Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware "un_BatSetup_15041.exe,ssmgr.exe,seekmo,zango"


  • Please log in to reply

#1
carter_glasgow

carter_glasgow

    New Member

  • Member
  • Pip
  • 7 posts
"un_BatSetup_15041.exe,ssmgr.exe,seekmo,zango"



Hi, My name is Matt and I think I have some Malware.
I usually dont download or install programs I dont
trust but my friend gave me a program on disk and I
tryed it and it loaded crap on my PC.. I think..
I havent had any errors or popups just found the
stuff in my program files and seen it was added around march 15
everything from april has to go ..I think


I have a file called "un_BatSetup_15041.exe" in a folder called "Bat"
and a folder called "ssmgr" with a file "ssmgr.exe" in it..
then there some other folders called "seekmo" and "zango" in my program files
as well.. these folders were installed on march 15 2008 ...
I think that is the day i tryed to install the program my friend gave me..
I have not tryed to delete any of these folders yet..

There is probbably other problems..I dont know
I found this when I noticed I couldent watch movies intantly on
Net Flix do to a slow internet speed.

I have Norton 2007
Addaware by lavasoft
I have just downloaded :AGF Cleaner,AVG,Hijack This, And DSS.exe

Im running Windows XP SP2 all updated

I really think I need some help here please.
Im dont know alot about this stuff..I wish I did.

Norton and Addaware does not pick up anything when I run scans.

IM AFRAID TO DELETE SYS RESTOR AND MAKE A NEW POINT..
SHOULD I REALLY DO THAT ?

One last thing .. My brother has used my computer in the last week
or 2 and I dont know what he did or seen as
far as norton goes or if he had something to do with getting me infected..

AVG found Adware.Generic, Adware.Minibug,Downloadr.Agent.lbx,
Not-A-Virus.WebHancer..AVG deleted successfully.


There are 2 reports here:

Deckard's System Scanner v20071014.68
Run by matt on 2008-03-31 05:52:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2008-03-31 09:52:28 UTC - RP581 - Deckard's System Scanner Restore Point
37: 2008-03-31 08:57:41 UTC - RP580 - Removed Nero 7 Essentials
36: 2008-03-29 14:01:29 UTC - RP579 - System Checkpoint
35: 2008-03-26 07:13:57 UTC - RP578 - System Checkpoint
34: 2008-03-25 07:00:30 UTC - RP577 - System Checkpoint


-- First Restore Point --
1: 2007-12-27 20:42:51 UTC - RP544 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-31 05:55:10
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Verizon Online\SmartBridge\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\TWAIN_32\ca561a\SnapDetect.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Documents and Settings\matt\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchcust.htm
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [eyeballchat] C:\Program Files\BPK\eyeballchat.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: SnapDetect.lnk = C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\matt\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_d0d1d7ad58c4c2.jpgO24 - Desktop Component 1: - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_ac01c7819c753409b9349ca179.jpgO24 - Desktop Component 10: - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/1082562815_l.jpgO24 - Desktop Component 2: - file:///C:/Documents%20and%20Settings/matt/Desktop/lexxxicon_120x120.gifO24 - Desktop Component 3: - file:///C:/Documents%20and%20Settings/matt/Desktop/1112yid.gifO24 - Desktop Component 4: - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/1112yhid.gifO24 - Desktop Component 5: - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/ASY1.gifO24 - Desktop Component 6: - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/gggggrtg23r.gifO24 - Desktop Component 7: - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_2d35ec38d49.gifO24 - Desktop Component 8: - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/catgirl1transparentm.JPGO24 - Desktop Component 9: - file:///C:/Documents%20and%20Settings/matt/Desktop/stickers_1ec90b1da93376e3.gif

--
End of file - 11638 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 L6DP - c:\windows\system32\drivers\l6dp.sys <Not Verified; Line 6; Line 6 Device Proxy>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 L6PODLV (PODxt Live Service) - c:\windows\system32\drivers\l6podlv.sys <Not Verified; Line 6; GuitarPort>
S3 SDDMI2 - c:\windows\system32\ddmi2.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-28 22:12:26 620 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - matt.job


-- Files created between 2008-02-29 and 2008-03-31 -----------------------------

2008-03-29 19:13:04 8706 --a------ C:\Documents and Settings\matt\~.exe
2008-03-19 03:57:26 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-03-19 02:47:24 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-19 02:45:14 0 d-------- C:\Documents and Settings\matt\Application Data\Ahead
2008-03-19 02:42:38 0 d-------- C:\Program Files\Nero
2008-03-19 02:42:38 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-15 22:45:44 28672 --a------ C:\WINDOWS\voiceip.dll
2008-03-15 22:45:44 8448 --a------ C:\WINDOWS\swin32.dll
2008-03-15 22:45:44 10752 --a------ C:\WINDOWS\stcloader.exe
2008-03-15 22:45:44 22016 --a------ C:\WINDOWS\mssvr.exe
2008-03-15 22:45:44 17152 --a------ C:\WINDOWS\mspphe.dll
2008-03-15 22:45:44 8704 --a------ C:\WINDOWS\cdsm32.dll
2008-03-15 22:45:44 14848 --a------ C:\WINDOWS\bokja.exe
2008-03-15 22:45:44 11008 --a------ C:\WINDOWS\bjam.dll
2008-03-15 22:45:44 13824 --a------ C:\WINDOWS\2020search2.dll
2008-03-15 22:45:44 14848 --a------ C:\WINDOWS\2020search.dll
2008-03-15 22:45:44 0 d-------- C:\Program Files\stc
2008-03-15 22:45:43 0 d-------- C:\Program Files\seekmo
2008-03-15 22:45:42 30720 --a------ C:\WINDOWS\updatetc.exe
2008-03-15 22:45:42 31744 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-03-15 22:45:42 15616 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-03-15 22:45:42 14848 --a------ C:\WINDOWS\salm.exe
2008-03-15 22:45:42 12544 --a------ C:\WINDOWS\180ax.exe
2008-03-15 22:45:42 0 d-------- C:\Program Files\zango
2008-03-15 22:45:41 18176 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-15 22:45:41 24576 --a------ C:\WINDOWS\saiemod.dll
2008-03-15 22:45:41 25856 --a------ C:\WINDOWS\msapasrc.dll
2008-03-15 22:45:41 0 d-------- C:\WINDOWS\FLEOK
2008-03-15 22:45:40 30208 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-03-15 22:45:40 31232 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-03-15 22:45:40 20480 --a------ C:\WINDOWS\msa64chk.dll
2008-03-15 22:45:39 29952 --a------ C:\WINDOWS\winsb.dll
2008-03-15 22:45:39 15360 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-03-15 22:45:39 10240 --a------ C:\WINDOWS\shdocpl.dll
2008-03-15 22:45:39 17152 --a------ C:\WINDOWS\shdocpe.dll
2008-03-15 22:45:39 24320 --a------ C:\WINDOWS\ntnut.exe
2008-03-15 22:45:39 0 d-------- C:\Program Files\Sysmnt
2008-03-15 22:45:38 26112 --a------ C:\WINDOWS\browserad.dll
2008-03-15 22:45:38 28672 --a------ C:\WINDOWS\aviwrap32.dll
2008-03-15 22:45:38 22272 --a------ C:\WINDOWS\avisynthex32.dll
2008-03-15 22:45:38 17152 --a------ C:\WINDOWS\avifile32.dll
2008-03-15 22:45:37 8704 --a------ C:\WINDOWS\autodisc32.dll
2008-03-15 22:45:37 13056 --a------ C:\WINDOWS\audiosrv32.dll
2008-03-15 22:45:37 11776 --a------ C:\WINDOWS\ati2dvag32.dll
2008-03-15 22:45:37 26880 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-03-15 22:45:37 25344 --a------ C:\WINDOWS\athprxy32.dll
2008-03-15 22:45:37 26368 --a------ C:\WINDOWS\asycfilt32.dll
2008-03-15 22:45:37 27648 --a------ C:\WINDOWS\asferror32.dll
2008-03-15 22:45:36 17664 --a------ C:\WINDOWS\changeurl_30.dll
2008-03-15 22:45:36 29952 --a------ C:\WINDOWS\apphelp32.dll
2008-03-15 22:37:49 0 d-------- C:\Program Files\QdrModule
2008-03-15 22:37:49 0 d-------- C:\Program Files\QdrDrive
2008-03-15 22:37:45 0 d-------- C:\Program Files\ISM
2008-03-15 22:37:39 0 d-------- C:\Program Files\Bat
2008-03-15 22:36:54 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-14 01:08:15 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-03-14 01:08:15 0 d-------- C:\Program Files\VstPlugins
2008-03-14 01:07:12 0 d-------- C:\Program Files\Image-Line
2008-03-08 05:41:26 0 d-------- C:\TRADE
2008-03-08 05:30:17 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-08 05:30:15 0 d-------- C:\Program Files\DVD Shrink


-- Find3M Report ---------------------------------------------------------------

2008-03-31 03:58:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-19 02:47:24 0 d-------- C:\Program Files\Common Files
2008-03-11 01:56:04 0 d-------- C:\Documents and Settings\matt\Application Data\Camfrog
2008-03-11 01:42:06 0 d-------- C:\Program Files\Norton Internet Security


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [03/23/2004 02:16 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 02:52 PM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 10:12 PM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 12:43 PM]
"P17Helper"="P17.dll" [06/10/2004 01:51 PM C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 10:15 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [08/23/2004 08:19 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 03:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 03:05 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/30/2004 01:31 PM]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [04/15/2004 04:32 AM]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [05/29/2005 10:52 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [01/14/2007 03:11 AM]
"eyeballchat"="C:\Program Files\BPK\eyeballchat.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"runner1"="C:\WINDOWS\mrofinu72.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [04/19/2007 01:26 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\matt\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]
SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [5/6/2005 12:40:22 AM]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [5/6/2005 9:25:14 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-03-31 05:55:46 ------------

**************************************************

This is the 2nd report ran after I got AVG.
I dont know it looks a little different?

***************************************************

Deckard's System Scanner v20071014.68
Run by matt on 2008-04-01 03:43:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as matt.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:28 AM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\matt\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\matt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [eyeballchat] C:\Program Files\BPK\eyeballchat.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: SnapDetect.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\matt\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_d0d1d7ad58c4c2.jpg
O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_ac01c7819c753409b9349ca179.jpg
O24 - Desktop Component 10: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/1082562815_l.jpg
O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/lexxxicon_120x120.gif
O24 - Desktop Component 3: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/1112yid.gif
O24 - Desktop Component 4: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/1112yhid.gif
O24 - Desktop Component 5: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/ASY1.gif
O24 - Desktop Component 6: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/gggggrtg23r.gif
O24 - Desktop Component 7: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_2d35ec38d49.gif
O24 - Desktop Component 8: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/catgirl1transparentm.JPG
O24 - Desktop Component 9: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/stickers_1ec90b1da93376e3.gif

--
End of file - 11453 bytes

-- Files created between 2008-03-01 and 2008-04-01 -----------------------------

2008-04-01 02:55:32 0 d-------- C:\Documents and Settings\matt\Application Data\Grisoft
2008-04-01 02:55:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-31 06:04:27 0 d-------- C:\Program Files\Trend Micro
2008-03-29 19:13:04 8706 --a------ C:\Documents and Settings\matt\~.exe
2008-03-19 03:57:26 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-03-19 02:47:24 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-19 02:45:14 0 d-------- C:\Documents and Settings\matt\Application Data\Ahead
2008-03-19 02:42:38 0 d-------- C:\Program Files\Nero
2008-03-19 02:42:38 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-15 22:45:44 28672 --a------ C:\WINDOWS\voiceip.dll
2008-03-15 22:45:44 8448 --a------ C:\WINDOWS\swin32.dll
2008-03-15 22:45:44 10752 --a------ C:\WINDOWS\stcloader.exe
2008-03-15 22:45:44 22016 --a------ C:\WINDOWS\mssvr.exe
2008-03-15 22:45:44 17152 --a------ C:\WINDOWS\mspphe.dll
2008-03-15 22:45:44 8704 --a------ C:\WINDOWS\cdsm32.dll
2008-03-15 22:45:44 14848 --a------ C:\WINDOWS\bokja.exe
2008-03-15 22:45:44 11008 --a------ C:\WINDOWS\bjam.dll
2008-03-15 22:45:44 13824 --a------ C:\WINDOWS\2020search2.dll
2008-03-15 22:45:44 14848 --a------ C:\WINDOWS\2020search.dll
2008-03-15 22:45:44 0 d-------- C:\Program Files\stc
2008-03-15 22:45:43 0 d-------- C:\Program Files\seekmo
2008-03-15 22:45:42 30720 --a------ C:\WINDOWS\updatetc.exe
2008-03-15 22:45:42 31744 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-03-15 22:45:42 15616 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-03-15 22:45:42 14848 --a------ C:\WINDOWS\salm.exe
2008-03-15 22:45:42 12544 --a------ C:\WINDOWS\180ax.exe
2008-03-15 22:45:42 0 d-------- C:\Program Files\zango
2008-03-15 22:45:41 18176 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-15 22:45:41 24576 --a------ C:\WINDOWS\saiemod.dll
2008-03-15 22:45:41 25856 --a------ C:\WINDOWS\msapasrc.dll
2008-03-15 22:45:41 0 d-------- C:\WINDOWS\FLEOK
2008-03-15 22:45:40 30208 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-03-15 22:45:40 31232 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-03-15 22:45:40 20480 --a------ C:\WINDOWS\msa64chk.dll
2008-03-15 22:45:39 29952 --a------ C:\WINDOWS\winsb.dll
2008-03-15 22:45:39 15360 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-03-15 22:45:39 10240 --a------ C:\WINDOWS\shdocpl.dll
2008-03-15 22:45:39 17152 --a------ C:\WINDOWS\shdocpe.dll
2008-03-15 22:45:39 24320 --a------ C:\WINDOWS\ntnut.exe
2008-03-15 22:45:39 0 d-------- C:\Program Files\Sysmnt
2008-03-15 22:45:38 26112 --a------ C:\WINDOWS\browserad.dll
2008-03-15 22:45:38 28672 --a------ C:\WINDOWS\aviwrap32.dll
2008-03-15 22:45:38 22272 --a------ C:\WINDOWS\avisynthex32.dll
2008-03-15 22:45:38 17152 --a------ C:\WINDOWS\avifile32.dll
2008-03-15 22:45:37 8704 --a------ C:\WINDOWS\autodisc32.dll
2008-03-15 22:45:37 13056 --a------ C:\WINDOWS\audiosrv32.dll
2008-03-15 22:45:37 11776 --a------ C:\WINDOWS\ati2dvag32.dll
2008-03-15 22:45:37 26880 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-03-15 22:45:37 25344 --a------ C:\WINDOWS\athprxy32.dll
2008-03-15 22:45:37 26368 --a------ C:\WINDOWS\asycfilt32.dll
2008-03-15 22:45:37 27648 --a------ C:\WINDOWS\asferror32.dll
2008-03-15 22:45:36 17664 --a------ C:\WINDOWS\changeurl_30.dll
2008-03-15 22:45:36 29952 --a------ C:\WINDOWS\apphelp32.dll
2008-03-15 22:37:49 0 d-------- C:\Program Files\QdrModule
2008-03-15 22:37:49 0 d-------- C:\Program Files\QdrDrive
2008-03-15 22:37:45 0 d-------- C:\Program Files\ISM
2008-03-15 22:37:39 0 d-------- C:\Program Files\Bat
2008-03-15 22:36:54 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-14 01:08:15 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-03-14 01:08:15 0 d-------- C:\Program Files\VstPlugins
2008-03-14 01:07:12 0 d-------- C:\Program Files\Image-Line
2008-03-08 05:41:26 0 d-------- C:\TRADE
2008-03-08 05:30:17 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-08 05:30:15 0 d-------- C:\Program Files\DVD Shrink


-- Find3M Report ---------------------------------------------------------------

2008-03-31 03:58:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-19 02:47:24 0 d-------- C:\Program Files\Common Files
2008-03-11 01:56:04 0 d-------- C:\Documents and Settings\matt\Application Data\Camfrog
2008-03-11 01:42:06 0 d-------- C:\Program Files\Norton Internet Security


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [03/23/2004 02:16 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 02:52 PM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 10:12 PM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 12:43 PM]
"P17Helper"="P17.dll" [06/10/2004 01:51 PM C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 10:15 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [08/23/2004 08:19 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 03:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 03:05 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/30/2004 01:31 PM]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [04/15/2004 04:32 AM]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [05/29/2005 10:52 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [01/14/2007 03:11 AM]
"eyeballchat"="C:\Program Files\BPK\eyeballchat.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [04/19/2007 01:26 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\matt\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]
SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [5/6/2005 12:40:22 AM]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [5/6/2005 9:25:14 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-04-01 03:43:49 ------------


Can someone please tell me whats going on ?

Thank You,
Matt

Edited by carter_glasgow, 01 April 2008 - 02:19 AM.

  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello carter_glasgow

Welcome to G2Go. :)
=====================
Make sure that you paste the following file paths under the yellow bar within the OTMoveit2 program or it will not work correctly.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\matt\~.exe
    C:\WINDOWS\voiceip.dll
    C:\WINDOWS\swin32.dll
    C:\WINDOWS\stcloader.exe
    C:\WINDOWS\mssvr.exe
    C:\WINDOWS\mspphe.dll
    C:\WINDOWS\cdsm32.dll
    C:\WINDOWS\bokja.exe
    C:\WINDOWS\bjam.dll
    C:\WINDOWS\2020search2.dll
    C:\WINDOWS\2020search.dll
    C:\Program Files\stc
    C:\Program Files\seekmo
    C:\WINDOWS\updatetc.exe
    C:\WINDOWS\system32\WER8274.DLL
    C:\WINDOWS\system32\MSIXU.DLL
    C:\WINDOWS\salm.exe
    C:\WINDOWS\180ax.exe
    C:\Program Files\zango
    C:\WINDOWS\system32\MSNSA32.dll
    C:\WINDOWS\saiemod.dll
    C:\WINDOWS\msapasrc.dll
    C:\WINDOWS\FLEOK
    C:\WINDOWS\system32\SIPSPI32.dll
    C:\WINDOWS\system32\shdocpe.dll
    C:\WINDOWS\msa64chk.dll
    C:\WINDOWS\winsb.dll
    C:\WINDOWS\system32\ntnut32.exe
    C:\WINDOWS\shdocpl.dll
    C:\WINDOWS\shdocpe.dll
    C:\WINDOWS\ntnut.exe
    C:\Program Files\Sysmnt
    C:\WINDOWS\browserad.dll
    C:\WINDOWS\aviwrap32.dll
    C:\WINDOWS\avisynthex32.dll
    C:\WINDOWS\avifile32.dll
    C:\WINDOWS\autodisc32.dll
    C:\WINDOWS\audiosrv32.dll
    C:\WINDOWS\ati2dvag32.dll
    C:\WINDOWS\ati2dvaa32.dll
    C:\WINDOWS\athprxy32.dll
    C:\WINDOWS\asycfilt32.dll
    C:\WINDOWS\asferror32.dll
    C:\WINDOWS\changeurl_30.dll
    C:\WINDOWS\apphelp32.dll
    C:\Program Files\QdrModule
    C:\Program Files\QdrDrive
    C:\Program Files\ISM
    C:\Program Files\Bat
    C:\WINDOWS\system32\winfrun32.bin
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableRegistryTools

  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
========================
After that Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
carter_glasgow

carter_glasgow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you Kahdah for your fast reply.. :)

It is very much appreciated.
I did what you said.
I have for you 3 log files in this order:

OTMoveIt
ComboFix
HiJackThis

*********** :) OTMoveIt **************************

C:\WINDOWS\180ax.exe moved successfully.
< C:\Program Files\zango >
C:\Program Files\zango moved successfully.
< C:\WINDOWS\system32\MSNSA32.dll >
LoadLibrary failed for C:\WINDOWS\system32\MSNSA32.dll
C:\WINDOWS\system32\MSNSA32.dll NOT unregistered.
C:\WINDOWS\system32\MSNSA32.dll moved successfully.
< C:\WINDOWS\saiemod.dll >
LoadLibrary failed for C:\WINDOWS\saiemod.dll
C:\WINDOWS\saiemod.dll NOT unregistered.
C:\WINDOWS\saiemod.dll moved successfully.
< C:\WINDOWS\msapasrc.dll >
LoadLibrary failed for C:\WINDOWS\msapasrc.dll
C:\WINDOWS\msapasrc.dll NOT unregistered.
C:\WINDOWS\msapasrc.dll moved successfully.
< C:\WINDOWS\FLEOK >
C:\WINDOWS\FLEOK moved successfully.
< C:\WINDOWS\system32\SIPSPI32.dll >
LoadLibrary failed for C:\WINDOWS\system32\SIPSPI32.dll
C:\WINDOWS\system32\SIPSPI32.dll NOT unregistered.
C:\WINDOWS\system32\SIPSPI32.dll moved successfully.
< C:\WINDOWS\system32\shdocpe.dll >
LoadLibrary failed for C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\system32\shdocpe.dll NOT unregistered.
C:\WINDOWS\system32\shdocpe.dll moved successfully.
< C:\WINDOWS\msa64chk.dll >
LoadLibrary failed for C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msa64chk.dll NOT unregistered.
C:\WINDOWS\msa64chk.dll moved successfully.
< C:\WINDOWS\winsb.dll >
LoadLibrary failed for C:\WINDOWS\winsb.dll
C:\WINDOWS\winsb.dll NOT unregistered.
C:\WINDOWS\winsb.dll moved successfully.
< C:\WINDOWS\system32\ntnut32.exe >
C:\WINDOWS\system32\ntnut32.exe moved successfully.
< C:\WINDOWS\shdocpl.dll >
LoadLibrary failed for C:\WINDOWS\shdocpl.dll
C:\WINDOWS\shdocpl.dll NOT unregistered.
C:\WINDOWS\shdocpl.dll moved successfully.
< C:\WINDOWS\shdocpe.dll >
LoadLibrary failed for C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpe.dll NOT unregistered.
C:\WINDOWS\shdocpe.dll moved successfully.
< C:\WINDOWS\ntnut.exe >
C:\WINDOWS\ntnut.exe moved successfully.
< C:\Program Files\Sysmnt >
C:\Program Files\Sysmnt moved successfully.
< C:\WINDOWS\browserad.dll >
LoadLibrary failed for C:\WINDOWS\browserad.dll
C:\WINDOWS\browserad.dll NOT unregistered.
C:\WINDOWS\browserad.dll moved successfully.
< C:\WINDOWS\aviwrap32.dll >
LoadLibrary failed for C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\aviwrap32.dll NOT unregistered.
C:\WINDOWS\aviwrap32.dll moved successfully.
< C:\WINDOWS\avisynthex32.dll >
LoadLibrary failed for C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\avisynthex32.dll NOT unregistered.
C:\WINDOWS\avisynthex32.dll moved successfully.
< C:\WINDOWS\avifile32.dll >
LoadLibrary failed for C:\WINDOWS\avifile32.dll
C:\WINDOWS\avifile32.dll NOT unregistered.
C:\WINDOWS\avifile32.dll moved successfully.
< C:\WINDOWS\autodisc32.dll >
LoadLibrary failed for C:\WINDOWS\autodisc32.dll
C:\WINDOWS\autodisc32.dll NOT unregistered.
C:\WINDOWS\autodisc32.dll moved successfully.
< C:\WINDOWS\audiosrv32.dll >
LoadLibrary failed for C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\audiosrv32.dll NOT unregistered.
C:\WINDOWS\audiosrv32.dll moved successfully.
< C:\WINDOWS\ati2dvag32.dll >
LoadLibrary failed for C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\ati2dvag32.dll NOT unregistered.
C:\WINDOWS\ati2dvag32.dll moved successfully.
< C:\WINDOWS\ati2dvaa32.dll >
LoadLibrary failed for C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvaa32.dll NOT unregistered.
C:\WINDOWS\ati2dvaa32.dll moved successfully.
< C:\WINDOWS\athprxy32.dll >
LoadLibrary failed for C:\WINDOWS\athprxy32.dll
C:\WINDOWS\athprxy32.dll NOT unregistered.
C:\WINDOWS\athprxy32.dll moved successfully.
< C:\WINDOWS\asycfilt32.dll >
LoadLibrary failed for C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\asycfilt32.dll NOT unregistered.
C:\WINDOWS\asycfilt32.dll moved successfully.
< C:\WINDOWS\asferror32.dll >
LoadLibrary failed for C:\WINDOWS\asferror32.dll
C:\WINDOWS\asferror32.dll NOT unregistered.
C:\WINDOWS\asferror32.dll moved successfully.
< C:\WINDOWS\changeurl_30.dll >
LoadLibrary failed for C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\changeurl_30.dll NOT unregistered.
C:\WINDOWS\changeurl_30.dll moved successfully.
< C:\WINDOWS\apphelp32.dll >
LoadLibrary failed for C:\WINDOWS\apphelp32.dll
C:\WINDOWS\apphelp32.dll NOT unregistered.
C:\WINDOWS\apphelp32.dll moved successfully.
< C:\Program Files\QdrModule >
C:\Program Files\QdrModule moved successfully.
< C:\Program Files\QdrDrive >
C:\Program Files\QdrDrive moved successfully.
< C:\Program Files\ISM >
C:\Program Files\ISM moved successfully.
< C:\Program Files\Bat >
C:\Program Files\Bat moved successfully.
< C:\WINDOWS\system32\winfrun32.bin >
C:\WINDOWS\system32\winfrun32.bin moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableRegistryTools >
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableRegistryTools deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 04022008_020140


************ :) ComboFix ******************

ComboFix 08-04-01.2 - matt 2008-04-02 2:14:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1552 [GMT -4:00]
Running from: C:\Documents and Settings\matt\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Joe\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Joe\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Joe\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\matt\Application Data\macromedia\Flash Player\#SharedObjects\BHNWYHGY\www.broadcaster.com
C:\Documents and Settings\matt\Application Data\macromedia\Flash Player\#SharedObjects\BHNWYHGY\www.broadcaster.com\played_list.sol
C:\Documents and Settings\matt\Application Data\macromedia\Flash Player\#SharedObjects\BHNWYHGY\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\matt\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\matt\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\default.htm

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.

2008-04-02 02:01 . 2008-04-02 02:01 <DIR> d-------- C:\_OTMoveIt
2008-04-01 02:55 . 2008-04-01 02:55 <DIR> d-------- C:\Documents and Settings\matt\Application Data\Grisoft
2008-04-01 02:55 . 2008-04-01 02:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 02:55 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-03-31 06:04 . 2008-03-31 06:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-31 05:51 . 2008-03-31 05:51 <DIR> d-------- C:\Deckard
2008-03-29 19:13 . 2008-03-29 19:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-29 19:13 . 2008-03-29 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-19 04:05 . 2008-03-24 04:32 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-19 03:57 . 2008-03-19 03:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-03-19 02:47 . 2008-03-19 02:47 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-03-19 02:45 . 2008-03-19 02:45 <DIR> d-------- C:\Documents and Settings\matt\Application Data\Ahead
2008-03-19 02:42 . 2008-03-19 02:42 <DIR> d-------- C:\Program Files\Nero
2008-03-19 02:42 . 2008-03-31 04:58 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-16 02:30 . 2008-03-16 02:30 118 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-03-16 00:10 . 2007-07-09 09:09 584,192 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2008-03-16 00:01 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll.mui
2008-03-16 00:01 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl.mui
2008-03-16 00:01 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll.mui
2008-03-16 00:01 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll.mui
2008-03-15 22:45 . 2008-03-15 22:45 30,208 --a------ C:\WINDOWS\123messenger.per
2008-03-14 01:08 . 2008-03-19 03:29 <DIR> d-------- C:\Program Files\VstPlugins
2008-03-14 01:08 . 2002-07-07 18:14 1,294,336 --a------ C:\WINDOWS\SYSTEM32\vorbis.acm
2008-03-14 01:08 . 2005-04-12 11:21 225,280 --a------ C:\WINDOWS\SYSTEM32\rewire.dll
2008-03-14 01:07 . 2008-03-19 02:57 <DIR> d-------- C:\Program Files\Image-Line
2008-03-08 05:41 . 2008-03-08 05:41 <DIR> d-------- C:\TRADE
2008-03-08 05:30 . 2008-03-08 05:30 <DIR> d-------- C:\Program Files\DVD Shrink
2008-03-08 05:30 . 2008-03-08 05:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-07 14:03 . 2008-03-07 14:03 625,032 --a------ C:\WINDOWS\SYSTEM32\SymNeti.dll
2008-03-07 14:03 . 2008-03-07 14:03 242,056 --a------ C:\WINDOWS\SYSTEM32\SymRedir.dll
2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.cat
2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.inf
2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys
2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys
2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys
2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndisv.sys
2008-03-07 13:39 . 2008-03-07 13:39 35,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys
2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys
2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 05:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-26 09:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-11 05:56 --------- d-----w C:\Documents and Settings\matt\Application Data\Camfrog
2008-03-11 05:42 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-07 01:32 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-05 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-08-14 18:23 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 14:16 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 12:43 57344]
"P17Helper"="P17.dll" [2004-06-10 13:51 60928 C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00 90112]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 20:19 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 03:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 03:05 122939]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-30 13:31 98304]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 04:32 270336]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2005-05-29 10:52 385024]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 03:11 771704]
"eyeballchat"="C:\Program Files\BPK\eyeballchat.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [2005-05-06 00:40:22 65536]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [2005-05-06 21:25:14 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\WaveStudio\\CtWave32.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"C:\\WINDOWS\\SYSTEM32\\RUNDLL32.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2007-09-17 15:31]
S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-09-17 15:25]

*Newly Created Service* - AVGASCLN
*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 02:12:26 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - matt.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 02:17:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-02 2:18:13
ComboFix-quarantined-files.txt 2008-04-02 06:18:05
Pre-Run: 56,442,449,920 bytes free
Post-Run: 56,428,568,576 bytes free
.
2008-03-16 06:34:19 --- E O F ---


************** :) HiJackThis **********************


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:41 AM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [eyeballchat] C:\Program Files\BPK\eyeballchat.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: SnapDetect.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\matt\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_d0d1d7ad58c4c2.jpg
O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_ac01c7819c753409b9349ca179.jpg
O24 - Desktop Component 10: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/1082562815_l.jpg
O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/lexxxicon_120x120.gif
O24 - Desktop Component 3: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/1112yid.gif
O24 - Desktop Component 4: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/1112yhid.gif
O24 - Desktop Component 5: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/ASY1.gif
O24 - Desktop Component 6: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/gggggrtg23r.gif
O24 - Desktop Component 7: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_2d35ec38d49.gif
O24 - Desktop Component 8: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/catgirl1transparentm.JPG
O24 - Desktop Component 9: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/stickers_1ec90b1da93376e3.gif

--
End of file - 11244 bytes

When i ran OTMove it some files did not move it said it was an invalid file or something
and told me to check my windows diskette.. :)

Thanks very much for your help, :)
Matt
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok. You are welcome :)

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\matt\~.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\swin32.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\mssvr.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\bjam.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\2020search.dll
C:\Program Files\stc
C:\Program Files\seekmo
C:\WINDOWS\updatetc.exe
C:\WINDOWS\system32\WER8274.DLL
C:\WINDOWS\system32\MSIXU.DLL
C:\WINDOWS\salm.exe
C:\WINDOWS\123messenger.per
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#5
carter_glasgow

carter_glasgow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi I hope you are having a nice day/night..
Thank you for the help :)
I must say I ran the ComboFix exe by accident before I added the code you sent.
So I will post that log first then the 2 logs you asked for...I hope that did not mess anything up. :)


********** Accident Combo Fix Log *************************


ComboFix 08-04-01.2 - matt 2008-04-03 1:00:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1531 [GMT -4:00]
Running from: C:\Documents and Settings\matt\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.

2008-04-02 02:01 . 2008-04-02 02:01 <DIR> d-------- C:\_OTMoveIt
2008-04-01 02:55 . 2008-04-01 02:55 <DIR> d-------- C:\Documents and Settings\matt\Application Data\Grisoft
2008-04-01 02:55 . 2008-04-01 02:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 02:55 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-03-31 06:04 . 2008-03-31 06:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-31 05:51 . 2008-03-31 05:51 <DIR> d-------- C:\Deckard
2008-03-29 19:13 . 2008-03-29 19:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-29 19:13 . 2008-03-29 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-19 04:05 . 2008-03-24 04:32 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-19 03:57 . 2008-03-19 03:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-03-19 02:47 . 2008-03-19 02:47 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-03-19 02:45 . 2008-03-19 02:45 <DIR> d-------- C:\Documents and Settings\matt\Application Data\Ahead
2008-03-19 02:42 . 2008-03-19 02:42 <DIR> d-------- C:\Program Files\Nero
2008-03-19 02:42 . 2008-03-31 04:58 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-16 02:30 . 2008-03-16 02:30 118 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-03-16 00:10 . 2007-07-09 09:09 584,192 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2008-03-16 00:01 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll.mui
2008-03-16 00:01 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl.mui
2008-03-16 00:01 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll.mui
2008-03-16 00:01 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll.mui
2008-03-15 22:45 . 2008-03-15 22:45 30,208 --a------ C:\WINDOWS\123messenger.per
2008-03-14 01:08 . 2008-03-19 03:29 <DIR> d-------- C:\Program Files\VstPlugins
2008-03-14 01:08 . 2002-07-07 18:14 1,294,336 --a------ C:\WINDOWS\SYSTEM32\vorbis.acm
2008-03-14 01:08 . 2005-04-12 11:21 225,280 --a------ C:\WINDOWS\SYSTEM32\rewire.dll
2008-03-14 01:07 . 2008-03-19 02:57 <DIR> d-------- C:\Program Files\Image-Line
2008-03-08 05:41 . 2008-03-08 05:41 <DIR> d-------- C:\TRADE
2008-03-08 05:30 . 2008-04-02 03:07 <DIR> d-------- C:\Program Files\DVD Shrink
2008-03-08 05:30 . 2008-03-08 05:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-07 14:03 . 2008-03-07 14:03 625,032 --a------ C:\WINDOWS\SYSTEM32\SymNeti.dll
2008-03-07 14:03 . 2008-03-07 14:03 242,056 --a------ C:\WINDOWS\SYSTEM32\SymRedir.dll
2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.cat
2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.inf
2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys
2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys
2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys
2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndisv.sys
2008-03-07 13:39 . 2008-03-07 13:39 35,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys
2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys
2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 05:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-26 09:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-11 05:56 --------- d-----w C:\Documents and Settings\matt\Application Data\Camfrog
2008-03-11 05:42 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-07 01:32 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-05 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-08-14 18:23 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 14:16 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 12:43 57344]
"P17Helper"="P17.dll" [2004-06-10 13:51 60928 C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00 90112]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 20:19 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 03:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 03:05 122939]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-30 13:31 98304]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 04:32 270336]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2005-05-29 10:52 385024]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 03:11 771704]
"eyeballchat"="C:\Program Files\BPK\eyeballchat.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [2005-05-06 00:40:22 65536]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [2005-05-06 21:25:14 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\WaveStudio\\CtWave32.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"C:\\WINDOWS\\SYSTEM32\\RUNDLL32.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2007-09-17 15:31]
S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-09-17 15:25]

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 02:12:26 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - matt.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 01:07:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-03 1:08:01
ComboFix-quarantined-files.txt 2008-04-03 05:07:59
ComboFix2.txt 2008-04-02 06:18:14
Pre-Run: 56,443,387,904 bytes free
Post-Run: 56,429,215,744 bytes free
.
2008-03-16 06:34:19 --- E O F ---



************************ :) ComboFixLog after adding the code ********************



ComboFix 08-04-01.2 - matt 2008-04-03 1:00:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1531 [GMT -4:00]
Running from: C:\Documents and Settings\matt\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.

2008-04-02 02:01 . 2008-04-02 02:01 <DIR> d-------- C:\_OTMoveIt
2008-04-01 02:55 . 2008-04-01 02:55 <DIR> d-------- C:\Documents and Settings\matt\Application Data\Grisoft
2008-04-01 02:55 . 2008-04-01 02:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 02:55 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-03-31 06:04 . 2008-03-31 06:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-31 05:51 . 2008-03-31 05:51 <DIR> d-------- C:\Deckard
2008-03-29 19:13 . 2008-03-29 19:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-29 19:13 . 2008-03-29 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-19 04:05 . 2008-03-24 04:32 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-19 03:57 . 2008-03-19 03:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-03-19 02:47 . 2008-03-19 02:47 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-03-19 02:45 . 2008-03-19 02:45 <DIR> d-------- C:\Documents and Settings\matt\Application Data\Ahead
2008-03-19 02:42 . 2008-03-19 02:42 <DIR> d-------- C:\Program Files\Nero
2008-03-19 02:42 . 2008-03-31 04:58 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-16 02:30 . 2008-03-16 02:30 118 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-03-16 00:10 . 2007-07-09 09:09 584,192 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2008-03-16 00:01 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll.mui
2008-03-16 00:01 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl.mui
2008-03-16 00:01 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll.mui
2008-03-16 00:01 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll.mui
2008-03-15 22:45 . 2008-03-15 22:45 30,208 --a------ C:\WINDOWS\123messenger.per
2008-03-14 01:08 . 2008-03-19 03:29 <DIR> d-------- C:\Program Files\VstPlugins
2008-03-14 01:08 . 2002-07-07 18:14 1,294,336 --a------ C:\WINDOWS\SYSTEM32\vorbis.acm
2008-03-14 01:08 . 2005-04-12 11:21 225,280 --a------ C:\WINDOWS\SYSTEM32\rewire.dll
2008-03-14 01:07 . 2008-03-19 02:57 <DIR> d-------- C:\Program Files\Image-Line
2008-03-08 05:41 . 2008-03-08 05:41 <DIR> d-------- C:\TRADE
2008-03-08 05:30 . 2008-04-02 03:07 <DIR> d-------- C:\Program Files\DVD Shrink
2008-03-08 05:30 . 2008-03-08 05:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-07 14:03 . 2008-03-07 14:03 625,032 --a------ C:\WINDOWS\SYSTEM32\SymNeti.dll
2008-03-07 14:03 . 2008-03-07 14:03 242,056 --a------ C:\WINDOWS\SYSTEM32\SymRedir.dll
2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.cat
2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.inf
2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys
2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys
2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys
2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndisv.sys
2008-03-07 13:39 . 2008-03-07 13:39 35,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys
2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys
2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 05:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-26 09:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-11 05:56 --------- d-----w C:\Documents and Settings\matt\Application Data\Camfrog
2008-03-11 05:42 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-07 01:32 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-05 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-08-14 18:23 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 14:16 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 12:43 57344]
"P17Helper"="P17.dll" [2004-06-10 13:51 60928 C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00 90112]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 20:19 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 03:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 03:05 122939]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-30 13:31 98304]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 04:32 270336]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2005-05-29 10:52 385024]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 03:11 771704]
"eyeballchat"="C:\Program Files\BPK\eyeballchat.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [2005-05-06 00:40:22 65536]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [2005-05-06 21:25:14 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\WaveStudio\\CtWave32.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"C:\\WINDOWS\\SYSTEM32\\RUNDLL32.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2007-09-17 15:31]
S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-09-17 15:25]

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 02:12:26 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - matt.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 01:07:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-03 1:08:01
ComboFix-quarantined-files.txt 2008-04-03 05:07:59
ComboFix2.txt 2008-04-02 06:18:14
Pre-Run: 56,443,387,904 bytes free
Post-Run: 56,429,215,744 bytes free
.
2008-03-16 06:34:19 --- E O F ---



************************* :) HiJackThis **************************


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:12 AM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [eyeballchat] C:\Program Files\BPK\eyeballchat.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: SnapDetect.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\matt\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_d0d1d7ad58c4c2.jpg
O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_ac01c7819c753409b9349ca179.jpg
O24 - Desktop Component 10: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/1082562815_l.jpg
O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/lexxxicon_120x120.gif
O24 - Desktop Component 3: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/1112yid.gif
O24 - Desktop Component 4: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/1112yhid.gif
O24 - Desktop Component 5: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/ASY1.gif
O24 - Desktop Component 6: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/gggggrtg23r.gif
O24 - Desktop Component 7: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_2d35ec38d49.gif
O24 - Desktop Component 8: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/catgirl1transparentm.JPG
O24 - Desktop Component 9: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/stickers_1ec90b1da93376e3.gif

--
End of file - 10837 bytes


:) Thanks agian GeeksToGo is great and so are YOU !! :)

,Matt

Edited by carter_glasgow, 02 April 2008 - 11:42 PM.

  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Nope it did it's job.

We now suggest that you install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
  • 0

#7
carter_glasgow

carter_glasgow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
*********** CF-RC Log ********

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons



:) haha looks like a small log I hope everything looks ok..

Have a good day/night,
Matt

*IM NOT REBOOTING TILL YA SAY HAHA*
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\123messenger.per
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#9
carter_glasgow

carter_glasgow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
******************Combofix log******************

ComboFix 08-04-01.2 - matt 2008-04-05 0:04:59.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1475 [GMT -4:00]
Running from: C:\Documents and Settings\matt\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\matt\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\123messenger.per
.

((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.

2008-04-02 02:01 . 2008-04-02 02:01 <DIR> d-------- C:\_OTMoveIt
2008-04-01 02:55 . 2008-04-01 02:55 <DIR> d-------- C:\Documents and Settings\matt\Application Data\Grisoft
2008-04-01 02:55 . 2008-04-01 02:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 02:55 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-03-31 06:04 . 2008-03-31 06:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-31 05:51 . 2008-03-31 05:51 <DIR> d-------- C:\Deckard
2008-03-29 19:13 . 2008-03-29 19:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-29 19:13 . 2008-03-29 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-19 04:05 . 2008-03-24 04:32 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-19 03:57 . 2008-03-19 03:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-03-19 02:47 . 2008-03-19 02:47 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-03-19 02:45 . 2008-03-19 02:45 <DIR> d-------- C:\Documents and Settings\matt\Application Data\Ahead
2008-03-19 02:42 . 2008-03-19 02:42 <DIR> d-------- C:\Program Files\Nero
2008-03-19 02:42 . 2008-03-31 04:58 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-16 02:30 . 2008-03-16 02:30 118 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-03-16 00:10 . 2007-07-09 09:09 584,192 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2008-03-16 00:01 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll.mui
2008-03-16 00:01 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl.mui
2008-03-16 00:01 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll.mui
2008-03-16 00:01 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll.mui
2008-03-14 01:08 . 2008-03-19 03:29 <DIR> d-------- C:\Program Files\VstPlugins
2008-03-14 01:08 . 2002-07-07 18:14 1,294,336 --a------ C:\WINDOWS\SYSTEM32\vorbis.acm
2008-03-14 01:08 . 2005-04-12 11:21 225,280 --a------ C:\WINDOWS\SYSTEM32\rewire.dll
2008-03-14 01:07 . 2008-03-19 02:57 <DIR> d-------- C:\Program Files\Image-Line
2008-03-08 05:41 . 2008-03-08 05:41 <DIR> d-------- C:\TRADE
2008-03-08 05:30 . 2008-04-02 03:07 <DIR> d-------- C:\Program Files\DVD Shrink
2008-03-08 05:30 . 2008-03-08 05:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-07 14:03 . 2008-03-07 14:03 625,032 --a------ C:\WINDOWS\SYSTEM32\SymNeti.dll
2008-03-07 14:03 . 2008-03-07 14:03 242,056 --a------ C:\WINDOWS\SYSTEM32\SymRedir.dll
2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.cat
2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SymRedir.inf
2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys
2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys
2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys
2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndisv.sys
2008-03-07 13:39 . 2008-03-07 13:39 35,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys
2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys
2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 05:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-26 09:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-11 05:56 --------- d-----w C:\Documents and Settings\matt\Application Data\Camfrog
2008-03-11 05:42 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-07 01:32 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-05 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-08-14 18:23 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 14:16 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 12:43 57344]
"P17Helper"="P17.dll" [2004-06-10 13:51 60928 C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00 90112]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 20:19 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 03:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 03:05 122939]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-30 13:31 98304]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 04:32 270336]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2005-05-29 10:52 385024]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 03:11 771704]
"eyeballchat"="C:\Program Files\BPK\eyeballchat.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [2005-05-06 00:40:22 65536]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [2005-05-06 21:25:14 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\WaveStudio\\CtWave32.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"C:\\WINDOWS\\SYSTEM32\\RUNDLL32.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2007-09-17 15:31]
S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys [2007-09-17 15:25]

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 02:12:26 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - matt.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 00:06:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-05 0:07:12
ComboFix-quarantined-files.txt 2008-04-05 04:07:10
ComboFix2.txt 2008-04-03 05:19:37
ComboFix3.txt 2008-04-03 05:08:01
ComboFix4.txt 2008-04-02 06:18:14
Pre-Run: 56,615,075,840 bytes free
Post-Run: 56,600,616,960 bytes free
.
2008-03-16 06:34:19 --- E O F ---

*****************HiJackThis Log :) *****************************


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:00 AM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [eyeballchat] C:\Program Files\BPK\eyeballchat.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-3769392559-1288698412-555500991-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3769392559-1288698412-555500991-1007\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-21-3769392559-1288698412-555500991-1007\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: SnapDetect.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\matt\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_d0d1d7ad58c4c2.jpg
O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_ac01c7819c753409b9349ca179.jpg
O24 - Desktop Component 10: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/1082562815_l.jpg
O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/lexxxicon_120x120.gif
O24 - Desktop Component 3: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/1112yid.gif
O24 - Desktop Component 4: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/1112yhid.gif
O24 - Desktop Component 5: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/ASY1.gif
O24 - Desktop Component 6: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/locked/gggggrtg23r.gif
O24 - Desktop Component 7: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/stickers_2d35ec38d49.gif
O24 - Desktop Component 8: (no name) - file:///C:/Documents%20and%20Settings/matt/My%20Documents/My%20Pictures/catgirl1transparentm.JPG
O24 - Desktop Component 9: (no name) - file:///C:/Documents%20and%20Settings/matt/Desktop/stickers_1ec90b1da93376e3.gif

--
End of file - 10901 bytes

So what do ya think?? :)

,Matt
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway



Now click on Fix Checked and then close Hijackthis.
=====================After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
==============

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image

Doing this command uninstalls Combofix and does the following:

  • Deletes ComboFix and its associated files and folders.
  • Deletes VundoFix backups, if present
  • Deletes the C:\Deckard folder, if present
  • Deletes the C:_OtMoveIt folder, if present
  • Resets the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete\uninstall anything that we used that is left over. (Except for Hijackthis)
======================================
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
===============================================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#11
carter_glasgow

carter_glasgow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Kahdah,

Well I did everything but the online Kaspersky WebScanner so far.

My internet connection seems to be getting slower and slower.
Its like dial up or worse now.

When I do a online speed test on my other computer it gets 750kbps
This computer got about 750 a month ago and 100kbps a few days ago and now the online speed test does not give me a reading haha..

Why do ya think it is running so slow? I unplugged my ethernet cable a few times and plugged it back in and turned my modem off and back on.
The other computer is hooked to the same modem thrugh USB and I have the computer off and still this computer is very slow online...It didnt used to be as I said I used to watch Net Flix online just a month ago.

Everything elese seems to be running fine.

Should I start another topic about this slow internet connection?

I will run the Kaspersky WebScanner as soon as possable and post ya the log .

Thanks agian,
Matt
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I am not sure about the online speed.
I would start another thread in the Xp forum after you are clean.
It could be a faulty network card?
But that is just a guess.

Do that scan when you can and we will finish up :)
  • 0

#13
carter_glasgow

carter_glasgow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Kahdah well i did the scan in standerd I will do it agian the other way..
But here are the results.

Monday, April 07, 2008 3:39:22 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/04/2008
Kaspersky Anti-Virus database records: 617192


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics
Total number of scanned objects 69147
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:40:46

Infected Object Name Virus Name Last Action

*************** All these said "Object is locked - skipped" ********************


C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-07_Log.ALUSchedulerSvc.LiveUpdate

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\00D54A97.TMP

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log

C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat

C:\Documents and Settings\LocalService\NTUSER.DAT

C:\Documents and Settings\LocalService\ntuser.dat.LOG

C:\Documents and Settings\matt\Cookies\index.dat

C:\Documents and Settings\matt\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb

C:\Documents and Settings\matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

C:\Documents and Settings\matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

C:\Documents and Settings\matt\Local Settings\History\History.IE5\INDEX.DAT

C:\Documents and Settings\matt\Local Settings\History\History.IE5\MSHist012008040720080408\index.dat

C:\Documents and Settings\matt\Local Settings\Temporary Internet Files\Content.IE5\index.dat

C:\Documents and Settings\matt\ntuser.dat

C:\Documents and Settings\matt\ntuser.dat.LOG

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

C:\Documents and Settings\NetworkService\NTUSER.DAT

C:\Documents and Settings\NetworkService\ntuser.dat.LOG

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log

C:\Program Files\Common Files\Symantec Shared\SNDCON.log

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log

C:\Program Files\Common Files\Symantec Shared\SNDFW.log

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log

C:\Program Files\Verizon Online\log\mpbtn.log Object is locked skipped

C:\Program Files\Verizon Online\SmartBridge\AlertFilter.log

C:\Program Files\Verizon Online\SmartBridge\log\httpclient.log

C:\Program Files\Verizon Online\SmartBridge\SmartBridge.log

C:\System Volume Information\MountPointManagerRemoteDatabase

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\change.log

C:\WINDOWS\Debug\PASSWD.LOG

C:\WINDOWS\SchedLgU.Txt

C:\WINDOWS\SoftwareDistribution\EventCache\{D377009D-AAC2-4C76-B5C2-1885B84E0518}.bin

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log

C:\WINDOWS\Sti_Trace.log

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG

C:\WINDOWS\SYSTEM32\H323LOG.TXT

C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP

C:\WINDOWS\WIADEBUG.LOG

C:\WINDOWS\WIASERVC.LOG

C:\WINDOWS\WindowsUpdate.log

Scan process completed.
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Castle Cops To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP