2 pop ups come up in document like windows the other in a Internet window, they only appear when i connected so i assume they're part of the Mal ware.
One is a red box, the other comes up as a yellow triangle in my task bar
Search & destroy says i have Smitfraud. the popups say i have Trojandownloader.XS and another program and despite fileshredder i cant empty my temp files
i have no idea what to do
here is my log from Combofix (and my Hijack this log file further down)
ComboFix 08-03-22.3 - HP_Owner 2008-03-23 23:47:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.474 [GMT 9:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.
2008-03-23 20:47 . 2008-03-23 20:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 19:55 . 2008-03-22 19:55 <DIR> d-------- C:\Program Files\FLV Player
2008-03-22 17:52 . 2008-03-22 17:52 90,112 --a------ C:\WINDOWS\system32\kxkbcgtq.exe
2008-03-22 16:24 . 2008-03-22 16:41 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\PC-Cleaner
2008-03-22 15:15 . 2008-03-22 16:58 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-03-22 14:44 . 2008-03-22 14:44 <DIR> d-------- C:\WINDOWS\system32smp
2008-03-22 14:44 . 2008-03-22 14:44 <DIR> d-------- C:\Documents and Settings\HP_Owner\Desktopvirii
2008-03-22 14:44 . 2008-03-22 14:44 90,112 --a------ C:\WINDOWS\system32\drbgoefo.exe
2008-03-22 14:44 . 2008-03-22 14:44 37,888 --a------ C:\WINDOWS\kzkfkvqr.exe.bak
2008-03-22 14:44 . 2008-03-22 14:44 4,096 --a------ C:\Documents and Settings\HP_Owner\DesktopTrojan.Win32.BlackBird.exe
2008-03-22 14:44 . 2008-03-22 14:44 4,096 --a------ C:\Documents and Settings\HP_Owner\DesktopFWebdEditor.exe
2008-03-22 14:44 . 2008-03-22 14:44 4,096 --a------ C:\Documents and Settings\HP_Owner\Desktopfwebd.exe
2008-03-22 14:44 . 2008-03-22 14:44 4,096 --a------ C:\Documents and Settings\HP_Owner\Desktopfkwp2.0.exe
2008-03-22 14:44 . 2008-03-22 14:44 4,096 --a------ C:\Documents and Settings\HP_Owner\Desktopfkwp1.5.exe
2008-03-22 14:44 . 2008-03-22 14:44 4,096 --a------ C:\Documents and Settings\HP_Owner\Desktopfilemanagerclient.exe
2008-03-22 14:44 . 2008-03-22 14:44 4,096 --a------ C:\Documents and Settings\HP_Owner\DesktopEditorFKWP2.0.exe
2008-03-22 14:44 . 2008-03-22 14:44 4,096 --a------ C:\Documents and Settings\HP_Owner\DesktopEditorFKWP1.5.exe
2008-03-22 14:43 . 2008-03-22 09:56 208,896 --a------ C:\WINDOWS\altvxvm.dll
2008-03-22 14:43 . 2008-03-22 14:43 16,484 -r-hs---- C:\Program Files\tmp3.exe
2008-03-22 14:43 . 2008-03-22 14:43 16,484 -r-hs---- C:\Program Files\tmp2.exe
2008-03-22 14:43 . 2008-03-22 14:43 16,484 -r-hs---- C:\Program Files\tmp1.exe
2008-03-22 14:43 . 2008-03-22 14:43 16,484 -r-hs---- C:\Program Files\tmp0.exe
2008-03-18 23:05 . 2008-03-18 23:05 <DIR> d-------- C:\Downloads
2008-03-11 15:58 . 2008-03-11 15:58 268 --ah----- C:\sqmdata10.sqm
2008-03-11 15:58 . 2008-03-11 15:58 244 --ah----- C:\sqmnoopt10.sqm
2008-03-03 11:12 . 2008-03-03 11:12 <DIR> d-------- C:\unzipped
2008-02-27 15:40 . 2008-02-27 15:40 <DIR> d-------- C:\Program Files\iTunes
2008-02-27 15:40 . 2008-03-23 13:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-27 15:40 . 2008-02-27 15:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-24 19:28 . 2008-02-24 19:28 <DIR> d-------- C:\Program Files\OpenAL
2008-02-24 19:28 . 2008-02-24 19:28 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-02-24 19:28 . 2008-02-24 19:28 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-02-23 22:21 . 2008-03-23 11:07 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\skypePM
2008-02-23 22:21 . 2008-02-23 22:21 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-23 22:19 . 2008-02-23 22:19 <DIR> d-------- C:\Program Files\Skype
2008-02-23 22:19 . 2008-02-23 22:19 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-23 22:19 . 2008-03-23 13:45 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Skype
2008-02-23 22:19 . 2008-02-23 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-23 20:08 . 2008-02-23 20:08 <DIR> d-------- C:\Program Files\Overland
2008-02-23 20:08 . 2004-05-11 10:53 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-02-23 20:08 . 2004-05-11 10:53 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-02-23 20:08 . 2004-05-11 10:53 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-02-23 20:08 . 2004-05-11 10:53 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2008-02-23 19:45 . 2008-02-23 19:46 <DIR> d-------- C:\Temp\HP_WebRelease
2008-02-23 18:27 . 2008-02-23 18:37 681 --a------ C:\WINDOWS\mozver.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 13:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-23 11:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-22 13:50 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Free Download Manager
2008-03-11 07:02 --------- d-----w C:\Program Files\THQ
2008-03-06 12:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-27 06:40 --------- d-----w C:\Program Files\iPod
2008-02-27 06:39 --------- d-----w C:\Program Files\QuickTime
2008-02-23 11:08 --------- d-----w C:\Program Files\HP
2008-02-10 11:01 --------- d-----w C:\Program Files\MSN Messenger
2008-02-10 10:35 --------- d-----w C:\Program Files\Windows Live
2008-02-10 10:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-10 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-10 08:00 --------- d-----w C:\Program Files\Java
2008-02-08 07:17 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM
2008-02-05 07:49 --------- d-----w C:\Program Files\WordWeb
2008-01-30 07:45 --------- d-----w C:\Program Files\Bonjour
2008-01-29 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-01-28 08:25 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\WNR
2008-01-27 04:50 --------- d-----w C:\Program Files\CASIO
2008-01-24 08:21 --------- d-----w C:\Program Files\Free Download Manager
2007-12-24 12:55 90,112 ----a-w C:\WINDOWS\DUMP5fd3.tmp
2007-09-16 08:29 22,328 ----a-w C:\Documents and Settings\HP_Owner\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BCD34E0B-5C18-4A04-8C33-38E1B38B5A05}"= "C:\WINDOWS\etlrlws.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{bcd34e0b-5c18-4a04-8c33-38e1b38b5a05}]
[HKEY_CLASSES_ROOT\etlrlws.1]
[HKEY_CLASSES_ROOT\TypeLib\{4CFE5923-CBC4-44B3-B0E5-9584F85258B0}]
[HKEY_CLASSES_ROOT\etlrlws]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00 15360]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe" [2004-08-25 20:08 159744]
"InternodeUsage"="C:\PROGRA~1\INTERN~2\mum.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-12-16 12:20 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreativeMouse "="C:\Program Files\Mouse Driver\MouseDrv.exe" [2004-06-27 16:38 503808]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 22:00 79224]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"drbgoefo"="C:\WINDOWS\system32\drbgoefo.exe" [2008-03-22 14:44 90112]
"kxkbcgtq"="C:\WINDOWS\system32\kxkbcgtq.exe" [2008-03-22 17:52 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-19 10:47 8720384]
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2008-02-05 16:49:33 44384]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-16 12:20:47 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"iaPI7kPhDx"= C:\WINDOWS\kzkfkvqr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {4904c656-acb4-4029-8457-1941ed789cc7} - C:\WINDOWS\Installer\{4904c656-acb4-4029-8457-1941ed789cc7}\zip.dll [2008-03-22 14:43 23294]
"altvxvm"= {E7B8E529-BAE9-4535-BF0E-1A3FD39F1FAF} - C:\WINDOWS\altvxvm.dll [2008-03-22 09:56 208896]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
--------- 2004-08-25 20:08 159744 C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--------- 2004-06-29 16:06 88363 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--------- 2004-07-03 01:49 57344 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--------- 2004-07-06 00:05 2550272 C:\WINDOWS\ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--------- 2003-04-04 01:21 50176 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--------- 2004-08-04 21:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
--a------ 2007-06-10 20:02 40960 C:\Program Files\Free Download Manager\FUM\fumoei.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
--------- 2004-07-30 09:34 155648 C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 16:51 118784 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--------- 2004-06-07 19:38 659456 C:\WINDOWS\system32\hphmon06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--------- 1998-05-07 15:04 52736 c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 16:55 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--------- 2004-08-05 04:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--------- 2003-02-11 19:02 61440 C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
--------- 2005-04-01 17:16 40960 C:\WINDOWS\NCLAUNCH.EXe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop up Blocker]
C:\Program Files\Pop up Blocker\pd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--------- 2002-10-16 15:57 81920 C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMDrive]
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--------- 2004-04-14 19:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--------- 2005-05-09 18:03 73728 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 05:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
C:\WINDOWS\byvsqq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--------- 2004-08-25 19:34 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
--a------ 2006-03-29 17:12 364544 C:\Program Files\TP-LINK\TWCU\TWCU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 13:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
--------- 2004-07-30 09:41 192512 C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BZFlag2.0.8\\bzflag.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"C:\\WINDOWS\\system32\\msiexec.exe"=
"C:\\Program Files\\BZFlag2.0.10\\bzflag.exe"=
"C:\\Program Files\\BZFlag2.0.10\\bzfs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\Team17\\Worms2\\frontend.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-09-12 21:30]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 05:47]
R2 LxrSII1d;Secure II Driver;C:\WINDOWS\system32\Drivers\LxrSII1d.sys [2005-05-19 16:48]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 04:40]
S3 gkmixern;gkmixern;C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gkmixern.sys []
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 22:50]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 17:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 17:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 10:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 17:42]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-27 06:32:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-23 14:21:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-21 11:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job"
- c:\PROGRA~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 23:50:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-23 23:51:03
ComboFix-quarantined-files.txt 2008-03-23 14:50:55
.
2008-03-20 14:14:24 --- E O F ---
Here is my Hijack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:24 PM, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\drbgoefo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: etlrlws - {BCD34E0B-5C18-4A04-8C33-38E1B38B5A05} - C:\WINDOWS\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [drbgoefo] C:\WINDOWS\system32\drbgoefo.exe
O4 - HKLM\..\Run: [kxkbcgtq] C:\WINDOWS\system32\kxkbcgtq.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKLM\..\Policies\Explorer\Run: [iaPI7kPhDx] C:\WINDOWS\kzkfkvqr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?d3a8795af2cf45968a591e5c1f1a487f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?d3a8795af2cf45968a591e5c1f1a487f
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: zip - {4904c656-acb4-4029-8457-1941ed789cc7} - C:\WINDOWS\Installer\{4904c656-acb4-4029-8457-1941ed789cc7}\zip.dll
O21 - SSODL: altvxvm - {E7B8E529-BAE9-4535-BF0E-1A3FD39F1FAF} - C:\WINDOWS\altvxvm.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
--
End of file - 11095 bytes
Please help
Sign In
Create Account
