----w C:\Program Files\Return to Castle Wolfenstein
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24 65536]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bm"="C:\Program Files\Common Files\TrustedAntivirus\bm.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 00:07 1836544]
"ptask"="C:\Program Files\TrustedAntivirus\ptask.exe" [ ]
"TrustedAntivirus"="C:\Program Files\TrustedAntivirus\pgs.exe" [ ]
"Iomega Automatic Backup 1.0.1"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 10:32 3014656]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-02-09 11:16 299260]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"{FA-A7-75-55-DW}"="C:\WINDOWS\system32\b4\sysdr659.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 16:23 218240]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-18 09:21 135168]
"ATIPTA"="atiptaxx.exe" [2006-02-22 01:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"NDSTray.exe"="NDSTray.exe" []
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 15:07 24576]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-04-27 08:02 118784]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 15:23 53248]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-07-07 15:25 712704]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 14:14 643072]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\agrsmmsg.exe]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 10:02 1019904]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 15:46 192512]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 22:54 37376]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-15 00:03:56 125624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrponm]
rqrponm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=

R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 07:55]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-19 16:08:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-08-19 12:37:36 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 23:59:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-03-24 0:08:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-24 00:08:14
.
2008-03-23 03:04:12 --- E O F ---








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:11:18, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\will\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.aber.ac.uk:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\TrustedAntivirus\bm.exe" dm=http://trustedantivirus.com ad=http://trustedantivirus.com sd=http://ykeeper.trustedantivirus.com
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ptask] C:\Program Files\TrustedAntivirus\ptask.exe
O4 - HKLM\..\Run: [TrustedAntivirus] C:\Program Files\TrustedAntivirus\pgs.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [{FA-A7-75-55-DW}] C:\WINDOWS\system32\b4\sysdr659.exe DWram
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\b4\sysdr659.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: rqrponm - rqrponm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10161 bytes
  • 0

#4
Tigger93
Posted 23 March 2008 - 06:36 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\coboqlqu.ini
C:\WINDOWS\system32\gogwdefg.ini
c:\WINDOWS\system32\rqrponm.dll

Folder::
C:\TrustedAntivirus\
C:\WINDOWS\d2lsbA\
C:\Program Files\Common Files\TrustedAntivirus\
C:\Program Files\TrustedAntivirus\

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bm"=-
"ptask"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrponm]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#5
Mardukas
Posted 23 March 2008 - 07:03 PM

Mardukas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix 08-03-23.2 - will 2008-03-24 0:58:02.2 - NTFSx86
Running from: C:\Documents and Settings\will\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\will\My Documents\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\coboqlqu.ini
C:\WINDOWS\system32\gogwdefg.ini
c:\WINDOWS\system32\rqrponm.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\will\Start Menu\Programs\Startup\DW_Start.lnk
C:\TrustedAntivirus\
C:\WINDOWS\d2lsbA\
C:\WINDOWS\system32\coboqlqu.ini
C:\WINDOWS\system32\gogwdefg.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-23 12:56 . 2008-03-23 13:32 <DIR> d-------- C:\Program Files\EphPod
2008-03-22 18:51 . 2008-03-22 18:53 <DIR> d-------- C:\Program Files\Winamp
2008-03-22 18:51 . 2008-03-23 04:13 <DIR> d-------- C:\Documents and Settings\will\Application Data\Winamp
2008-03-22 18:51 . 2007-03-07 23:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-03-22 00:14 . 2008-03-22 04:02 <DIR> d-------- C:\Documents and Settings\will\Application Data\ICQ
2008-03-22 00:13 . 2008-03-22 01:05 <DIR> d-------- C:\Program Files\ICQ6
2008-03-19 13:31 . 2008-03-19 13:31 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-03-19 13:30 . 2008-03-23 00:12 <DIR> d-------- C:\Program Files\Hitman Pro
2008-03-19 02:26 . 2008-03-19 02:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-19 02:26 . 2008-03-19 02:26 <DIR> d-------- C:\Documents and Settings\will\Application Data\SUPERAntiSpyware.com
2008-03-19 02:26 . 2008-03-19 02:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-19 01:07 . 2008-03-19 01:07 <DIR> d-------- C:\Documents and Settings\will\Application Data\Grisoft
2008-03-19 01:07 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-19 01:06 . 2008-03-19 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-18 23:49 . 2008-03-23 23:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-18 23:49 . 2008-03-18 23:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-18 22:11 . 2008-03-18 22:11 0 --a------ C:\WINDOWS\TPTray.INI
2008-03-18 20:23 . 2008-03-18 21:12 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-18 20:23 . 2008-03-18 20:23 <DIR> d-------- C:\Documents and Settings\will\Application Data\PC Tools
2008-03-18 20:23 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-18 20:23 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-18 20:23 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-18 20:23 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-15 02:03 . 2008-03-15 02:03 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-15 02:03 . 2008-03-15 02:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-15 02:01 . 2008-03-19 02:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 00:11 . 2006-10-05 02:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-03-15 00:11 . 2006-10-05 02:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-03-15 00:10 . 2008-03-15 00:11 <DIR> d-------- C:\Program Files\Picasa2
2008-03-15 00:08 . 2008-03-15 00:08 <DIR> d-------- C:\WINDOWS\system32\runtime
2008-03-15 00:03 . 2008-03-15 00:08 <DIR> d-------- C:\Program Files\Google
2008-03-15 00:03 . 2008-03-23 09:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-14 23:44 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-03-14 23:43 . 2008-03-14 23:44 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-13 23:36 . 2008-03-13 23:36 <DIR> d-------- C:\Documents and Settings\will\Application Data\atitray
2008-03-13 21:25 . 2007-12-07 02:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-13 21:25 . 2007-07-01 03:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-13 21:25 . 2007-07-01 03:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-13 21:25 . 2007-12-07 02:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-13 21:25 . 2007-12-07 02:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-13 21:25 . 2007-12-07 02:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-13 21:25 . 2007-12-07 02:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-13 21:25 . 2007-12-07 02:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-13 21:25 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-03-13 21:25 . 2007-12-06 11:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-11 15:03 . 2008-03-23 21:28 <DIR> d-------- C:\Documents and Settings\will\Application Data\Hamachi
2008-03-11 15:02 . 2008-03-11 15:03 <DIR> d-------- C:\Program Files\Hamachi
2008-03-11 15:02 . 2008-03-11 15:02 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-10 23:13 . 2008-03-10 23:13 <DIR> d-------- C:\Program Files\CDisplay
2008-03-10 16:50 . 2008-03-19 01:43 7,480 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-10 16:36 . 2007-09-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-03-10 16:29 . 2008-03-10 16:29 <DIR> d-------- C:\Program Files\MultiRes
2008-03-10 16:29 . 2006-02-22 01:05 2,060,288 --a------ C:\WINDOWS\system32\atipuixx.dll
2008-03-10 16:29 . 2006-02-22 01:05 274,432 --a------ C:\WINDOWS\system32\atipdsxx.dll
2008-03-10 16:29 . 2007-12-05 02:14 180,224 --a------ C:\WINDOWS\system32\atiok3x2.dll
2008-03-10 16:29 . 2007-12-05 02:55 122,880 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-03-10 16:29 . 2006-02-22 01:05 114,688 --a------ C:\WINDOWS\system32\atippaxx.dll
2008-03-10 16:29 . 2006-02-22 08:13 6,144 --a------ C:\WINDOWS\system32\atiicdxx.sys
2008-03-10 16:28 . 2008-03-10 16:28 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2008-03-09 21:45 . 2008-03-09 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-03-09 21:35 . 2008-03-09 21:45 <DIR> d-------- C:\Program Files\ESET
2008-03-09 16:31 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-03-09 16:05 . 2008-03-09 16:05 <DIR> d-------- C:\Program Files\THQ
2008-03-09 15:49 . 2008-03-09 15:49 15,360 --ahs---- C:\Thumbs.db
2008-03-09 15:49 . 2008-03-20 22:11 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-09 04:28 . 2008-03-09 04:28 <DIR> d-------- C:\Documents and Settings\will\Application Data\MSNInstaller
2008-03-08 16:22 . 2008-03-17 19:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-08 16:22 . 2008-03-22 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-08 16:03 . 2008-03-08 16:03 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-08 15:56 . 2008-03-08 15:56 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-03-08 15:52 . 2004-10-07 13:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-08 15:52 . 2004-10-07 13:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-08 15:52 . 2004-10-07 13:39 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-03-08 15:52 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-08 15:52 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-03-08 15:45 . 2008-03-08 15:45 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-03-08 15:35 . 2008-03-23 23:49 <DIR> d-------- C:\Temp
2008-03-08 15:30 . 2008-03-08 15:30 <DIR> d-------- C:\WINDOWS\Sun
2008-03-08 15:19 . 2008-03-08 15:19 <DIR> d-------- C:\Documents and Settings\will\Application Data\DAEMON Tools
2008-03-08 15:19 . 2008-03-08 15:19 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-07 12:06 . 2008-03-07 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-06 17:36 . 2008-03-06 17:36 <DIR> d-------- C:\Program Files\Gravity
2008-03-06 12:31 . 2008-03-21 04:17 48,549 ---h----- C:\treeinfo.wc
2008-03-06 12:14 . 2008-03-07 01:23 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-03-05 22:14 . 2008-03-05 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-05 22:13 . 2008-03-05 23:11 <DIR> d-------- C:\Documents and Settings\will\Application Data\Azureus
2008-03-05 18:26 . 2008-03-05 18:26 <DIR> d-------- C:\Program Files\myTunes Redux
2008-03-05 18:02 . 2008-03-05 18:02 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 20:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-22 00:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 20:48 --------- d-----w C:\Documents and Settings\will\Application Data\Apple Computer
2008-03-10 16:28 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-03-07 01:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-05 18:02 --------- d-----w C:\Program Files\iTunes
2008-03-05 18:00 --------- d-----w C:\Program Files\QuickTime
2008-03-05 17:26 --------- d-----w C:\Program Files\Windows Live
2008-02-20 11:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 11:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 11:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-02-16 19:21 --------- d-----w C:\Program Files\InterActual
2008-02-13 15:01 --------- d-----w C:\Documents and Settings\will\Application Data\Iomega Automatic Backup
2008-02-13 00:15 --------- d-----w C:\Documents and Settings\will\Application Data\dvdcss
2008-02-10 18:49 --------- d-----w C:\Documents and Settings\will\Application Data\InterVideo
2008-02-08 22:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-08 09:17 --------- d-----w C:\Program Files\Symantec
2008-02-08 09:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-05 16:16 --------- d-----w C:\Program Files\Iomega
2008-02-05 16:14 --------- d-----w C:\Documents and Settings\will\Application Data\Leadertech
2008-02-01 11:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-30 19:37 --------- d-----w C:\Program Files\Lionhead Studios Ltd
2008-01-27 22:02 --------- d-----w C:\Program Files\Return to Castle Wolfenstein
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24 65536]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 00:07 1836544]
"TrustedAntivirus"="C:\Program Files\TrustedAntivirus\pgs.exe" [ ]
"Iomega Automatic Backup 1.0.1"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 10:32 3014656]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-02-09 11:16 299260]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"{FA-A7-75-55-DW}"="C:\WINDOWS\system32\b4\sysdr659.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 16:23 218240]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-18 09:21 135168]
"ATIPTA"="atiptaxx.exe" [2006-02-22 01:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"NDSTray.exe"="NDSTray.exe" []
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 15:07 24576]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-04-27 08:02 118784]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 15:23 53248]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-07-07 15:25 712704]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 14:14 643072]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\agrsmmsg.exe]
"PadTouch"="C:\Program Files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 10:02 1019904]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 15:46 192512]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 22:54 37376]

C:\Documents and Settings\will\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-03-11 15:02:23 624416]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-15 00:03:56 125624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=

R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 07:55]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-19 16:08:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-08-19 12:37:36 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 01:02:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Completion time: 2008-03-24 1:04:00
ComboFix-quarantined-files.txt 2008-03-24 01:03:34
ComboFix2.txt 2008-03-24 00:08:29
.
2008-03-23 03:04:12 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:05:10, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\will\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.aber.ac.uk:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TrustedAntivirus] C:\Program Files\TrustedAntivirus\pgs.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [{FA-A7-75-55-DW}] C:\WINDOWS\system32\b4\sysdr659.exe DWram
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9749 bytes
  • 0

#6
Tigger93
Posted 23 March 2008 - 09:40 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Everything looks good now. :) Still having any problems?
  • 0

#7
Mardukas
Posted 24 March 2008 - 11:36 AM

Mardukas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
nope,everything looks ok. I can't thank you enough :)!
  • 0

#8
Tigger93
Posted 24 March 2008 - 12:34 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP