Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Red Screen spyware privacy protection [RESOLVED]

Started by zoloft , May 09 2008 10:43 PM

This topic is locked

#1
zoloft

Posted 09 May 2008 - 10:43 PM

Member

Member
55 posts

hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:55 AM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: (no name) - {C3A9074B-1E3C-45D6-9195-604CE2F1D5B8} - C:\WINDOWS\system32\awtttrqq.dll
O2 - BHO: (no name) - {ECFD882F-5978-4BB0-A0E4-5F37B3589738} - C:\WINDOWS\system32\tuvSiiJC.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154835520453
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.res.../CAT/CNICAT.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtttrqq - C:\WINDOWS\SYSTEM32\awtttrqq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 12509 bytes

Malwarebytes' Anti-Malware 1.12
Database version: 736

Scan type: Full Scan (C:\|)
Objects scanned: 112001
Time elapsed: 58 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 18
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 56

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\tuvSiiJC.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\awtttrqq.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94a391ca-1116-4749-9b28-c7b4f782a631} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{94a391ca-1116-4749-9b28-c7b4f782a631} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecfd882f-5978-4bb0-a0e4-5f37b3589738} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ecfd882f-5978-4bb0-a0e4-5f37b3589738} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\diagnosticscan (Rogue.AdwareAway) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\diagnosticscan (Rogue.AdwareAway) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\diagnosticscan (Rogue.AdwareAway) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3a9074b-1e3c-45d6-9195-604ce2f1d5b8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3a9074b-1e3c-45d6-9195-604ce2f1d5b8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtttrqq (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adware away v3.1.4.7_is1 (Rogue.AdwareAway) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\Source (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c3a9074b-1e3c-45d6-9195-604ce2f1d5b8} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mpfanvqg (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Adware Away (Rogue.AdwareAway) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away (Rogue.AdwareAway) -> No action taken.

Files Infected:
C:\WINDOWS\system32\jwqasepl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lpesaqwj.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tebsckle.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\elkcsbet.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tuvSiiJC.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\CJiiSvut.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\CJiiSvut.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUlMeed.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\deeMlUtv.ini (Trojan.Vundo) -> No action taken.
C:\Program Files\Adware Away\activex.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\AdAway.dll (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\AdAway.exe (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\AdwareAway.chm (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\autorun.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\DiagnosticScan.SYS (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\EnumAutoRun.exe (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\EnumDlls.exe (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\EProcess.exe (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\explorerbar.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\fa.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\FixDesktopBackground.exe (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\folderdll.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\global.dll (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\iebhotoolbar.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\iepage.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\ietoolbarbutton.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\ieurlprefix.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\ieurlsearchhook.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\lsp.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\nameserver.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\notifydll.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\overall.log (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\process.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\protocolfilter.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\ScanAtStartup.exe (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\screenshot.exe (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\securitysite.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\service.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\shellextension.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\shellextensionhook.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\SPAP.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\svchostdll.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\sysrestriction.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\unins000.dat (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\unins000.exe (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\uninstall.tmp (Rogue.AdwareAway) -> No action taken.
C:\Program Files\Adware Away\Update2.exe (Rogue.AdwareAway) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Adware Away.lnk (Rogue.AdwareAway) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Uninstall.lnk (Rogue.AdwareAway) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Update.lnk (Rogue.AdwareAway) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\User Manual.lnk (Rogue.AdwareAway) -> No action taken.
C:\WINDOWS\system32\NowStarter.ocx (Adware.CWS) -> No action taken.
C:\WINDOWS\system32\awtttrqq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\vbksrofa.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\oadkxrts.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> No action taken.

SUPERAntiSpyware Scan Log
Generated 05/09/2008 at 06:40 PM

Application Version : 3.6.1000

Core Rules Database Version : 3456
Trace Rules Database Version: 1448

Scan type : Complete Scan
Total Scan Time : 00:39:56

Memory items scanned : 635
Memory threats detected : 0
Registry items scanned : 6364
Registry threats detected : 0
File items scanned : 2982
File threats detected : 13

Adware.Tracking Cookie
C:\Documents and Settings\Shem Han\Cookies\[email protected][1].txt
C:\Documents and Settings\Shem Han\Cookies\[email protected][1].txt
C:\Documents and Settings\Shem Han\Cookies\shem_han@atwola[1].txt
C:\Documents and Settings\Shem Han\Cookies\shem_han@questionmarket[1].txt
C:\Documents and Settings\Shem Han\Cookies\shem_han@revsci[1].txt
C:\Documents and Settings\Shem Han\Cookies\[email protected][1].txt

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger

help would be greatly appreciated thanks~

#2
miekiemoes

Posted 10 May 2008 - 07:50 AM

Malware Expert

Member
5,503 posts

Hi,

I notice from the log that there are running more than one different Anti-Virus programs with Auto-protect enabled. Norton and AVG
Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.
Then reboot after uninstalling.

Also, I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

#3
zoloft

Posted 10 May 2008 - 12:28 PM

Member

Topic Starter
Member
55 posts

Hi, thanks for the quick reply! I got rid of AVG, but I couldn't find my Norton anti-virus. I believe I have Symantec anti-virus because it is required by my college. I also got rid of the viewpoint programs.

ComboFix 08-05-09.1 - Shem Han 2008-05-10 13:58:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.297 [GMT -4:00]
Running from: C:\Documents and Settings\Shem Han\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shem Han\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Shem Han\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\CJiiSvut.ini
C:\WINDOWS\system32\CJiiSvut.ini2
C:\WINDOWS\system32\CMMGR32.EXE

.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-10 13:29 . 2008-05-10 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-09 21:47 . 2008-05-09 23:18 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-09 21:42 . 2008-05-09 21:47 <DIR> d-------- C:\Documents and Settings\Shem Han\Application Data\AVGTOOLBAR
2008-05-09 21:32 . 2008-05-09 21:32 1,504,923 ---hs---- C:\WINDOWS\system32\uqovbagb.ini
2008-05-09 21:07 . 2008-05-09 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-09 20:23 . 2008-05-09 23:29 321,152 --------- C:\WINDOWS\system32\tuvSiiJC.dll
2008-05-09 18:30 . 2004-08-04 03:56 4,639 --a--c--- C:\WINDOWS\system32\dllcache\mplayer2.exe
2008-05-09 17:57 . 2008-05-09 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-09 17:56 . 2008-05-10 00:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-09 17:56 . 2008-05-09 17:56 <DIR> d-------- C:\Documents and Settings\Shem Han\Application Data\SUPERAntiSpyware.com
2008-05-09 17:49 . 2008-05-09 17:52 <DIR> d-------- C:\Program Files\Panda Security
2008-05-09 15:56 . 2008-05-09 20:13 90,752 --------- C:\WINDOWS\system32\essbqdns.dll
2008-05-09 13:18 . 2008-05-09 13:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-09 13:18 . 2008-05-09 13:18 <DIR> d-------- C:\Documents and Settings\Shem Han\Application Data\Malwarebytes
2008-05-09 13:18 . 2008-05-09 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-09 13:18 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-09 13:18 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-09 13:10 . 2008-05-09 13:10 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-09 13:03 . 2008-05-09 13:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-09 05:45 . 2008-05-09 13:34 90,752 --------- C:\WINDOWS\system32\qaregmdq.dll
2008-05-09 05:36 . 2008-05-09 23:29 30,336 --------- C:\WINDOWS\system32\awtttrqq.dll
2008-05-09 05:19 . 2008-05-09 05:19 <DIR> d-------- C:\WINDOWS\system32\FlashListsFight Screen saver.exe
2008-05-09 05:18 . 2008-05-09 05:18 <DIR> d-------- C:\WINDOWS\system32\FlashListsFIGHTS~1.SCR
2008-05-09 05:18 . 2008-05-09 05:18 <DIR> d-------- C:\WINDOWS\system32\FlashListsfight.Exe
2008-05-09 05:18 . 2004-12-17 21:10 1,887,099 --a------ C:\WINDOWS\system32\Fight Screen saver.exe
2008-05-09 05:13 . 2008-05-09 05:21 <DIR> d-------- C:\Program Files\StickMen Screen Saver
2008-05-09 05:09 . 2008-05-09 05:09 <DIR> d-------- C:\WINDOWS\dog4 dir
2008-05-09 05:08 . 2008-05-09 05:09 <DIR> d-------- C:\WINDOWS\dog3 dir
2008-05-09 05:08 . 2008-05-09 05:08 <DIR> d-------- C:\WINDOWS\dog1 dir
2008-05-09 05:08 . 2008-05-09 05:09 12,288 --a------ C:\WINDOWS\impborl.dll
2008-04-22 18:46 . 2008-04-22 18:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-10 14:16 . 2008-04-10 14:20 70,656 --a------ C:\WINDOWS\ScUnin.exe
2008-04-10 14:16 . 2008-04-10 14:20 34,807 --a------ C:\WINDOWS\scunin.dat
2008-04-10 14:16 . 2008-04-10 14:20 967 --a------ C:\WINDOWS\ScUnin.pif
2008-04-10 14:15 . 2008-04-13 04:33 <DIR> d-------- C:\Program Files\Starcraft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 18:04 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-10 17:24 --------- d--h--w C:\Documents and Settings\Shem Han\Application Data\ijjigame
2008-05-10 17:22 --------- d-----w C:\Program Files\Viewpoint
2008-05-10 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-10 06:14 --------- d-----w C:\Program Files\Warcraft III
2008-05-10 04:25 --------- d-----w C:\Program Files\DC++
2008-05-10 01:07 --------- d-----w C:\Program Files\Lavasoft
2008-05-10 01:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-09 09:40 --------- d-----w C:\Program Files\lx_cats
2008-05-07 22:17 --------- d-----w C:\Program Files\Steam
2008-05-07 04:17 --------- d-----w C:\Program Files\Winamp
2008-04-07 02:23 --------- d-----w C:\Program Files\softnyx
2008-03-19 02:28 --------- d-----w C:\Program Files\VSTplugins
2007-11-29 04:02 22,328 ----a-w C:\Documents and Settings\Shem Han\Application Data\PnkBstrK.sys
2007-11-29 03:58 103,736 ----a-w C:\Documents and Settings\Shem Han\Application Data\PnkBstrB.exe
2007-04-04 20:49 560 -c--a-w C:\Program Files\Global.sw
2006-10-30 03:51 1,952 ----a-w C:\Documents and Settings\Shem Han\Application Data\wklnhst.dat
2000-08-08 21:44 340 -c--a-w C:\Program Files\setup.bat
2000-08-08 21:43 4,395,575 -c--a-w C:\Program Files\myth.pak
2000-08-08 21:39 45,056 -c--a-w C:\Program Files\SETUPREG.EXE
2000-08-08 21:38 123 -c--a-w C:\Program Files\player.nfx
2000-08-08 21:18 34 -c--a-w C:\Program Files\fonts.bat
2000-08-08 21:17 0 -c--a-w C:\Program Files\STPENUX.DLL
2000-08-08 21:17 0 -c--a-w C:\Program Files\EBUSetup.sem
2000-08-07 07:11 20,992 -c--a-w C:\Program Files\mythxpak.exe
2000-06-28 07:00 44,452 -c----w C:\Program Files\Readmex.rtf
2000-06-21 16:52 32,768 -c--a-w C:\Program Files\replwavs.exe
2000-06-13 07:09 339,968 -c----w C:\Program Files\language_x1.dll
2000-06-13 06:59 53,299 -c----w C:\Program Files\ebueulax.dll
2000-05-27 07:58 39,647 -c----w C:\Program Files\EULAx.RTF
2000-04-01 04:47 301,568 -c--a-w C:\Program Files\myth.acm
1999-11-17 19:00 32,768 -c--a-w C:\Program Files\SETUPENU.DLL
1999-09-22 10:52 224 -c--a-w C:\Program Files\player.nfo
1999-09-22 09:32 57,363 -c----w C:\Program Files\Readme.rtf
1999-09-22 09:32 53,304 -c----w C:\Program Files\EBUEula.dll
1999-09-22 09:32 499,712 -c----w C:\Program Files\language.dll
1999-09-22 09:32 40,507 -c----w C:\Program Files\EULA.RTF
1999-09-22 09:32 365,568 -c----w C:\Program Files\HA312W32.DLL
1999-09-22 09:32 158,902 -c----w C:\Program Files\scenariobkg.bmp
1999-09-22 09:32 112,688 -c----w C:\Program Files\SHW32.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}]
2008-05-09 23:29 30336 --------- C:\WINDOWS\system32\awtttrqq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECFD882F-5978-4BB0-A0E4-5F37B3589738}]
2008-05-09 23:29 321152 --------- C:\WINDOWS\system32\tuvSiiJC.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 15:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 11:20 50528]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 19:45 313472]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 07:04 59392]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 20:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 05:23 15961088 C:\WINDOWS\RTHDCPL.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-11-09 15:44 557056 C:\WINDOWS\sm56hlpr.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-06 20:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-06 20:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-06 20:40 118784]
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2005-10-26 23:50 512000]
"CHotkey"="mHotkey.exe" [2001-12-26 17:12 472576 C:\WINDOWS\mHotkey.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 15:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 14:41 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 14:47 569413]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 16:01 28160 C:\WINDOWS\KHALMNPR.Exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 08:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 08:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"imekrmig"="C:\IME\IMKR\imekrmig.exe" [2001-01-09 15:01 44544]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 20:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-27 04:40 124656]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 14:38 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 07:00 132496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-13 05:38:32 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-08-04 18:47:49 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
"{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}"= C:\WINDOWS\system32\awtttrqq.dll [2008-05-09 23:29 30336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttrqq]
awtttrqq.dll 2008-05-09 23:29 30336 C:\WINDOWS\system32\awtttrqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 18:35 67112 C:\Program Files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 10:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
--a------ 2004-04-11 01:51 144896 C:\Program Files\AIM95\\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2006-02-07 01:10 98304 C:\Program Files\Lexmark 2400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2006-02-02 04:11 290816 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-02-13 05:38 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
--a------ 2006-01-22 13:45 286720 C:\Program Files\Lexmark 2400 Series\lxcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 14:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 19:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 23:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-29 13:07 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 16:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 14:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-04-25 11:44 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:blizzard downloader
"3724:TCP"= 3724:TCP:blizzard downloader
"2967:TCP"= 2967:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:Symantec RTVScan - TCP
"2967:UDP"= 2967:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:Symantec RTVScan - UDP
"38293:UDP"= 38293:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:IntelPDS - UDP
"38293:TCP"= 38293:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:IntelPDS - TCP
"139:TCP"= 139:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22002
"6881:TCP"= 6881:TCP:azureus
"6889:TCP"= 6889:TCP:azureus
"49153:TCP"= 49153:TCP:azur
"49153:UDP"= 49153:UDP:azur1
"15126:TCP"= 15126:TCP:BitComet 15126 TCP
"15126:UDP"= 15126:UDP:BitComet 15126 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2006-09-29 12:05]
S3 ESISTEMA53;ESISTEMA53;C:\Program Files\RuanEngine\sistema32.sys []
S3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2005-11-28 07:33]
S3 L6TPortA;Service - Line 6 TonePort UX1;C:\WINDOWS\system32\Drivers\L6TPortA.sys [2006-09-29 12:01]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{077fbf49-7833-11dc-99f3-00130244c4bb}]
\Shell\AutoRun\command - J:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bd74896-f75b-11da-b7e3-0090f54bb10f}]
\Shell\AutoRun\command - E:\pstart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b2502a-e046-11dc-9a21-0090f54f4a35}]
\Shell\AutoRun\command - I:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 18:05:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 14:10:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\Shem Han\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_868C_13B8_8C13_A1AB\$db_clean$ 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-05-10 14:20:43 - machine was rebooted [Shem Han]
ComboFix-quarantined-files.txt 2008-05-10 18:20:39

Pre-Run: 6,961,758,208 bytes free
Post-Run: 7,495,045,120 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

314 --- E O F --- 2008-04-10 07:05:05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:40 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: (no name) - {C3A9074B-1E3C-45D6-9195-604CE2F1D5B8} - C:\WINDOWS\system32\awtttrqq.dll
O2 - BHO: (no name) - {ECFD882F-5978-4BB0-A0E4-5F37B3589738} - C:\WINDOWS\system32\tuvSiiJC.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154835520453
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.res.../CAT/CNICAT.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtttrqq - C:\WINDOWS\SYSTEM32\awtttrqq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 11345 bytes

#4
miekiemoes

Posted 10 May 2008 - 12:36 PM

Malware Expert

Member
5,503 posts

Hi,

Hi, thanks for the quick reply! I got rid of AVG, but I couldn't find my Norton anti-virus. I believe I have Symantec anti-virus because it is required by my college.

To be honest, I rather recommend AVG than Norton, this since AVG is for free and isn't such resource hog as Norton.

That's why.. * To fully remove Norton AntiVirus or other Symantec related products, select the product you want to uninstall from this list in order to download the removal tool.
Please read the instructions first before you use it.

For older versions of Norton (2000, 2001, 2002), choose this link.

Also read the next article in case you're having problems with uninstalling Norton if above instructions didn't work, or noticed problems after uninstalling Norton: http://basconotw.mvps.org/SymRem.htm

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\awtttrqq.dll
C:\WINDOWS\system32\tuvSiiJC.dll
C:\WINDOWS\system32\uqovbagb.ini
C:\WINDOWS\system32\essbqdns.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECFD882F-5978-4BB0-A0E4-5F37B3589738}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttrqq]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#5
zoloft

Posted 10 May 2008 - 02:19 PM

Member

Topic Starter
Member
55 posts

Hi again, sorry but If I remove my symantec Anti-Virus, my Internet here will not work :T So what should I do? is it possible that I don't have to remove it? or is it too much of a hassle, If it is, I guess I can remove it.

#6
miekiemoes

Posted 11 May 2008 - 12:26 AM

Malware Expert

Member
5,503 posts

Hi,

Please proceed with the instructions first to remove malware.

It doesn't make sense that your Internet won't work anymore after uninstalling Norton. It's not supposed to be like that.
Ofcourse you may keep Norton - as long as it's up to date!

#7
zoloft

Posted 11 May 2008 - 12:02 PM

Member

Topic Starter
Member
55 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:21 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154835520453
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.res.../CAT/CNICAT.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 10891 bytes

ComboFix 08-05-09.1 - Shem Han 2008-05-11 13:34:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.400 [GMT -4:00]
Running from: C:\Documents and Settings\Shem Han\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shem Han\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\awtttrqq.dll
C:\WINDOWS\system32\essbqdns.dll
C:\WINDOWS\system32\tuvSiiJC.dll
C:\WINDOWS\system32\uqovbagb.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtttrqq.dll
C:\WINDOWS\system32\essbqdns.dll
C:\WINDOWS\system32\tuvSiiJC.dll
C:\WINDOWS\system32\uqovbagb.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-10 13:29 . 2008-05-10 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-09 21:47 . 2008-05-09 23:18 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-09 21:42 . 2008-05-09 21:47 <DIR> d-------- C:\Documents and Settings\Shem Han\Application Data\AVGTOOLBAR
2008-05-09 21:07 . 2008-05-09 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-09 18:30 . 2004-08-04 03:56 4,639 --a--c--- C:\WINDOWS\system32\dllcache\mplayer2.exe
2008-05-09 17:57 . 2008-05-09 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-09 17:56 . 2008-05-10 00:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-09 17:56 . 2008-05-09 17:56 <DIR> d-------- C:\Documents and Settings\Shem Han\Application Data\SUPERAntiSpyware.com
2008-05-09 17:49 . 2008-05-09 17:52 <DIR> d-------- C:\Program Files\Panda Security
2008-05-09 13:18 . 2008-05-09 13:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-09 13:18 . 2008-05-09 13:18 <DIR> d-------- C:\Documents and Settings\Shem Han\Application Data\Malwarebytes
2008-05-09 13:18 . 2008-05-09 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-09 13:18 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-09 13:18 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-09 13:10 . 2008-05-09 13:10 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-09 13:03 . 2008-05-09 13:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-09 05:45 . 2008-05-09 13:34 90,752 --------- C:\WINDOWS\system32\qaregmdq.dll
2008-05-09 05:19 . 2008-05-09 05:19 <DIR> d-------- C:\WINDOWS\system32\FlashListsFight Screen saver.exe
2008-05-09 05:18 . 2008-05-09 05:18 <DIR> d-------- C:\WINDOWS\system32\FlashListsFIGHTS~1.SCR
2008-05-09 05:18 . 2008-05-09 05:18 <DIR> d-------- C:\WINDOWS\system32\FlashListsfight.Exe
2008-05-09 05:18 . 2004-12-17 21:10 1,887,099 --a------ C:\WINDOWS\system32\Fight Screen saver.exe
2008-05-09 05:13 . 2008-05-09 05:21 <DIR> d-------- C:\Program Files\StickMen Screen Saver
2008-05-09 05:09 . 2008-05-09 05:09 <DIR> d-------- C:\WINDOWS\dog4 dir
2008-05-09 05:08 . 2008-05-09 05:09 <DIR> d-------- C:\WINDOWS\dog3 dir
2008-05-09 05:08 . 2008-05-09 05:08 <DIR> d-------- C:\WINDOWS\dog1 dir
2008-05-09 05:08 . 2008-05-09 05:09 12,288 --a------ C:\WINDOWS\impborl.dll
2008-04-22 18:46 . 2008-04-22 18:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 21:16 --------- d-----w C:\Program Files\Warcraft III
2008-05-10 18:04 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-10 17:24 --------- d--h--w C:\Documents and Settings\Shem Han\Application Data\ijjigame
2008-05-10 17:22 --------- d-----w C:\Program Files\Viewpoint
2008-05-10 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-10 04:25 --------- d-----w C:\Program Files\DC++
2008-05-10 01:07 --------- d-----w C:\Program Files\Lavasoft
2008-05-10 01:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-09 09:40 --------- d-----w C:\Program Files\lx_cats
2008-05-07 22:17 --------- d-----w C:\Program Files\Steam
2008-05-07 04:17 --------- d-----w C:\Program Files\Winamp
2008-04-13 08:33 --------- d-----w C:\Program Files\Starcraft
2008-04-10 18:20 70,656 ----a-w C:\WINDOWS\ScUnin.exe
2008-04-07 02:23 --------- d-----w C:\Program Files\softnyx
2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 02:28 --------- d-----w C:\Program Files\VSTplugins
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-11-29 04:02 22,328 ----a-w C:\Documents and Settings\Shem Han\Application Data\PnkBstrK.sys
2007-11-29 03:58 103,736 ----a-w C:\Documents and Settings\Shem Han\Application Data\PnkBstrB.exe
2007-04-04 20:49 560 -c--a-w C:\Program Files\Global.sw
2006-10-30 03:51 1,952 ----a-w C:\Documents and Settings\Shem Han\Application Data\wklnhst.dat
2000-08-08 21:44 340 -c--a-w C:\Program Files\setup.bat
2000-08-08 21:43 4,395,575 -c--a-w C:\Program Files\myth.pak
2000-08-08 21:39 45,056 -c--a-w C:\Program Files\SETUPREG.EXE
2000-08-08 21:38 123 -c--a-w C:\Program Files\player.nfx
2000-08-08 21:18 34 -c--a-w C:\Program Files\fonts.bat
2000-08-08 21:17 0 -c--a-w C:\Program Files\STPENUX.DLL
2000-08-08 21:17 0 -c--a-w C:\Program Files\EBUSetup.sem
2000-08-07 07:11 20,992 -c--a-w C:\Program Files\mythxpak.exe
2000-06-28 07:00 44,452 -c----w C:\Program Files\Readmex.rtf
2000-06-21 16:52 32,768 -c--a-w C:\Program Files\replwavs.exe
2000-06-13 07:09 339,968 -c----w C:\Program Files\language_x1.dll
2000-06-13 06:59 53,299 -c----w C:\Program Files\ebueulax.dll
2000-05-27 07:58 39,647 -c----w C:\Program Files\EULAx.RTF
2000-04-01 04:47 301,568 -c--a-w C:\Program Files\myth.acm
1999-11-17 19:00 32,768 -c--a-w C:\Program Files\SETUPENU.DLL
1999-09-22 10:52 224 -c--a-w C:\Program Files\player.nfo
1999-09-22 09:32 57,363 -c----w C:\Program Files\Readme.rtf
1999-09-22 09:32 53,304 -c----w C:\Program Files\EBUEula.dll
1999-09-22 09:32 499,712 -c----w C:\Program Files\language.dll
1999-09-22 09:32 40,507 -c----w C:\Program Files\EULA.RTF
1999-09-22 09:32 365,568 -c----w C:\Program Files\HA312W32.DLL
1999-09-22 09:32 158,902 -c----w C:\Program Files\scenariobkg.bmp
1999-09-22 09:32 112,688 -c----w C:\Program Files\SHW32.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 15:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 11:20 50528]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 19:45 313472]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 14:11 3497984]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 07:04 59392]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 20:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 05:23 15961088 C:\WINDOWS\RTHDCPL.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-11-09 15:44 557056 C:\WINDOWS\sm56hlpr.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-06 20:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-06 20:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-06 20:40 118784]
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2005-10-26 23:50 512000]
"CHotkey"="mHotkey.exe" [2001-12-26 17:12 472576 C:\WINDOWS\mHotkey.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 15:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 14:41 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 14:47 569413]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 16:01 28160 C:\WINDOWS\KHALMNPR.Exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 08:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 08:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"imekrmig"="C:\IME\IMKR\imekrmig.exe" [2001-01-09 15:01 44544]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 20:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-27 04:40 124656]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 14:38 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 07:00 132496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-13 05:38:32 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-08-04 18:47:49 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 18:35 67112 C:\Program Files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 10:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
--a------ 2004-04-11 01:51 144896 C:\Program Files\AIM95\\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2006-02-07 01:10 98304 C:\Program Files\Lexmark 2400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2006-02-02 04:11 290816 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-02-13 05:38 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
--a------ 2006-01-22 13:45 286720 C:\Program Files\Lexmark 2400 Series\lxcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 14:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 19:57 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 23:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-29 13:07 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 16:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 14:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-04-25 11:44 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:blizzard downloader
"3724:TCP"= 3724:TCP:blizzard downloader
"2967:TCP"= 2967:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:Symantec RTVScan - TCP
"2967:UDP"= 2967:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:Symantec RTVScan - UDP
"38293:UDP"= 38293:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:IntelPDS - UDP
"38293:TCP"= 38293:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:IntelPDS - TCP
"139:TCP"= 139:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22002
"6881:TCP"= 6881:TCP:azureus
"6889:TCP"= 6889:TCP:azureus
"49153:TCP"= 49153:TCP:azur
"49153:UDP"= 49153:UDP:azur1
"15126:TCP"= 15126:TCP:BitComet 15126 TCP
"15126:UDP"= 15126:UDP:BitComet 15126 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2006-09-29 12:05]
S3 ESISTEMA53;ESISTEMA53;C:\Program Files\RuanEngine\sistema32.sys []
S3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2005-11-28 07:33]
S3 L6TPortA;Service - Line 6 TonePort UX1;C:\WINDOWS\system32\Drivers\L6TPortA.sys [2006-09-29 12:01]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bd74896-f75b-11da-b7e3-0090f54bb10f}]
\Shell\AutoRun\command - E:\pstart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b2502a-e046-11dc-9a21-0090f54f4a35}]
\Shell\AutoRun\command - I:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 18:05:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 13:38:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-11 13:40:24
ComboFix-quarantined-files.txt 2008-05-11 17:40:11
ComboFix2.txt 2008-05-10 18:20:44

Pre-Run: 6,538,514,432 bytes free
Post-Run: 6,524,207,104 bytes free

268 --- E O F --- 2008-04-10 07:05:05

#8
miekiemoes

Posted 11 May 2008 - 01:56 PM

Malware Expert

Member
5,503 posts

Hi,

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Select "Privacy protection" you find in there and press the delete button on the right.
Hit ok below > apply in previous window.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6".
Click the "Download" button to the right.
For Platform, select "Windows"
For language, select your language
Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
Click Continue
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Examples of older versions in Add or Remove Programs:
- Java 2 Runtime Environment, SE v1.4.2
- J2SE Runtime Environment 5.0
- J2SE Runtime Environment 5.0 Update 6
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

#9
zoloft

Posted 12 May 2008 - 01:45 AM

Member

Topic Starter
Member
55 posts

wow so far, its been running smooth =D thanks a lot! how can i prevent that from happenning again? or what if it does?

#10
miekiemoes

Posted 12 May 2008 - 01:48 AM

Malware Expert

Member
5,503 posts

Glad I could help.

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

#11
miekiemoes

Posted 16 May 2008 - 06:48 AM

Malware Expert

Member
5,503 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.