Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet/malware problem [RESOLVED]


  • This topic is locked This topic is locked

#1
Haji

Haji

    Member

  • Member
  • PipPip
  • 10 posts
I've been having a problem with my internet that I think is malware related. The prolem is that some sites will load fine while others will take an extremely long time and timeout or won't load at all. Weird thing is I can access almost all of these sites fine by using a proxy site. Here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:17 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {4947bce7-a4b3-0428-8c24-3ef049f280e1} - {1e082f94-0fe3-42c8-8240-3b4a7ecb7494} - C:\WINDOWS\system32\rbyvrlix.dll
O2 - BHO: (no name) - {349DB5C9-FBB0-4D84-AD5B-25AE40D17EE8} - C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\PV7BMU7E\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {65EF2FF4-CFC6-4681-93C9-B0F7C93D4117} - C:\WINDOWS\system32\yaywwUND.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C5E84927-CFF0-4CA3-A068-02E7C01C1E7C} - C:\WINDOWS\system32\geBsrSLF.dll
O2 - BHO: (no name) - {DC549FE2-5615-457D-8244-A3A1ADF7B23F} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [6565676F716C7171] 3F3F0000000000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [a0d3afb1] rundll32.exe "C:\WINDOWS\system32\yqqwhdpl.dll",b
O4 - HKLM\..\Run: [BMa3e09c2d] Rundll32.exe "C:\WINDOWS\system32\pipbewuv.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EventLog] C:\WINDOWS\system32\event.exe
O4 - HKCU\..\Run: [Vcsron] C:\Program Files\Vcsron\Vcsron.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZR
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: geBsrSLF - C:\WINDOWS\SYSTEM32\geBsrSLF.dll
O20 - Winlogon Notify: mfc850 - mfc850.dll (file missing)
O20 - Winlogon Notify: mljhfdd - mljhfdd.dll (file missing)
O20 - Winlogon Notify: spoolsvc - spoolsvc.dll (file missing)
O21 - SSODL: ZJvdzCxv - {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 13829 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.





Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
Haji

Haji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
thank you for the reply.

ok I finished running combofix and here's the log:


ComboFix 08-06-20.4 - Ed 2008-06-26 17:20:21.5 - NTFSx86
Running from: C:\Documents and Settings\Ed\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMa3e09c2d.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\DNUwwyay.ini
C:\WINDOWS\system32\DNUwwyay.ini2
C:\WINDOWS\system32\lpdhwqqy.ini
C:\WINDOWS\system32\yaywwUND.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-26 18:04 . 2008-06-26 18:04 22 --a------ C:\WINDOWS\pskt.ini
2008-06-26 18:04 . 2008-06-26 18:09 0 --a------ C:\WINDOWS\BMa3e09c2d.xml
2008-06-25 19:09 . 2008-06-25 19:09 106,496 --a------ C:\WINDOWS\system32\rbyvrlix.dll
2008-06-25 19:06 . 2008-06-25 19:06 81,920 --a------ C:\WINDOWS\system32\yqqwhdpl.dll
2008-06-25 19:05 . 2008-06-25 19:05 91,136 --a------ C:\WINDOWS\system32\pipbewuv.dll
2008-06-25 18:48 . 2008-06-25 18:48 294 --ahs---- C:\WINDOWS\system32\dwbmseuf.ini
2008-06-25 04:08 . 2008-06-25 04:08 99,840 --a------ C:\WINDOWS\system32\sfnhyxjw.dll
2008-06-25 04:06 . 2008-06-25 04:06 91,136 --a------ C:\WINDOWS\system32\urjuruvh.dll
2008-06-24 21:19 . 2008-06-24 21:19 25,088 --a------ C:\WINDOWS\system32\ddcBSJYo.dll
2008-06-24 21:19 . 2008-06-24 21:19 25,088 --a------ C:\WINDOWS\system32\awtrSkKD.dll
2008-06-24 21:18 . 2008-06-24 21:18 25,088 --a------ C:\WINDOWS\system32\efcCttsP.dll
2008-06-24 21:16 . 2008-06-24 21:16 81,920 --a------ C:\WINDOWS\system32\aecfquig.dll
2008-06-24 21:15 . 2008-06-24 21:15 99,840 --a------ C:\WINDOWS\system32\mqtoaoux.dll
2008-06-24 21:14 . 2008-06-24 21:14 91,136 --a------ C:\WINDOWS\system32\wwdmsbld.dll
2008-06-24 21:11 . 2008-06-24 21:11 25,088 --a------ C:\WINDOWS\system32\ddcAtqnO.dll
2008-06-24 21:10 . 2008-06-24 21:10 25,088 --a------ C:\WINDOWS\system32\wvUoNFYO.dll
2008-06-24 21:10 . 2008-06-24 21:10 25,088 --a------ C:\WINDOWS\system32\wvUOIaxy.dll
2008-06-24 21:10 . 2008-06-24 21:10 25,088 --a------ C:\WINDOWS\system32\wvUmnnKb.dll
2008-06-24 21:08 . 2008-06-24 21:08 25,088 --a------ C:\WINDOWS\system32\yayxvUMf.dll
2008-06-24 21:07 . 2008-06-24 21:07 25,088 --a------ C:\WINDOWS\system32\geBsrSLF.dll
2008-06-23 21:36 . 2008-06-23 21:36 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\eMule
2008-06-21 05:37 . 2008-06-21 05:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-21 05:37 . 2008-06-21 05:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-16 14:41 . 2008-06-16 14:41 <DIR> d-------- C:\Program Files\PowerISO
2008-06-15 20:35 . 2008-06-15 20:43 <DIR> d-------- C:\Program Files\Flv Audio Extractor
2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 17:38 . 2008-03-21 13:57 14,640 --a------ C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-06-08 07:57 . 2008-06-08 07:57 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Move Networks
2008-06-01 18:18 . 2008-06-01 21:33 117 --a------ C:\WINDOWS\CIV.INI
2008-06-01 13:09 . 2008-06-01 13:09 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\InstallShield
2008-06-01 13:06 . 2008-06-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-06-01 13:04 . 2008-06-01 13:05 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-01 08:08 . 2008-06-01 08:08 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Ulead Systems
2008-05-31 14:06 . 2008-05-31 14:06 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-05-31 14:04 . 2008-05-31 14:04 <DIR> d-------- C:\Program Files\Windows Media Components

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 21:55 96,256 -c--a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
2008-06-26 20:24 --------- d-----w C:\Program Files\StepMania CVS
2008-06-24 19:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-24 01:36 --------- d-----w C:\Program Files\eMule
2008-06-23 00:59 --------- d-----w C:\Documents and Settings\Ed\Application Data\Skype
2008-06-22 21:36 --------- d-----w C:\Documents and Settings\Ed\Application Data\skypePM
2008-06-18 21:37 --------- d-----w C:\Program Files\LimeWire
2008-06-17 05:32 11,836 -c--a-w C:\Documents and Settings\Ed\Application Data\wklnhst.dat
2008-06-16 19:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-10 23:39 --------- d-----w C:\Program Files\Zune
2008-06-08 01:26 --------- d-----w C:\Program Files\mIRC
2008-06-01 17:04 --------- d-----w C:\Program Files\Ulead Systems
2008-06-01 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-01 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 16:23 --------- d-----w C:\Documents and Settings\Ed\Application Data\Ulead Systems
2008-05-30 08:27 --------- d-----w C:\Program Files\DivX
2008-05-29 17:10 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-05-29 08:56 --------- d-----w C:\Program Files\Last.fm
2008-05-20 03:02 --------- d-----w C:\Documents and Settings\Ed\Application Data\vlc
2008-05-18 02:46 --------- d-----w C:\Program Files\AllToAVI
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:51 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 23:16 --------- d-----w C:\Program Files\Java
2008-05-12 21:52 --------- d-----w C:\Program Files\iTunes
2008-05-12 03:26 --------- d-----w C:\Program Files\Trend Micro
2008-05-12 03:12 --------- d-----w C:\Program Files\Lavasoft
2008-05-12 03:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-12 03:09 --------- d-----w C:\Program Files\Vcsron
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-04 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-05-04 20:30 --------- d-----w C:\Program Files\jv16 PowerTools 2008
2008-05-03 13:55 --------- d-----w C:\Documents and Settings\George.COMPUTER\Application Data\LimeWire
2008-05-02 20:20 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-05-02 20:20 --------- d-----w C:\Documents and Settings\Ed\Application Data\Metacafe
2008-05-02 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe
2008-05-01 20:33 --------- d-----w C:\Program Files\Autodesk
2008-04-29 23:56 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2008-04-29 23:56 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-04-29 23:39 70,144 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-29 23:39 62,464 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-29 23:39 40,704 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2008-04-29 23:39 35,328 ----a-w C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-29 23:39 145,408 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-17 23:11 1,112,288 ----a-w C:\WINDOWS\system32\WdfCoInstaller01007.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2007-11-16 22:19 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-07-16 21:32 81,920 ----a-w C:\Documents and Settings\Ed\Application Data\ezpinst.exe
2007-07-16 21:32 47,360 ----a-w C:\Documents and Settings\Ed\Application Data\pcouffin.sys
2007-07-16 21:06 87,608 ----a-w C:\Documents and Settings\Ed\Application Data\inst.exe
2007-05-21 06:53 534 -c--a-w C:\Documents and Settings\Andy.COMPUTER\Application Data\wklnhst.dat
2007-04-27 02:00 604 -c-ha-w C:\Program Files\STLL Notifier
2007-03-28 23:06 696 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-01-17 19:48 439,296 -c--a-w C:\Documents and Settings\Compaq_Owner\GoToAssist_phone__317_en.exe
2006-03-14 01:54 840 -c--a-w C:\Documents and Settings\Emma.GEORGEMMA.000\Application Data\wklnhst.dat
2006-03-01 00:56 4,506 -c--a-w C:\Documents and Settings\Ed.GEORGEMMA\Application Data\wklnhst.dat
2006-02-14 23:35 508 -c--a-w C:\Documents and Settings\Andy.GEORGEMMA\Application Data\wklnhst.dat
2005-12-05 22:54 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-07-29 21:24 472 -csha-r C:\WINDOWS\R2VvcmdlIE1lbG9odXNreQ\lZpSwAx5KHY5v36CxrhOyk.vbs
2006-08-10 00:30 56 --sha-r C:\WINDOWS\system32\957DCF128A.sys
2006-08-10 00:30 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-08-26 19:57 130,905 -csha-w C:\WINDOWS\system32\srsc.dat
.
<pre>
----a-w			67,112 2008-03-24 18:30:15  C:\Program Files\AIM\aim .exe
-c--a-w			50,528 2008-03-24 18:30:17  C:\Program Files\AIM6\aim6 .exe
-c--a-w			75,392 2008-02-15 20:51:03  C:\Program Files\Alwil Software\Avast4\ashDisp .exe
-c--a-w		   970,752 2008-03-18 21:14:53  C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater .exe
-c--a-w		   157,592 2008-02-15 20:51:02  C:\Program Files\DAEMON Tools\daemon .exe
-c--a-w			68,856 2008-02-14 23:15:23  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
-c--a-w		 1,694,208 2008-03-18 21:14:53  C:\Program Files\Messenger\msmsgs .exe
-c--a-w		   282,624 2008-02-05 20:48:35  C:\Program Files\QuickTime\qttask					.exe
----a-w		   648,704 2008-02-05 20:47:26  C:\Program Files\QuickTime\qttask				   .exe
-c--a-w		   648,704 2008-02-05 01:20:20  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   648,704 2008-02-04 21:41:32  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   648,704 2008-02-03 21:06:33  C:\Program Files\QuickTime\qttask				.exe
-c--a-w		   648,704 2008-02-03 14:38:35  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   648,704 2008-02-02 18:52:52  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   648,704 2008-02-02 11:31:00  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   282,624 2008-02-14 00:36:17  C:\Program Files\QuickTime\qttask			.exe
----a-w		   648,704 2008-02-14 00:35:24  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   648,704 2008-02-13 20:48:23  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   648,704 2008-02-13 03:42:49  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   648,704 2008-02-12 20:05:13  C:\Program Files\QuickTime\qttask		.exe
----a-w		   648,704 2008-02-11 20:19:26  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   648,704 2008-02-10 18:55:52  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   648,704 2008-02-09 17:46:16  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   648,704 2008-02-08 21:03:58  C:\Program Files\QuickTime\qttask	.exe
----a-w		   648,704 2008-02-14 23:13:16  C:\Program Files\QuickTime\qttask  .exe
----a-w		   648,704 2008-02-14 22:38:09  C:\Program Files\QuickTime\qttask .exe
----a-w		21,760,296 2008-03-21 04:49:35  C:\Program Files\Skype\Phone\Skype .exe
-c--a-w			58,368 2008-02-15 20:21:41  C:\Program Files\Sound Volume Hotkeys\SoundVolumeHotkeys .exe
----a-w		 3,481,600 2008-03-06 18:48:27  C:\Program Files\Veoh Networks\Veoh\VeohClient .exe
-c--a-w		   166,304 2008-02-11 20:21:05  C:\Program Files\Zune\ZuneLauncher .exe
-c--a-w		   102,400 2008-02-15 20:51:01  C:\WINDOWS\tsnp2std .exe
-c--a-w		   339,968 2008-02-15 20:22:07  C:\WINDOWS\vsnp2std .exe
-c--a-w		   208,952 2008-03-24 23:19:41  C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
-c--a-w			44,032 2008-03-24 23:19:40  C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE
----a-w			15,360 2008-03-24 23:19:57  C:\WINDOWS\system32\ctfmon .exe
----a-w		   174,592 2008-03-22 14:05:58  C:\WINDOWS\system32\lexpps .exe
-c--a-w			98,304 2008-02-15 20:22:05  C:\WINDOWS\system32\ps2 .exe
-c--a-w			59,392 2008-03-24 23:19:46  C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
-c--a-w		   455,168 2008-03-24 23:19:48  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
</pre>


------- Sigcheck -------

2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 08:00 14848 340a992968d7fecb91161a0636f15beb C:\WINDOWS\system32\lsass.exe
2004-08-04 08:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 57,344 2005-06-07 03:46:24 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

-c--a-w 67,160 2005-08-05 19:08:26 C:\Program Files\AIM\bak\aim.exe

-c--a-w 180,269 2005-04-20 12:18:13 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 58,992 2005-03-23 20:34:32 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

-c--a-w 133,016 2005-12-10 14:57:19 C:\Program Files\DAEMON Tools\bak\daemon.exe

-c--a-w 164,792 2006-10-10 20:20:52 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\bak\GoogleToolbarNotifier.exe

-c--a-w 229,952 2006-09-25 18:54:24 C:\Program Files\iTunes\bak\iTunesHelper.exe

-c--a-w 155,648 2006-03-26 17:05:59 C:\Program Files\QuickTime\bak\qttask.exe

-c--a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 12:00:00 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{349DB5C9-FBB0-4D84-AD5B-25AE40D17EE8}]
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\PV7BMU7E\3077ahntdksr[1].dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ca3f9a3-9488-4f34-8276-a783f6a41295}]
2008-06-26 18:27 106496 --a------ C:\WINDOWS\system32\urnkihru.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CDC07BE-A091-4455-B4CF-AA75F9854F3F}]
2008-06-26 18:06 319488 --a------ C:\WINDOWS\system32\qoMGAqpn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}]
2008-06-24 21:07 25088 --a------ C:\WINDOWS\system32\geBsrSLF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC549FE2-5615-457D-8244-A3A1ADF7B23F}]
C:\WINDOWS\system32\ssqrs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JARFile]
@={45A9B2C0-0D04-4AE6-B2F6-544B5C5E1EF3}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"Aim6"="" []
"EventLog"="C:\WINDOWS\system32\event.exe" [ ]
"Vcsron"="C:\Program Files\Vcsron\Vcsron.exe" [2008-05-07 14:20 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [ ]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [ ]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 08:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 08:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 08:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"6565676F716C7171"="3F3F0000000000.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" [ ]
"BMa3e09c2d"="C:\WINDOWS\system32\mjfrvewd.dll" [2008-06-26 18:22 91648]
"a0d3afb1"="C:\WINDOWS\system32\vxbyyclb.dll" [2008-06-26 18:24 80896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-17 14:57 145920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-03-24 23:21 218496]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-28 17:49:41 106496]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]

C:\Documents and Settings\Ed.GEORGEMMA\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Emma.GEORGEMMA.000\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\George\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\George.COMPUTER\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]

C:\Documents and Settings\Andy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Andy.COMPUTER\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Andy.GEORGEMMA.000\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Ed\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"= C:\WINDOWS\system32\cbXNDssR.dll [ ]
"{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}"= C:\WINDOWS\system32\geBsrSLF.dll [2008-06-24 21:07 25088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ZJvdzCxv"= {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-06-14 21:29 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsrSLF]
geBsrSLF.dll 2008-06-24 21:07 25088 C:\WINDOWS\system32\geBsrSLF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mfc850]
mfc850.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhfdd]
mljhfdd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spoolsvc]
spoolsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\qoMGAqpn

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Ed\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk]
C:\WINDOWS\system32\bpk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a--c--- 2005-02-26 01:34 245760 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a--c--- 2004-10-14 16:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
--a--c--- 2005-01-04 19:54 49152 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvc]
C:\WINDOWS\system32\spoolsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Google\\Google Earth\\GoogleEarth.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Destiny\\RadioDestiny Broadcaster\\RadioDestiny Broadcaster.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype .exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:Outlook Express
"9172:TCP"= 9172:TCP:BitComet 9172 TCP
"9172:UDP"= 9172:UDP:BitComet 9172 UDP
"22405:TCP"= 22405:TCP:BitComet 22405 TCP
"22405:UDP"= 22405:UDP:BitComet 22405 UDP
"49000:TCP"= 49000:TCP:BitComet 49000 TCP
"49000:UDP"= 49000:UDP:BitComet 49000 UDP
"19524:TCP"= 19524:TCP:BitComet 19524 TCP
"19524:UDP"= 19524:UDP:BitComet 19524 UDP

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-09-21 14:31]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
C:\Documents and Settings\Ed\Application Data\Microsoft\cfgmgr.vbs
.
Contents of the 'Scheduled Tasks' folder
"2008-06-21 09:37:38 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 18:00:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\lpdhwqqy.ini 294 bytes
C:\WINDOWS\system32\qoMGAqpn.dll 319488 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\geBsrSLF.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\vxbyyclb.dll
-> C:\WINDOWS\system32\mjfrvewd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-26 18:57:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 22:57:33
ComboFix2.txt 2008-06-25 23:36:32
ComboFix3.txt 2008-06-25 08:35:18
ComboFix4.txt 2008-05-12 22:44:13

Pre-Run: 27,649,556,480 bytes free
Post-Run: 27,621,965,824 bytes free

427 --- E O F --- 2008-06-20 10:23:33
  • 0

#4
Haji

Haji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here's a new hijackthis log also:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:32 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Vcsron\Vcsron.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [6565676F716C7171] 3F3F0000000000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [BMa3e09c2d] Rundll32.exe "C:\WINDOWS\system32\mjfrvewd.dll",s
O4 - HKLM\..\Run: [a0d3afb1] rundll32.exe "C:\WINDOWS\system32\vxbyyclb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EventLog] C:\WINDOWS\system32\event.exe
O4 - HKCU\..\Run: [Vcsron] C:\Program Files\Vcsron\Vcsron.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZR
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O21 - SSODL: ZJvdzCxv - {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 12590 bytes
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your PC is really infected

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\pskt.ini
C:\WINDOWS\BMa3e09c2d.xml
C:\WINDOWS\system32\rbyvrlix.dll
C:\WINDOWS\system32\yqqwhdpl.dll
C:\WINDOWS\system32\pipbewuv.dll
C:\WINDOWS\system32\dwbmseuf.ini
C:\WINDOWS\system32\sfnhyxjw.dll
C:\WINDOWS\system32\urjuruvh.dll
C:\WINDOWS\system32\ddcBSJYo.dll
C:\WINDOWS\system32\awtrSkKD.dll
C:\WINDOWS\system32\efcCttsP.dll
C:\WINDOWS\system32\aecfquig.dll
C:\WINDOWS\system32\mqtoaoux.dll
C:\WINDOWS\system32\wwdmsbld.dll
C:\WINDOWS\system32\ddcAtqnO.dll
C:\WINDOWS\system32\wvUoNFYO.dll
C:\WINDOWS\system32\wvUOIaxy.dll
C:\WINDOWS\system32\wvUmnnKb.dll
C:\WINDOWS\system32\yayxvUMf.dll
C:\WINDOWS\system32\geBsrSLF.dll
C:\WINDOWS\system32\spoolsvc.exe
C:\WINDOWS\system32\srsc.dat

Folder::
C:\WINDOWS\R2VvcmdlIE1lbG9odXNreQ

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6F5090F-D9EC-4263-9D7D-2968C5179291}"=-
"{C5E84927-CFF0-4CA3-A068-02E7C01C1E7C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvc]

Rootkit::
C:\WINDOWS\system32\lpdhwqqy.ini 
C:\WINDOWS\system32\qoMGAqpn.dll

AWF::
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe
C:\Program Files\AIM\bak\aim.exe
C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
C:\Program Files\DAEMON Tools\bak\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.4150\bak\GoogleToolbarNotifier.exe
C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\WINDOWS\system32\bak\ctfmon.exe

RenV::
----a-w			67,112 2008-03-24 18:30:15  C:\Program Files\AIM\aim .exe
-c--a-w			50,528 2008-03-24 18:30:17  C:\Program Files\AIM6\aim6 .exe
-c--a-w			75,392 2008-02-15 20:51:03  C:\Program Files\Alwil Software\Avast4\ashDisp .exe
-c--a-w		   970,752 2008-03-18 21:14:53  C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater .exe
-c--a-w		   157,592 2008-02-15 20:51:02  C:\Program Files\DAEMON Tools\daemon .exe
-c--a-w			68,856 2008-02-14 23:15:23  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
-c--a-w		 1,694,208 2008-03-18 21:14:53  C:\Program Files\Messenger\msmsgs .exe
-c--a-w		   282,624 2008-02-05 20:48:35  C:\Program Files\QuickTime\qttask					.exe
----a-w		   648,704 2008-02-05 20:47:26  C:\Program Files\QuickTime\qttask				   .exe
-c--a-w		   648,704 2008-02-05 01:20:20  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   648,704 2008-02-04 21:41:32  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   648,704 2008-02-03 21:06:33  C:\Program Files\QuickTime\qttask				.exe
-c--a-w		   648,704 2008-02-03 14:38:35  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   648,704 2008-02-02 18:52:52  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   648,704 2008-02-02 11:31:00  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   282,624 2008-02-14 00:36:17  C:\Program Files\QuickTime\qttask			.exe
----a-w		   648,704 2008-02-14 00:35:24  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   648,704 2008-02-13 20:48:23  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   648,704 2008-02-13 03:42:49  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   648,704 2008-02-12 20:05:13  C:\Program Files\QuickTime\qttask		.exe
----a-w		   648,704 2008-02-11 20:19:26  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   648,704 2008-02-10 18:55:52  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   648,704 2008-02-09 17:46:16  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   648,704 2008-02-08 21:03:58  C:\Program Files\QuickTime\qttask	.exe
----a-w		   648,704 2008-02-14 23:13:16  C:\Program Files\QuickTime\qttask  .exe
----a-w		   648,704 2008-02-14 22:38:09  C:\Program Files\QuickTime\qttask .exe
----a-w		21,760,296 2008-03-21 04:49:35  C:\Program Files\Skype\Phone\Skype .exe
-c--a-w			58,368 2008-02-15 20:21:41  C:\Program Files\Sound Volume Hotkeys\SoundVolumeHotkeys .exe
----a-w		 3,481,600 2008-03-06 18:48:27  C:\Program Files\Veoh Networks\Veoh\VeohClient .exe
-c--a-w		   166,304 2008-02-11 20:21:05  C:\Program Files\Zune\ZuneLauncher .exe
-c--a-w		   102,400 2008-02-15 20:51:01  C:\WINDOWS\tsnp2std .exe
-c--a-w		   339,968 2008-02-15 20:22:07  C:\WINDOWS\vsnp2std .exe
-c--a-w		   208,952 2008-03-24 23:19:41  C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
-c--a-w			44,032 2008-03-24 23:19:40  C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE
----a-w			15,360 2008-03-24 23:19:57  C:\WINDOWS\system32\ctfmon .exe
----a-w		   174,592 2008-03-22 14:05:58  C:\WINDOWS\system32\lexpps .exe
-c--a-w			98,304 2008-02-15 20:22:05  C:\WINDOWS\system32\ps2 .exe
-c--a-w			59,392 2008-03-24 23:19:46  C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
-c--a-w		   455,168 2008-03-24 23:19:48  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

#6
Haji

Haji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The new combofix log:

ComboFix 08-06-20.4 - Ed 2008-06-27 15:58:38.6 - NTFSx86
Running from: C:\Documents and Settings\Ed\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ed\Desktop\CFScript.txt.txt
* Created a new restore point

FILE ::
C:\WINDOWS\BMa3e09c2d.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aecfquig.dll
C:\WINDOWS\system32\awtrSkKD.dll
C:\WINDOWS\system32\ddcAtqnO.dll
C:\WINDOWS\system32\ddcBSJYo.dll
C:\WINDOWS\system32\dwbmseuf.ini
C:\WINDOWS\system32\efcCttsP.dll
C:\WINDOWS\system32\geBsrSLF.dll
C:\WINDOWS\system32\mqtoaoux.dll
C:\WINDOWS\system32\pipbewuv.dll
C:\WINDOWS\system32\rbyvrlix.dll
C:\WINDOWS\system32\sfnhyxjw.dll
C:\WINDOWS\system32\spoolsvc.exe
C:\WINDOWS\system32\srsc.dat
C:\WINDOWS\system32\urjuruvh.dll
C:\WINDOWS\system32\wvUmnnKb.dll
C:\WINDOWS\system32\wvUOIaxy.dll
C:\WINDOWS\system32\wvUoNFYO.dll
C:\WINDOWS\system32\wwdmsbld.dll
C:\WINDOWS\system32\yayxvUMf.dll
C:\WINDOWS\system32\yqqwhdpl.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator.COMPUTER.000\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Andy.GEORGEMMA.000\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Ed\Application Data\inst.exe
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\BMa3e09c2d.xml
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\pskt.ini
C:\WINDOWS\R2VvcmdlIE1lbG9odXNreQ
C:\WINDOWS\R2VvcmdlIE1lbG9odXNreQ\lZpSwAx5KHY5v36CxrhOyk.vbs
C:\WINDOWS\system32\aecfquig.dll
C:\WINDOWS\system32\awtrSkKD.dll
C:\WINDOWS\system32\blcyybxv.ini
C:\WINDOWS\system32\dcded8_z.dll
C:\WINDOWS\system32\ddcAtqnO.dll
C:\WINDOWS\system32\ddcBSJYo.dll
C:\WINDOWS\system32\dwbmseuf.ini
C:\WINDOWS\system32\efcCttsP.dll
C:\WINDOWS\system32\geBsrSLF.dll
C:\WINDOWS\system32\lpdhwqqy.ini
C:\WINDOWS\system32\mqtoaoux.dll
C:\WINDOWS\system32\npqAGMoq.ini
C:\WINDOWS\system32\npqAGMoq.ini2
C:\WINDOWS\system32\pipbewuv.dll
C:\WINDOWS\system32\qoMGAqpn.dll
C:\WINDOWS\system32\rbyvrlix.dll
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\system32\RCX49.tmp
C:\WINDOWS\system32\sfnhyxjw.dll
C:\WINDOWS\system32\srsc.dat
C:\WINDOWS\system32\urjuruvh.dll
C:\WINDOWS\system32\wvUmnnKb.dll
C:\WINDOWS\system32\wvUOIaxy.dll
C:\WINDOWS\system32\wvUoNFYO.dll
C:\WINDOWS\system32\wwdmsbld.dll
C:\WINDOWS\system32\yayxvUMf.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-26 18:27 . 2008-06-26 18:27 106,496 --a------ C:\WINDOWS\system32\urnkihru.dll
2008-06-26 18:24 . 2008-06-26 18:24 80,896 --a------ C:\WINDOWS\system32\vxbyyclb.dll
2008-06-26 18:22 . 2008-06-26 18:22 91,648 --a------ C:\WINDOWS\system32\mjfrvewd.dll
2008-06-23 21:36 . 2008-06-23 21:36 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\eMule
2008-06-21 05:37 . 2008-06-21 05:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-21 05:37 . 2008-06-21 05:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-16 14:41 . 2008-06-16 14:41 <DIR> d-------- C:\Program Files\PowerISO
2008-06-15 20:35 . 2008-06-15 20:43 <DIR> d-------- C:\Program Files\Flv Audio Extractor
2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 17:38 . 2008-03-21 13:57 14,640 --a------ C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-06-08 07:57 . 2008-06-08 07:57 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Move Networks
2008-06-01 18:18 . 2008-06-01 21:33 117 --a------ C:\WINDOWS\CIV.INI
2008-06-01 13:09 . 2008-06-01 13:09 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\InstallShield
2008-06-01 13:06 . 2008-06-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-06-01 13:04 . 2008-06-01 13:05 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-01 08:08 . 2008-06-01 08:08 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Ulead Systems
2008-05-31 14:06 . 2008-05-31 14:06 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-05-31 14:04 . 2008-05-31 14:04 <DIR> d-------- C:\Program Files\Windows Media Components

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 21:06 --------- d-----w C:\Program Files\QuickTime
2008-06-27 21:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-27 21:01 96,256 -c--a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
2008-06-27 20:00 --------- d-----w C:\Program Files\Zune
2008-06-27 19:59 --------- d-----w C:\Program Files\Sound Volume Hotkeys
2008-06-27 19:58 --------- d-----w C:\Program Files\iTunes
2008-06-27 19:58 --------- d-----w C:\Program Files\DAEMON Tools
2008-06-27 19:58 --------- d-----w C:\Program Files\AIM6
2008-06-27 19:58 --------- d-----w C:\Program Files\AIM
2008-06-26 20:24 --------- d-----w C:\Program Files\StepMania CVS
2008-06-24 01:36 --------- d-----w C:\Program Files\eMule
2008-06-23 00:59 --------- d-----w C:\Documents and Settings\Ed\Application Data\Skype
2008-06-22 21:36 --------- d-----w C:\Documents and Settings\Ed\Application Data\skypePM
2008-06-18 21:37 --------- d-----w C:\Program Files\LimeWire
2008-06-17 05:32 11,836 -c--a-w C:\Documents and Settings\Ed\Application Data\wklnhst.dat
2008-06-16 19:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-08 01:26 --------- d-----w C:\Program Files\mIRC
2008-06-01 17:04 --------- d-----w C:\Program Files\Ulead Systems
2008-06-01 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-01 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 16:23 --------- d-----w C:\Documents and Settings\Ed\Application Data\Ulead Systems
2008-05-30 08:27 --------- d-----w C:\Program Files\DivX
2008-05-29 17:10 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-05-29 08:56 --------- d-----w C:\Program Files\Last.fm
2008-05-20 03:02 --------- d-----w C:\Documents and Settings\Ed\Application Data\vlc
2008-05-18 02:46 --------- d-----w C:\Program Files\AllToAVI
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:51 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 23:16 --------- d-----w C:\Program Files\Java
2008-05-12 03:26 --------- d-----w C:\Program Files\Trend Micro
2008-05-12 03:12 --------- d-----w C:\Program Files\Lavasoft
2008-05-12 03:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-12 03:09 --------- d-----w C:\Program Files\Vcsron
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-04 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-05-04 20:30 --------- d-----w C:\Program Files\jv16 PowerTools 2008
2008-05-03 13:55 --------- d-----w C:\Documents and Settings\George.COMPUTER\Application Data\LimeWire
2008-05-02 20:20 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-05-02 20:20 --------- d-----w C:\Documents and Settings\Ed\Application Data\Metacafe
2008-05-02 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe
2008-05-01 20:33 --------- d-----w C:\Program Files\Autodesk
2008-04-29 23:56 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2008-04-29 23:56 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-04-29 23:39 70,144 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-29 23:39 62,464 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-29 23:39 40,704 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2008-04-29 23:39 35,328 ----a-w C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-29 23:39 145,408 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-17 23:11 1,112,288 ----a-w C:\WINDOWS\system32\WdfCoInstaller01007.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2007-11-16 22:19 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-07-16 21:32 81,920 ----a-w C:\Documents and Settings\Ed\Application Data\ezpinst.exe
2007-07-16 21:32 47,360 ----a-w C:\Documents and Settings\Ed\Application Data\pcouffin.sys
2007-05-21 06:53 534 -c--a-w C:\Documents and Settings\Andy.COMPUTER\Application Data\wklnhst.dat
2007-04-27 02:00 604 -c-ha-w C:\Program Files\STLL Notifier
2007-03-28 23:06 696 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-01-17 19:48 439,296 -c--a-w C:\Documents and Settings\Compaq_Owner\GoToAssist_phone__317_en.exe
2006-03-14 01:54 840 -c--a-w C:\Documents and Settings\Emma.GEORGEMMA.000\Application Data\wklnhst.dat
2006-03-01 00:56 4,506 -c--a-w C:\Documents and Settings\Ed.GEORGEMMA\Application Data\wklnhst.dat
2006-02-14 23:35 508 -c--a-w C:\Documents and Settings\Andy.GEORGEMMA\Application Data\wklnhst.dat
2005-12-05 22:54 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-08-10 00:30 56 --sha-r C:\WINDOWS\system32\957DCF128A.sys
2006-08-10 00:30 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
<pre>
----a-w		21,760,296 2008-03-21 04:49:35  C:\Program Files\Skype\Phone\Skype .exe
</pre>


------- Sigcheck -------

2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 08:00 14848 340a992968d7fecb91161a0636f15beb C:\WINDOWS\system32\lsass.exe
2004-08-04 08:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{349DB5C9-FBB0-4D84-AD5B-25AE40D17EE8}]
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\PV7BMU7E\3077ahntdksr[1].dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ca3f9a3-9488-4f34-8276-a783f6a41295}]
2008-06-26 18:27 106496 --a------ C:\WINDOWS\system32\urnkihru.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC549FE2-5615-457D-8244-A3A1ADF7B23F}]
C:\WINDOWS\system32\ssqrs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JARFile]
@={45A9B2C0-0D04-4AE6-B2F6-544B5C5E1EF3}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-24 19:19 15360]
"Aim6"="" []
"EventLog"="C:\WINDOWS\system32\event.exe" [ ]
"Vcsron"="C:\Program Files\Vcsron\Vcsron.exe" [2008-05-07 14:20 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57 133016]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2008-02-15 16:51 102400]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2008-02-15 16:22 339968]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2008-02-15 16:22 98304]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-03-24 19:19 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2008-03-24 19:19 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-03-24 19:19 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-03-24 19:19 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-03-24 19:19 455168]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"6565676F716C7171"="3F3F0000000000.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-02-11 16:21 166304]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" [ ]
"a0d3afb1"="C:\WINDOWS\system32\vxbyyclb.dll" [2008-06-26 18:24 80896]
"BMa3e09c2d"="C:\WINDOWS\system32\mjfrvewd.dll" [2008-06-26 18:22 91648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-17 14:57 145920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-03-24 23:21 218496]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-28 17:49:41 106496]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]

C:\Documents and Settings\Ed.GEORGEMMA\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Emma.GEORGEMMA.000\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\George\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\George.COMPUTER\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]

C:\Documents and Settings\Andy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Andy.COMPUTER\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Andy.GEORGEMMA.000\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Ed\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ZJvdzCxv"= {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-06-14 21:29 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsrSLF]
geBsrSLF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mfc850]
mfc850.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhfdd]
mljhfdd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spoolsvc]
spoolsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Ed\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk]
C:\WINDOWS\system32\bpk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a--c--- 2005-03-23 16:34 58992 c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-03-24 19:19 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a--c--- 2005-02-26 01:34 245760 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-09-25 14:54 229952 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a--c--- 2004-10-14 16:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
--a--c--- 2005-01-04 19:54 49152 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Google\\Google Earth\\GoogleEarth.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Destiny\\RadioDestiny Broadcaster\\RadioDestiny Broadcaster.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype .exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:Outlook Express
"9172:TCP"= 9172:TCP:BitComet 9172 TCP
"9172:UDP"= 9172:UDP:BitComet 9172 UDP
"22405:TCP"= 22405:TCP:BitComet 22405 TCP
"22405:UDP"= 22405:UDP:BitComet 22405 UDP
"49000:TCP"= 49000:TCP:BitComet 49000 TCP
"49000:UDP"= 49000:UDP:BitComet 49000 UDP
"19524:TCP"= 19524:TCP:BitComet 19524 TCP
"19524:UDP"= 19524:UDP:BitComet 19524 UDP

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-09-21 14:31]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
C:\Documents and Settings\Ed\Application Data\Microsoft\cfgmgr.vbs
.
Contents of the 'Scheduled Tasks' folder
"2008-06-21 09:37:38 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
- E:\
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 17:07:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-27 17:50:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-27 21:50:00
ComboFix2.txt 2008-06-26 22:57:57
ComboFix3.txt 2008-06-25 23:36:32
ComboFix4.txt 2008-06-25 08:35:18
ComboFix5.txt 2008-05-12 22:44:13

Pre-Run: 27,525,115,904 bytes free
Post-Run: 27,477,852,160 bytes free

396 --- E O F --- 2008-06-20 10:23:33
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\system32\urnkihru.dll
C:\WINDOWS\system32\vxbyyclb.dll
C:\WINDOWS\system32\mjfrvewd.dll

RenV::
----a-w 21,760,296 2008-03-21 04:49:35 C:\Program Files\Skype\Phone\Skype .exe


Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall






Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new HijackThis log
  • 0

#8
Haji

Haji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The Kaspersky report is much too long to put in a post I put it up on rapidshare(is that cool with you?):

http://rapidshare.co.../Kaspersky.html

Here's the new HiJackthis log too:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:47 AM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Vcsron\Vcsron.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {349DB5C9-FBB0-4D84-AD5B-25AE40D17EE8} - C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\PV7BMU7E\3077ahntdksr[1].dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DC549FE2-5615-457D-8244-A3A1ADF7B23F} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [6565676F716C7171] 3F3F0000000000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [a0d3afb1] rundll32.exe "C:\WINDOWS\system32\vxbyyclb.dll",b
O4 - HKLM\..\Run: [BMa3e09c2d] Rundll32.exe "C:\WINDOWS\system32\mjfrvewd.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EventLog] C:\WINDOWS\system32\event.exe
O4 - HKCU\..\Run: [Vcsron] C:\Program Files\Vcsron\Vcsron.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZR
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: geBsrSLF - geBsrSLF.dll (file missing)
O20 - Winlogon Notify: mfc850 - mfc850.dll (file missing)
O20 - Winlogon Notify: mljhfdd - mljhfdd.dll (file missing)
O20 - Winlogon Notify: spoolsvc - spoolsvc.dll (file missing)
O21 - SSODL: ZJvdzCxv - {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 14194 bytes

Thank you very much for reading my posts and helping. Much appreciated!
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
So much malware, this is what you get when you use LimeWire

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {349DB5C9-FBB0-4D84-AD5B-25AE40D17EE8} - C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\PV7BMU7E\3077ahntdksr[1].dll (file missing)
O2 - BHO: (no name) - {DC549FE2-5615-457D-8244-A3A1ADF7B23F} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [6565676F716C7171] 3F3F0000000000.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [a0d3afb1] rundll32.exe "C:\WINDOWS\system32\vxbyyclb.dll",b
O4 - HKLM\..\Run: [BMa3e09c2d] Rundll32.exe "C:\WINDOWS\system32\mjfrvewd.dll",s
O4 - HKCU\..\Run: [Vcsron] C:\Program Files\Vcsron\Vcsron.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZR
O20 - AppInit_DLLs:
O20 - Winlogon Notify: geBsrSLF - geBsrSLF.dll (file missing)
O20 - Winlogon Notify: mfc850 - mfc850.dll (file missing)
O20 - Winlogon Notify: mljhfdd - mljhfdd.dll (file missing)
O20 - Winlogon Notify: spoolsvc - spoolsvc.dll (file missing)
O21 - SSODL: ZJvdzCxv - {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll (file missing)
O24 - Desktop Component 0: (no name) - (no file)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\12.tmp
C:\14.tmp
C:\BhEw.exe
C:\Documents and Settings\Ed\Application Data\Microsoft\spoolsv.exe
C:\Documents and Settings\Ed\Local Settings\Application Data\Mozilla\Firefox\Profiles\a4ftback.123\Cache(9)\B2512D21d01
C:\Documents and Settings\Ed\My Documents\My Documents\Ed\Local Settings\Temp\Temporary Internet Files\Content.IE5\C1QVGHQF\1[2].htm
C:\Documents and Settings\George.COMPUTER\My Documents\PopularScreensaversSetup2.2.60.11-2.exe
C:\Downloads\LimeWire Pro. 4.18.2\LimeWireWin.exe
C:\Downloads\Spore Creature Creator - Full (100%).rar
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\Symdivx\Cache\000007cf_43f4ebc7_000af79e
C:\Program Files\Symdivx\Cache\000011ef_43d329a0_00081b32
C:\Program Files\Symdivx\Cache\00004b72_43b86d0e_00040d99
C:\Program Files\Symdivx\Cache\00004ff8_43894ac6_0001312d
C:\Program Files\Symdivx\Cache\00006efb_43d32a70_0008583b
C:\Program Files\Symdivx\Cache\00007389_439a34f5_000a7d8c
C:\Program Files\Vcsron
C:\WINDOWS\bck7.dat
C:\WINDOWS\ime\imjp8_1\imjpmig.exe.tmp
C:\WINDOWS\ime\imkr6_1\imekrmig.exe.tmp
C:\WINDOWS\POTA777444.exe
C:\WINDOWS\system32\dbomluaj.dll
C:\WINDOWS\system32\dlzg.dll
C:\WINDOWS\system32\eeixrqcq.exe
C:\WINDOWS\system32\heeqjanr.dll
C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe.tmp
C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe.tmp
C:\WINDOWS\system32\nihwtioe.dll
C:\WINDOWS\system32\qmcljkhl.dll
C:\WINDOWS\system32\RCX23C.tmp
C:\WINDOWS\system32\RCX30B.tmp
C:\WINDOWS\system32\RCX3A5.tmp
C:\WINDOWS\system32\RCX405.tmp
C:\WINDOWS\system32\RCX49C.tmp
C:\WINDOWS\system32\RCX54C.tmp
C:\WINDOWS\system32\ugxhqhbc.dll
C:\WINDOWS\system32\vxlxxqft.dll
C:\WINDOWS\system32\xkrilaqf.exe
C:\WINDOWS\ѕуstem32\netdde.exe

Folder::
C:\12.tmp
C:\14.tmp
C:\BhEw.exe
C:\Documents and Settings\Ed\Application Data\Microsoft\spoolsv.exe
C:\Documents and Settings\Ed\Local Settings\Application Data\Mozilla\Firefox\Profiles\a4ftback.123\Cache(9)\B2512D21d01
C:\Documents and Settings\Ed\My Documents\My Documents\Ed\Local Settings\Temp\Temporary Internet Files\Content.IE5\C1QVGHQF\1[2].htm
C:\Documents and Settings\George.COMPUTER\My Documents\PopularScreensaversSetup2.2.60.11-2.exe
C:\Downloads\LimeWire Pro. 4.18.2\LimeWireWin.exe
C:\Downloads\Spore Creature Creator - Full (100%).rar
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
C:\Program Files\Symdivx\Cache\000007cf_43f4ebc7_000af79e
C:\Program Files\Symdivx\Cache\000011ef_43d329a0_00081b32
C:\Program Files\Symdivx\Cache\00004b72_43b86d0e_00040d99
C:\Program Files\Symdivx\Cache\00004ff8_43894ac6_0001312d
C:\Program Files\Symdivx\Cache\00006efb_43d32a70_0008583b
C:\Program Files\Symdivx\Cache\00007389_439a34f5_000a7d8c
C:\Program Files\Vcsron
C:\WINDOWS\bck7.dat
C:\WINDOWS\ime\imjp8_1\imjpmig.exe.tmp
C:\WINDOWS\ime\imkr6_1\imekrmig.exe.tmp
C:\WINDOWS\POTA777444.exe
C:\WINDOWS\system32\dbomluaj.dll
C:\WINDOWS\system32\dlzg.dll
C:\WINDOWS\system32\eeixrqcq.exe
C:\WINDOWS\system32\heeqjanr.dll
C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe.tmp
C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe.tmp
C:\WINDOWS\system32\nihwtioe.dll
C:\WINDOWS\system32\qmcljkhl.dll
C:\WINDOWS\system32\RCX23C.tmp
C:\WINDOWS\system32\RCX30B.tmp
C:\WINDOWS\system32\RCX3A5.tmp
C:\WINDOWS\system32\RCX405.tmp
C:\WINDOWS\system32\RCX49C.tmp
C:\WINDOWS\system32\RCX54C.tmp
C:\WINDOWS\system32\ugxhqhbc.dll
C:\WINDOWS\system32\vxlxxqft.dll
C:\WINDOWS\system32\xkrilaqf.exe
C:\WINDOWS\ѕуstem32\netdde.exe


DirLook::
C:\Documents and Settings\Andy.COMPUTER\Desktop\My Documents\My Documents\Andy\.limewire\.NetworkShare\Incomplete
C:\Downloads

FCOPY::
C:\WINDOWS\System32\dllcache\lsass.exe | C:\WINDOWS\system32\lsass.exe

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Also post a new HijackThis log
  • 0

#10
Haji

Haji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry but this is another really long report:

http://www.mediafire.com/?trjj9eemmbx

Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:14 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EventLog] C:\WINDOWS\system32\event.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 12641 bytes
  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKCU\..\Run: [EventLog] C:\WINDOWS\system32\event.exe
O24 - Desktop Component 0: (no name) - (no file)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Downloads\Ulead VideoStudio 11 Plus - crack.exe
C:\Downloads\Ulead VideoStudio Plus 11.5 with Dolby Digital PowerPack\keygen.exe
C:\Downloads\Ulead VideoStudio Plus 11.5 with Dolby Digital PowerPack\Read Me.txt

Folder::
C:\Downloads\Macromedia DreamWeaver CS3 + Plugins and Crack
C:\Downloads\FL STUDIO 5_XXL_cracked

KillAll::

RenV::
----a-w 21,760,296 2008-03-21 04:49:35 C:\Program Files\Skype\Phone\Skype .exe


Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

#12
Haji

Haji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ok the new combofix log:

ComboFix 08-06-20.4 - Ed 2008-06-28 20:09:07.9 - NTFSx86
Running from: C:\Documents and Settings\Ed\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ed\Desktop\CFScript.txt.txt
* Created a new restore point

FILE ::
C:\Downloads\Ulead VideoStudio 11 Plus - crack.exe
C:\Downloads\Ulead VideoStudio Plus 11.5 with Dolby Digital PowerPack\keygen.exe
C:\Downloads\Ulead VideoStudio Plus 11.5 with Dolby Digital PowerPack\Read Me.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Downloads\FL STUDIO 5_XXL_cracked
C:\Downloads\FL STUDIO 5_XXL_cracked\FLRegkey.Reg
C:\Downloads\FL STUDIO 5_XXL_cracked\FLStudio5_XXL_Install.exe
C:\Downloads\FL STUDIO 5_XXL_cracked\fruity loops - tutorials.pdf
C:\Downloads\FL STUDIO 5_XXL_cracked\Fruity Loops 5XXL Crack\FL.EXE
C:\Downloads\FL STUDIO 5_XXL_cracked\READ ME BORFRE INSTALL!!!!!!!!.txt
C:\Downloads\Macromedia DreamWeaver CS3 + Plugins and Crack
C:\Downloads\Macromedia DreamWeaver CS3 + Plugins and Crack\Macromedia DreamWeaver CS3 + Crack.daa
C:\Downloads\Macromedia DreamWeaver CS3 + Plugins and Crack\Macromedia DreamWeaver Plugins All In One 2007.daa
C:\Downloads\Macromedia DreamWeaver CS3 + Plugins and Crack\Readme.txt
C:\Downloads\Ulead VideoStudio 11 Plus - crack.exe
C:\Downloads\Ulead VideoStudio Plus 11.5 with Dolby Digital PowerPack\keygen.exe
C:\Downloads\Ulead VideoStudio Plus 11.5 with Dolby Digital PowerPack\Read Me.txt

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-27 21:12 . 2008-06-27 21:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-27 21:12 . 2008-06-27 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-23 21:36 . 2008-06-23 21:36 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\eMule
2008-06-16 14:41 . 2008-06-16 14:41 <DIR> d-------- C:\Program Files\PowerISO
2008-06-15 20:35 . 2008-06-15 20:43 <DIR> d-------- C:\Program Files\Flv Audio Extractor
2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 19:31 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 17:38 . 2008-03-21 13:57 14,640 --a------ C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-06-10 17:38 . 2008-06-10 17:38 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-06-08 07:57 . 2008-06-08 07:57 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Move Networks
2008-06-01 18:18 . 2008-06-01 21:33 117 --a------ C:\WINDOWS\CIV.INI
2008-06-01 13:09 . 2008-06-01 13:09 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\InstallShield
2008-06-01 13:06 . 2008-06-01 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-06-01 13:04 . 2008-06-01 13:05 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-01 08:08 . 2008-06-01 08:08 <DIR> d-------- C:\Documents and Settings\George.COMPUTER\Application Data\Ulead Systems
2008-05-31 14:06 . 2008-05-31 14:06 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-05-31 14:04 . 2008-05-31 14:04 <DIR> d-------- C:\Program Files\Windows Media Components

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 17:07 --------- d-----w C:\Program Files\DivX
2008-06-28 15:43 --------- d-----w C:\Documents and Settings\George.COMPUTER\Application Data\DivX
2008-06-27 21:06 --------- d-----w C:\Program Files\QuickTime
2008-06-27 21:06 --------- d-----w C:\Program Files\iTunes
2008-06-27 21:06 --------- d-----w C:\Program Files\DAEMON Tools
2008-06-27 21:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-27 21:06 --------- d-----w C:\Program Files\AIM
2008-06-27 21:01 96,256 -c--a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
2008-06-27 20:00 --------- d-----w C:\Program Files\Zune
2008-06-27 19:59 --------- d-----w C:\Program Files\Sound Volume Hotkeys
2008-06-27 19:58 --------- d-----w C:\Program Files\AIM6
2008-06-26 20:24 --------- d-----w C:\Program Files\StepMania CVS
2008-06-24 01:36 --------- d-----w C:\Program Files\eMule
2008-06-23 00:59 --------- d-----w C:\Documents and Settings\Ed\Application Data\Skype
2008-06-22 21:36 --------- d-----w C:\Documents and Settings\Ed\Application Data\skypePM
2008-06-18 21:37 --------- d-----w C:\Program Files\LimeWire
2008-06-17 05:32 11,836 -c--a-w C:\Documents and Settings\Ed\Application Data\wklnhst.dat
2008-06-16 19:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-08 01:26 --------- d-----w C:\Program Files\mIRC
2008-06-01 17:04 --------- d-----w C:\Program Files\Ulead Systems
2008-06-01 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-01 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-01 16:23 --------- d-----w C:\Documents and Settings\Ed\Application Data\Ulead Systems
2008-05-29 17:10 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-05-29 08:56 --------- d-----w C:\Program Files\Last.fm
2008-05-20 03:02 --------- d-----w C:\Documents and Settings\Ed\Application Data\vlc
2008-05-18 02:46 --------- d-----w C:\Program Files\AllToAVI
2008-05-12 23:16 --------- d-----w C:\Program Files\Java
2008-05-12 03:26 --------- d-----w C:\Program Files\Trend Micro
2008-05-12 03:12 --------- d-----w C:\Program Files\Lavasoft
2008-05-12 03:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-04 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-05-04 20:30 --------- d-----w C:\Program Files\jv16 PowerTools 2008
2008-05-03 13:55 --------- d-----w C:\Documents and Settings\George.COMPUTER\Application Data\LimeWire
2008-05-02 20:20 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-05-02 20:20 --------- d-----w C:\Documents and Settings\Ed\Application Data\Metacafe
2008-05-02 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe
2008-05-01 20:33 --------- d-----w C:\Program Files\Autodesk
2008-04-29 23:39 40,704 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2007-11-16 22:19 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-07-16 21:32 81,920 ----a-w C:\Documents and Settings\Ed\Application Data\ezpinst.exe
2007-07-16 21:32 47,360 ----a-w C:\Documents and Settings\Ed\Application Data\pcouffin.sys
2007-05-21 06:53 534 -c--a-w C:\Documents and Settings\Andy.COMPUTER\Application Data\wklnhst.dat
2007-04-27 02:00 604 -c-ha-w C:\Program Files\STLL Notifier
2007-03-28 23:06 696 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-01-17 19:48 439,296 -c--a-w C:\Documents and Settings\Compaq_Owner\GoToAssist_phone__317_en.exe
2006-03-14 01:54 840 -c--a-w C:\Documents and Settings\Emma.GEORGEMMA.000\Application Data\wklnhst.dat
2006-03-01 00:56 4,506 -c--a-w C:\Documents and Settings\Ed.GEORGEMMA\Application Data\wklnhst.dat
2006-02-14 23:35 508 -c--a-w C:\Documents and Settings\Andy.GEORGEMMA\Application Data\wklnhst.dat
2005-12-05 22:54 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2006-08-10 00:30 56 --sha-r C:\WINDOWS\system32\957DCF128A.sys
2006-08-10 00:30 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
<pre>
----a-w		21,760,296 2008-03-21 04:49:35  C:\Program Files\Skype\Phone\Skype .exe
</pre>


------- Sigcheck -------

2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( [email protected]_17.49.18.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 21:01:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 00:17:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-13 01:50:06 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
+ 2008-05-30 23:22:46 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
- 2008-05-13 01:50:08 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
+ 2008-05-30 23:22:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
- 2008-05-13 01:50:08 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
+ 2008-05-30 23:22:46 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
- 2008-05-13 01:50:08 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
+ 2008-05-30 23:22:48 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
- 2008-05-13 01:50:08 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
+ 2008-05-30 23:22:48 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
- 2008-05-13 01:49:28 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
+ 2008-05-22 22:19:12 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
- 2008-05-13 01:53:20 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
+ 2008-05-22 22:22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
- 2008-05-13 01:49:02 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
+ 2008-05-22 22:18:54 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
- 2008-05-13 01:50:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2008-05-22 22:19:46 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
- 2008-05-13 01:50:10 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
+ 2008-05-30 23:22:54 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
- 2008-05-13 01:50:10 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
+ 2008-05-30 23:22:54 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
- 2008-05-13 01:50:12 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
+ 2008-05-30 23:22:58 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
- 2008-05-13 01:50:12 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
+ 2008-05-30 23:22:54 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
- 2008-05-13 01:50:12 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
+ 2008-05-30 23:22:54 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
- 2008-05-13 01:50:12 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
+ 2008-05-30 23:22:54 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
- 2008-05-13 01:50:16 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
+ 2008-05-22 22:19:46 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-05-13 01:51:10 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
+ 2008-05-22 22:20:42 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
- 2004-08-04 12:00:00 14,848 ----a-w C:\WINDOWS\system32\lsass.exe
+ 2004-08-04 12:00:00 13,312 ----a-w C:\WINDOWS\system32\lsass.exe
- 2008-05-13 01:53:16 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
+ 2008-05-22 22:22:18 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
- 2008-05-13 01:51:10 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
+ 2008-05-22 22:20:42 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
+ 2008-06-29 00:20:19 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_4d0.dat
+ 2008-06-29 00:22:23 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JARFile]
@={45A9B2C0-0D04-4AE6-B2F6-544B5C5E1EF3}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-24 19:19 15360]
"Aim6"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-14 19:15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57 133016]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2008-02-15 16:51 102400]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2008-02-15 16:22 339968]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2008-02-15 16:22 98304]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-03-24 19:19 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2008-03-24 19:19 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-03-24 19:19 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-03-24 19:19 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-03-24 19:19 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-02-11 16:21 166304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-17 14:57 145920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-03-24 23:21 218496]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-28 17:49:41 106496]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]

C:\Documents and Settings\Ed.GEORGEMMA\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Emma.GEORGEMMA.000\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\George\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\George.COMPUTER\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]

C:\Documents and Settings\Andy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Andy.COMPUTER\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Andy.GEORGEMMA.000\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 15:04:30 147456]

C:\Documents and Settings\Ed\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-06-14 21:29 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Ed\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk]
C:\WINDOWS\system32\bpk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a--c--- 2005-03-23 16:34 58992 c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-03-24 19:19 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a--c--- 2005-02-26 01:34 245760 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-09-25 14:54 229952 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a--c--- 2004-10-14 16:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
--a--c--- 2005-01-04 19:54 49152 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Google\\Google Earth\\GoogleEarth.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Destiny\\RadioDestiny Broadcaster\\RadioDestiny Broadcaster.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype .exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:Outlook Express
"9172:TCP"= 9172:TCP:BitComet 9172 TCP
"9172:UDP"= 9172:UDP:BitComet 9172 UDP
"22405:TCP"= 22405:TCP:BitComet 22405 TCP
"22405:UDP"= 22405:UDP:BitComet 22405 UDP
"49000:TCP"= 49000:TCP:BitComet 49000 TCP
"49000:UDP"= 49000:UDP:BitComet 49000 UDP
"19524:TCP"= 19524:TCP:BitComet 19524 TCP
"19524:UDP"= 19524:UDP:BitComet 19524 UDP

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-09-21 14:31]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
C:\Documents and Settings\Ed\Application Data\Microsoft\cfgmgr.vbs
.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 19:16:05 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
- E:\
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 20:18:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WudfHost.exe
.
**************************************************************************
.
Completion time: 2008-06-28 20:59:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 00:59:51
ComboFix2.txt 2008-06-28 22:30:56
ComboFix3.txt 2008-06-28 01:03:12
ComboFix4.txt 2008-06-27 21:50:08
ComboFix5.txt 2008-06-26 22:57:57

Pre-Run: 19,491,409,920 bytes free
Post-Run: 19,393,908,736 bytes free

351 --- E O F --- 2008-06-20 10:23:33
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\Program Files\Skype\Phone\Skype .exe

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also post a new HijackThis log
  • 0

#14
Haji

Haji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
malwarebytes:

Malwarebytes' Anti-Malware 1.19
Database version: 913
Windows 5.1.2600 Service Pack 2

7:26:32 PM 7/1/2008
mbam-log-7-1-2008 (19-26-32).txt

Scan type: Quick Scan
Objects scanned: 68433
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 116
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\whInstall (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\meow four dale link (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Delete on reboot.
C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\WhenU\Learn More About Save!.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\WhenU\Learn More About SaveNow.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\WhenU\WhenU.com Website.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\George.COMPUTER\Desktop\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\George.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:05 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 12542 bytes
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the ComboFix log as well


And tell me how the PC is running
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP