Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need help with google copy-book.com redirect [Solved]

Started by ace101 , Dec 12 2008 04:27 PM

This topic is locked

#16
ace101

Posted 21 December 2008 - 06:04 PM

Member

Topic Starter
Member
24 posts

Is it still working fine now?

Yeah its working fine now.

For the file c:\program files\uninst-Echospace.exe i got the following :

VirSCAN.org Scanned Report :
Scanned time : 2008/12/21 23:57:56 (GMT)
Scanner results: 5% Scanner(2/39) found malware!
File Name : uninst-Echospace.exe
File Size : 36868 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 838ab40b73313313534b4289d2cb72b9
SHA1 : 895cac3b1173c3d8fec6298434175a1857752340
Online report : http://virscan.org/r...c74fd4de27.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.28 20081222063103 2008-12-22 3.10 -
AhnLab V3 2008.12.21.02 2008.12.21 2008-12-21 0.97 -
AntiVir 7.9.0.45 7.1.1.15 2008-12-21 1.66 -
Antiy 2.0.18 20081221.1879989 2008-12-21 0.12 -
Arcavir 1.0.5 200812131407 2008-12-13 1.24 -
Authentium 5.1.1 200812212152 2008-12-21 1.09 W32/Heuristic-400!Eldorado (Heuristic)
AVAST! 3.0.1 081221-0 2008-12-21 0.76 -
AVG 7.5.52.442 270.9.19/1860 2008-12-21 1.79 -
BitDefender 7.81008.2380286 7.22689 2008-12-22 2.24 -
CA (VET) 9.0.0.143 31.6.6271 2008-12-20 5.40 -
ClamAV 0.94.1 8787 2008-12-20 0.01 -
Comodo 3.0 793 2008-12-21 0.82 -
CP Secure 1.1.0.715 2008.12.20 2008-12-20 6.17 -
Dr.Web 4.44.0.9170 2008.12.21 2008-12-21 3.75 -
ewido 4.0.0.2 2008.12.21 2008-12-21 3.13 -
F-Prot 4.4.4.56 20081221 2008-12-21 1.09 Possible W32/Heuristic-400!Eldorado (not disinfectable)
F-Secure 5.51.6100 2008.12.21.02 2008-12-21 3.95 -
Fortinet 2.81-3.117 9.835 2008-12-21 0.20 -
GData 19.2029/19.153 20081221 2008-12-21 2.82 -
ViRobot 20081219 2008.12.19 2008-12-19 0.41 -
Ikarus T3.1.01.45 2008.12.21.72041 2008-12-21 3.77 -
JiangMin 11.0.706 11.0.706.. 11.0.706-- 1.41 -
Kaspersky 5.5.10 2008.12.21 2008-12-21 0.04 -
KingSoft 2008.9.8.18 2008.12.21.20 2008-12-21 0.57 -
McAfee 5.3.00 5471 2008-12-21 2.67 -
Microsoft 1.4205 2008.12.21 2008-12-21 3.99 -
mks_vir 2.01 2008.12.21 2008-12-21 2.64 -
Norman 5.93.01 5.93.00 2008-12-18 5.79 -
Panda 9.05.01 2008.12.21 2008-12-21 2.48 -
Trend Micro 8.700-1004 5.724.31 2008-12-21 0.03 -
Quick Heal 10.00 2008.12.20 2008-12-20 0.96 -
Rising 20.0 21.08.62.00 2008-12-21 0.85 -
Sophos 2.82.1 4.37 2008-12-22 1.88 -
Sunbelt 4754 4754 2008-12-10 0.83 -
Symantec 1.3.0.24 20081221.020 2008-12-21 0.05 -
nProtect 20081215.03 2773539 2008-12-15 3.67 -
The Hacker 6.3.1.2 v00195 2008-12-20 0.48 -
VBA32 3.12.8.10 20081221.0810 2008-12-21 1.50 -
VirusBuster 4.5.11.10 10.100.1/731735 2008-12-21 1.01 -

For the file c:\program files\uninst-Starglow.exe i got the following:

VirSCAN.org Scanned Report :
Scanned time : 2008/12/22 00:01:11 (GMT)
Scanner results: 5% Scanner(2/39) found malware!
File Name : uninst-Starglow.exe
File Size : 36868 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 073a8152cec53eaed4e169803626d495
SHA1 : 489f19c0aaad1dcd8128845aefe9d710c2ff1178
Online report : http://virscan.org/r...cca8c34d42.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.28 20081222063103 2008-12-22 3.09 -
AhnLab V3 2008.12.21.02 2008.12.21 2008-12-21 0.97 -
AntiVir 7.9.0.45 7.1.1.15 2008-12-21 1.67 -
Antiy 2.0.18 20081221.1879989 2008-12-21 0.12 -
Arcavir 1.0.5 200812131407 2008-12-13 1.24 -
Authentium 5.1.1 200812212152 2008-12-21 1.10 W32/Heuristic-400!Eldorado (Heuristic)
AVAST! 3.0.1 081221-0 2008-12-21 0.01 -
AVG 7.5.52.442 270.9.19/1860 2008-12-21 1.78 -
BitDefender 7.81008.2380286 7.22689 2008-12-22 2.24 -
CA (VET) 9.0.0.143 31.6.6271 2008-12-20 5.42 -
ClamAV 0.94.1 8787 2008-12-20 0.01 -
Comodo 3.0 793 2008-12-21 0.86 -
CP Secure 1.1.0.715 2008.12.20 2008-12-20 6.16 -
Dr.Web 4.44.0.9170 2008.12.21 2008-12-21 3.75 -
ewido 4.0.0.2 2008.12.21 2008-12-21 3.42 -
F-Prot 4.4.4.56 20081221 2008-12-21 1.09 Possible W32/Heuristic-400!Eldorado (not disinfectable)
F-Secure 5.51.6100 2008.12.21.02 2008-12-21 3.98 -
Fortinet 2.81-3.117 9.835 2008-12-21 0.18 -
GData 19.2029/19.153 20081221 2008-12-21 2.82 -
ViRobot 20081219 2008.12.19 2008-12-19 0.90 -
Ikarus T3.1.01.45 2008.12.21.72041 2008-12-21 3.73 -
JiangMin 11.0.706 11.0.706.. 11.0.706-- 1.39 -
Kaspersky 5.5.10 2008.12.21 2008-12-21 0.04 -
KingSoft 2008.9.8.18 2008.12.21.20 2008-12-21 0.57 -
McAfee 5.3.00 5471 2008-12-21 2.67 -
Microsoft 1.4205 2008.12.21 2008-12-21 4.10 -
mks_vir 2.01 2008.12.21 2008-12-21 2.78 -
Norman 5.93.01 5.93.00 2008-12-18 5.83 -
Panda 9.05.01 2008.12.21 2008-12-21 2.50 -
Trend Micro 8.700-1004 5.724.31 2008-12-21 0.03 -
Quick Heal 10.00 2008.12.20 2008-12-20 0.87 -
Rising 20.0 21.08.62.00 2008-12-21 1.04 -
Sophos 2.82.1 4.37 2008-12-22 1.88 -
Sunbelt 4754 4754 2008-12-10 0.85 -
Symantec 1.3.0.24 20081221.020 2008-12-21 0.05 -
nProtect 20081215.03 2773539 2008-12-15 3.42 -
The Hacker 6.3.1.2 v00195 2008-12-20 0.54 -
VBA32 3.12.8.10 20081221.0810 2008-12-21 1.50 -
VirusBuster 4.5.11.10 10.100.1/731735 2008-12-21 1.01 -

I will now do step 2 as you told me and give you the details in a bit.
thanks for the help so far.

EDIT: Windows updates have also started to work now. they are installing currently so will wait until they are complete to start step 2.

Edited by ace101, 21 December 2008 - 06:08 PM.

#17
ace101

Posted 21 December 2008 - 07:03 PM

Member

Topic Starter
Member
24 posts

combofix log:

ComboFix 08-12-20.05 - ADMIN 2008-12-22 0:28:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2461 [GMT 0:00]
Running from: c:\documents and settings\ADMIN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ADMIN\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\SYSTEM32\0B85437DDC.sys
c:\windows\SYSTEM32\A910C4817B.sys
c:\windows\SYSTEM32\DRIVERS\logiflt.iad
c:\windows\SYSTEM32\DRIVERS\lvuvc.hs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SYSTEM32\0B85437DDC.sys
c:\windows\SYSTEM32\A910C4817B.sys
c:\windows\SYSTEM32\DRIVERS\logiflt.iad
c:\windows\SYSTEM32\DRIVERS\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-22 00:27 . 2008-12-22 00:36 <DIR> d-------- C:\ComboFix
2008-12-21 18:40 . 2008-12-21 18:41 <DIR> drahs---- C:\cmdcons
2008-12-21 01:05 . 2008-12-21 01:05 <DIR> d-------- C:\rsit
2008-12-21 01:05 . 2008-12-21 01:05 <DIR> d-------- C:\rsit
2008-12-20 12:58 . 2008-12-22 00:21 21,446 --a------ c:\windows\SYSTEM32\Config.MPF
2008-12-20 12:51 . 2008-12-20 12:51 <DIR> d-------- c:\program files\McAfee.com
2008-12-20 12:51 . 2008-12-22 00:19 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-20 12:51 . 2007-11-22 06:44 201,320 --a------ c:\windows\SYSTEM32\DRIVERS\mfehidk.sys
2008-12-20 12:51 . 2007-07-13 06:20 113,952 --a------ c:\windows\SYSTEM32\DRIVERS\Mpfp.sys
2008-12-20 12:51 . 2007-11-22 06:44 79,304 --a------ c:\windows\SYSTEM32\DRIVERS\mfeavfk.sys
2008-12-20 12:51 . 2007-12-02 12:51 40,488 --a------ c:\windows\SYSTEM32\DRIVERS\mfesmfk.sys
2008-12-20 12:51 . 2007-11-22 06:44 35,240 --a------ c:\windows\SYSTEM32\DRIVERS\mfebopk.sys
2008-12-20 12:51 . 2007-11-22 06:44 33,832 --a------ c:\windows\SYSTEM32\DRIVERS\mferkdk.sys
2008-12-20 12:49 . 2008-12-20 12:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg7
2008-12-12 16:13 . 2008-12-12 16:13 <DIR> d-------- c:\program files\Alwil Software
2008-11-29 14:40 . 2008-11-29 14:40 <DIR> d-------- c:\program files\iolo
2008-11-22 21:31 . 2008-11-29 14:53 <DIR> d-------- c:\program files\Common Files\LogiShrd
2008-11-22 21:31 . 2008-11-22 21:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-11-22 21:29 . 2008-11-29 14:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-11-22 20:51 . 2008-04-13 19:45 60,032 --a------ c:\windows\SYSTEM32\DRIVERS\USBAUDIO.sys
2008-11-22 20:51 . 2008-04-13 19:45 60,032 --a------ c:\windows\SYSTEM32\DLLCACHE\usbaudio.sys
2008-11-22 20:51 . 2008-04-14 01:12 20,992 --a------ c:\windows\SYSTEM32\dshowext.ax
2008-11-22 20:51 . 2008-04-14 01:12 20,992 --a------ c:\windows\SYSTEM32\DLLCACHE\dshowext.ax
2008-11-22 09:36 . 2006-11-10 10:54 61,600 -ra------ c:\windows\SYSTEM32\DRIVERS\SE2Cbus.sys
2008-11-22 09:36 . 2006-11-10 10:54 5,872 -ra------ c:\windows\SYSTEM32\DRIVERS\SE2Cwhnt.sys
2008-11-22 09:36 . 2006-11-10 10:54 5,872 -ra------ c:\windows\SYSTEM32\DRIVERS\SE2Cwh.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 00:35 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-12-22 00:16 --------- d-----w c:\program files\LogMeIn
2008-12-22 00:13 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-21 20:53 --------- d-----w c:\program files\McAfee
2008-12-20 12:52 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-20 12:49 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-18 19:41 --------- d--h--w c:\documents and settings\ADMIN\Application Data\IFViewer
2008-12-17 19:53 --------- d-----w c:\program files\Dl_cats
2008-12-12 20:25 --------- d-----w c:\program files\Flash EXE Builder 1.0
2008-11-29 15:27 --------- d-----w c:\program files\Corel
2008-11-29 15:27 --------- d-----w c:\program files\Common Files\Corel
2008-11-29 15:18 --------- d-----w c:\program files\Macromedia
2008-11-29 15:18 --------- d-----w c:\program files\Common Files\Macromedia
2008-11-29 14:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 14:53 --------- d-----w c:\program files\Logitech
2008-11-29 14:42 --------- d-----w c:\documents and settings\ADMIN\Application Data\iolo
2008-11-29 14:41 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2008-11-21 17:03 --------- d-----w c:\program files\WAV to MP3 Encoder
2008-11-20 23:17 --------- d-----w c:\program files\Trend Micro
2008-11-20 17:34 --------- d-----w c:\program files\Rapidown
2008-11-20 17:34 --------- d-----w c:\program files\MP3 Stream Creator
2008-11-16 19:19 --------- d-----w c:\documents and settings\ADMIN\Application Data\Azureus
2008-11-16 19:17 --------- d-----w c:\program files\Azureus
2008-11-16 19:17 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-11-16 19:14 27,904 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-16 19:08 --------- d--h--w c:\documents and settings\ADMIN\Application Data\FVSTemp
2008-11-16 19:04 --------- d--h--w c:\documents and settings\ADMIN\Application Data\IFBuilder
2008-11-16 17:44 --------- d-----w c:\program files\Chameleon Flash Pro edition
2008-11-15 00:35 --------- d-----w c:\program files\DivX
2008-11-01 18:01 --------- d-----w c:\program files\XoftSpySE
2008-11-01 13:15 --------- d-----w c:\program files\Vimicro
2008-10-28 23:18 --------- d-----w c:\program files\Java
2008-10-28 22:30 --------- d-----w c:\program files\Kontiki
2008-10-28 22:30 --------- d-----w c:\program files\Channel4
2008-10-28 22:29 --------- d-----w c:\documents and settings\All Users\Application Data\Channel4
2008-10-28 17:30 --------- d-----w c:\program files\Diskeeper Corporation
2008-10-28 17:30 --------- d-----w c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 12:28 --------- d-----w c:\program files\Microsoft Silverlight
2008-01-26 22:26 2,025 ----a-w c:\program files\tcshineppro.log
2008-01-26 22:03 36,868 ----a-w c:\program files\uninst-Echospace.exe
2008-01-26 21:54 36,868 ----a-w c:\program files\uninst-Starglow.exe
2008-01-26 15:17 3,920 ----a-w c:\program files\mbsuite21.log
2008-01-26 15:16 6,844 ----a-w c:\program files\mbsuite20.log
2007-04-16 23:31 87,608 ----a-w c:\documents and settings\ADMIN\Application Data\ezpinst.exe
2007-04-16 23:31 47,360 ----a-w c:\documents and settings\ADMIN\Application Data\pcouffin.sys
2007-04-08 13:27 56 --sha-w c:\documents and settings\All Users\Application Data\dc64vg9.sys
2006-09-02 11:53 836 ----a-w c:\documents and settings\ADMIN\Application Data\ViewerApp.dat
2006-07-15 17:19 24,192 ----a-w c:\documents and settings\ADMIN\usbsermptxp.sys
2006-07-15 17:19 22,768 ----a-w c:\documents and settings\ADMIN\usbsermpt.sys
2006-05-03 17:22 114,545,029 ----a-w c:\documents and settings\ADMIN\Tom Tom 5 Mobile.zip
2006-04-28 22:06 650,880 ----a-w c:\documents and settings\ADMIN\Desktop.zip
2003-11-03 17:07 499,712 ----a-w c:\program files\msvcp71.dll
2003-11-03 17:07 348,160 ----a-w c:\program files\msvcr71.dll
2003-05-30 09:22 344,064 ----a-r c:\program files\msvcr70.dll
2002-01-05 03:40 487,424 ----a-w c:\program files\msvcp70.dll
2008-04-14 00:12 50,688 --sha-w c:\windows\twain_32.dll
2008-09-08 21:11 6,840 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
2008-04-14 00:11 1,028,096 --sha-w c:\windows\SYSTEM32\mfc42.dll
2008-04-14 00:12 57,344 --sha-w c:\windows\SYSTEM32\msvcirt.dll
2008-04-14 00:12 413,696 --sha-w c:\windows\SYSTEM32\msvcp60.dll
2008-04-14 00:12 343,040 --sha-w c:\windows\SYSTEM32\msvcrt.dll
2008-04-14 00:12 551,936 --sha-w c:\windows\SYSTEM32\oleaut32.dll
2008-04-14 00:12 84,992 --sha-w c:\windows\SYSTEM32\olepro32.dll
2008-04-14 00:12 11,776 --sha-w c:\windows\SYSTEM32\regsvr32.exe
2008-09-04 17:59 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-21_19.17.42.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-11-13 17:02:00 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-22 00:14:11 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-11-13 17:11:00 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-22 00:14:00 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-13 17:11:00 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-22 00:14:01 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-13 17:11:00 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-12-22 00:14:00 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-11-13 17:11:00 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-22 00:14:00 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-11-13 17:11:00 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-22 00:14:01 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-13 17:11:00 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-22 00:14:01 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-13 17:11:00 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-22 00:14:01 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-13 17:11:00 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-22 00:14:00 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-13 17:11:00 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-22 00:14:00 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-13 17:11:00 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-22 00:14:01 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-13 17:11:00 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-22 00:14:01 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-13 17:11:00 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-22 00:14:00 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\SYSTEM32\advpack.dll
- 2008-09-04 18:02:23 16,384 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2008-12-22 00:23:32 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2008-09-04 18:02:23 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-22 00:23:45 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-04 18:02:23 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-22 00:23:45 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-26 07:24:28 124,928 ------w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-10-16 20:38:34 124,928 ------w c:\windows\SYSTEM32\DLLCACHE\advpack.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-10-23 12:36:14 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
- 2008-08-26 07:24:28 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-10-16 20:38:35 63,488 ------w c:\windows\SYSTEM32\DLLCACHE\icardie.dll
- 2008-08-25 08:37:59 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ------w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ------w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
- 2008-08-26 07:24:28 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ------w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll
- 2008-08-26 07:24:29 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\SYSTEM32\DLLCACHE\iernonce.dll
- 2008-08-26 07:24:29 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ------w c:\windows\SYSTEM32\DLLCACHE\iertutil.dll
- 2008-08-25 08:38:00 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
- 2008-08-23 05:56:15 635,848 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
+ 2008-10-15 07:06:26 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2006-10-18 20:03:58 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe
+ 2008-06-18 01:09:22 100,864 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe
- 2008-08-26 07:24:30 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ------w c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ------w c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2008-08-26 07:24:30 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2008-04-14 00:12:07 246,814 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
- 2008-08-26 07:24:30 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll
+ 2008-10-16 20:38:39 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-08-26 07:24:31 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2006-10-18 21:47:20 937,984 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetMgr.dll
+ 2008-06-18 05:03:08 938,496 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetmgr.dll
- 2006-10-18 21:47:22 2,450,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmvcore.dll
+ 2008-06-18 05:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\SYSTEM32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\SYSTEM32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\SYSTEM32\extmgr.dll
- 2008-04-14 00:11:54 285,184 ----a-w c:\windows\SYSTEM32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\SYSTEM32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\SYSTEM32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\SYSTEM32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\SYSTEM32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\SYSTEM32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\SYSTEM32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\SYSTEM32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\SYSTEM32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\SYSTEM32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\SYSTEM32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\SYSTEM32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\SYSTEM32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\SYSTEM32\jsproxy.dll
- 2006-10-18 20:03:58 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe
+ 2008-06-18 01:09:22 100,864 ----a-w c:\windows\SYSTEM32\logagent.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\SYSTEM32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\SYSTEM32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\SYSTEM32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\SYSTEM32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\SYSTEM32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\SYSTEM32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\SYSTEM32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\SYSTEM32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\SYSTEM32\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\SYSTEM32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\SYSTEM32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\SYSTEM32\pngfilt.dll
- 2008-04-14 00:12:07 246,814 ----a-w c:\windows\SYSTEM32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
- 2008-04-14 00:12:38 60,416 ------w c:\windows\SYSTEM32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\SYSTEM32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\SYSTEM32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\SYSTEM32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\SYSTEM32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\SYSTEM32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\SYSTEM32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll
- 2006-10-18 21:47:20 937,984 ----a-w c:\windows\SYSTEM32\WMNetMgr.dll
+ 2008-06-18 05:03:08 938,496 ----a-w c:\windows\SYSTEM32\WMNetmgr.dll
- 2006-10-18 21:47:22 2,450,944 ----a-w c:\windows\SYSTEM32\wmvcore.dll
+ 2008-06-18 05:03:14 2,458,112 ----a-w c:\windows\SYSTEM32\WMVCore.dll
+ 2008-12-22 00:21:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5a8.dat
+ 2008-12-22 00:18:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6c0.dat
+ 2008-12-22 00:18:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_c0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2005-02-16 81920]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"AsioReg"="CTASIO.DLL" [2003-02-20 c:\windows\SYSTEM32\CTASIO.DLL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\SYSTEM32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-27 18:14 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\ADMIN\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN^Start Menu^Programs^Startup^VirtualExpander.lnk]
backup=c:\windows\pss\VirtualExpander.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2008-04-21 12:38 684032 c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 06:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
--a------ 2008-08-15 04:46 378224 c:\progra~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
--a------ 2005-08-05 14:15 61440 c:\windows\VM305_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD50]
--a------ 2008-04-21 12:38 131157 c:\progra~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2005-05-31 05:33 122941 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-02 22:58 133104 c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2008-02-28 14:31 63048 c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
--a------ 2002-09-03 17:38 987187 c:\program files\WinCustomize\LogonStudio\LogonStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 16:16 1121792 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 08:25 1828136 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTV 300i Antenna Power]
--a------ 2005-07-06 19:09 90112 c:\program files\Pinnacle\Shared Files\drivers\Tools\PCTV 300i Antenna Power.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-10 14:26 406016 c:\windows\SYSTEM32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
--a------ 2006-04-27 15:47 65536 c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher]
--a------ 2007-01-30 10:30 94208 c:\program files\SimpleCenter\bin\win\sclauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-02-20 13:06 741376 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 09:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-02-20 16:45 28672 c:\windows\SYSTEM32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Java\\jre1.5.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe"=
"c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\WINDOWS\\SYSTEM32\\dlcccoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dlccPSWX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\XoftSpySE\\XoftSpy.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\helpctr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"54321:TCP"= 54321:TCP:Azureus
"54321:UDP"= 54321:UDP:Azureus
"51414:TCP"= 51414:TCP:Limwire
"41952:TCP"= 41952:TCP:Media server
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
"3703:TCP"= 3703:TCP:*:Disabled:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:*:Disabled:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:*:Disabled:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:*:Disabled:Adobe Version Cue CS4 Server

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys []
R2 Cepstral License Server;Cepstral License Server;"c:\program files\Cepstral\bin\CepstralLicSrv.exe" [2007-08-21 57344]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-11-29 595824]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-11-29 595824]
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-09-01 45848]
R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-02-28 827008]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\Drivers\LCcFltr.Sys [2006-09-17 14095]
R3 pctvnet;Pinnacle PCTV Ethernet Driver;c:\windows\system32\DRIVERS\pctvnet.sys [2006-02-28 9340]
S2 0045221229892902mcinstcleanup;McAfee Application Installer Cleanup (0045221229892902);c:\windows\TEMP\004522~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 713xTVCard;SAA7134 TV Card;c:\windows\system32\DRIVERS\SAA713x.sys [2005-03-15 277504]
S2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2005-02-06 265512]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\BTTUNER.sys [2005-02-06 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\BTXBAR.sys [2005-02-06 13308]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;"c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [2008-08-15 284016]
S3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\Drivers\avera800.sys [2006-01-21 41600]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2006-12-21 219264]
S3 HDR1USB;Nokia Music Player HDR-1™;c:\windows\system32\Drivers\hdr1usb.sys [2001-06-01 19008]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-01-22 33792]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-16 27904]
S3 ramirr;ramirr;c:\windows\system32\DRIVERS\ramirr.sys []
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2008-05-24 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2008-05-24 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2008-05-24 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sea1mgmt.sys [2008-05-24 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\DRIVERS\sea1nd5.sys [2008-05-24 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\sea1obex.sys [2008-05-24 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2008-05-24 90800]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2007-10-17 392316]
S4 LMIRfsClientNP;LMIRfsClientNP; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d8b5438-7dc3-11dd-8f07-00308d000000}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{655b9aee-d39d-11d9-a96a-0090d0b47572}]
\Shell\AutoRun\command - FlashDrive

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce201ed9-5bf3-11dd-8ed8-00308d000000}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

*Newly Created Service* - 0045221229892902MCINSTCLEANUP
*Newly Created Service* - MCPROXY
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-21 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:58]

2008-12-20 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2008-04-14 00:12]

2008-12-20 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-12-22 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-10-07 01:55]

2008-07-10 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-10-07 01:55]

2008-12-22 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]

2008-12-01 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local.,;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com -
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 00:35:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
Completion time: 2008-12-22 0:51:12
ComboFix-quarantined-files.txt 2008-12-22 00:51:04
ComboFix2.txt 2008-12-21 19:18:29

Pre-Run: 65,829,171,200 bytes free
Post-Run: 65,810,173,952 bytes free

595 --- E O F --- 2008-12-22 00:14:11

#18
ace101

Posted 21 December 2008 - 07:05 PM

Member

Topic Starter
Member
24 posts

New Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:25 AM, on 22-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\MsiExec.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {08829741-43FC-4ADB-90E2-9F980695253B} (Data_Version_Check.RegProcs) - http://www.hadleyhea...rsion_Check.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.5.1.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish...shUKActivia.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com.../crusher-uk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88CB960A-5419-4539-B401-B9C1BED697BB}: NameServer = 90.207.238.99
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: McAfee Application Installer Cleanup (0045221229892902) (0045221229892902mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\004522~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 15244 bytes

#19
Jimmy2012

Posted 21 December 2008 - 07:25 PM

Trusted Helper

Retired Staff
6,238 posts

Hello ace101,

Windows updates have also started to work now

That's good to hear.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\program files\uninst-Echospace.exe
c:\program files\uninst-Starglow.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt. Please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

#20
ace101

Posted 22 December 2008 - 07:54 AM

Member

Topic Starter
Member
24 posts

Hi, I did the combofix as you asked but was unable to get the log at the end of it, as it did give me one and there is none in the c:\.
I went back to that virus-scan site after combofix and it said unable to upload file so I'm assuming that it must be gone now.

Here is the latest hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {08829741-43FC-4ADB-90E2-9F980695253B} (Data_Version_Check.RegProcs) - http://www.hadleyhea...rsion_Check.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.5.1.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish...shUKActivia.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com.../crusher-uk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88CB960A-5419-4539-B401-B9C1BED697BB}: NameServer = 90.207.238.99
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: McAfee Application Installer Cleanup (0204031229947937) (0204031229947937mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\020403~1.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 15064 bytes

#21
Jimmy2012

Posted 22 December 2008 - 01:53 PM

Trusted Helper

Retired Staff
6,238 posts

Hello ace101,

but was unable to get the log at the end of it, as it did give me one and there is none in the c:\.
I went back to that virus-scan site after combofix and it said unable to upload file so I'm assuming that it must be gone now.

That's no problem, like you said they are gone.

STEP 1
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

STEP 2
Please do an online scan with Kaspersky WebScanner

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

~~~~~~~~~~~~~~
In your next reply please have these logs.
The Malwarebytes log
And the Kaspersky log

#22
ace101

Posted 23 December 2008 - 03:45 AM

Member

Topic Starter
Member
24 posts

The Malwarebytes log:

Malwarebytes' Anti-Malware 1.31
Database version: 1533
Windows 5.1.2600 Service Pack 3

22/12/2008 10:24:44 PM
mbam-log-2008-12-22 (22-24-44).txt

Scan type: Quick Scan
Objects scanned: 77907
Time elapsed: 9 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\a (Trojan.Agent) -> Delete on reboot.

The Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 23, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 22, 2008 20:52:41
Records in database: 1501730
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 414247
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 07:39:48

File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69BE3CEA.exe Infected: not-a-virus:AdWare.Win32.2Search.p 1
C:\Documents and Settings\ADMIN\Desktop\Shared Folder\boilsoft avi to dvd converter_ShareAccelerator.zip Infected: not-a-virus:AdWare.Win32.Shopper.am 1

The selected area was scanned.

#23
Jimmy2012

Posted 23 December 2008 - 12:20 PM

Trusted Helper

Retired Staff
6,238 posts

Hello ace101,

Please download the OTMoveIt3 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes
explorer.exe

:Files
C:\Documents and Settings\ADMIN\Desktop\Shared Folder\boilsoft avi to dvd converter_ShareAccelerator.zip

:Commands
[purity]
[start explorer]
[Reboot]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
~~~~~~~~~~~~
In your next reply please have these logs/info.
The OTMoveIt3 log
And please tell me how your computer is running

#24
ace101

Posted 23 December 2008 - 12:42 PM

Member

Topic Starter
Member
24 posts

Hello,

Here is the OTMoveIt3 log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\ADMIN\Desktop\Shared Folder\boilsoft avi to dvd converter_ShareAccelerator.zip moved successfully.
========== COMMANDS ==========
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12232008_182551

The pc was running fine until today, were these popup kept on opening so I did a scan in that program you sent me Malwarebytes' Anti-Malware 1.31. And this was able to get rid of them, since the scan the pc has been running fine, let me add the Malwarebytes' Anti-Malware log:

Malwarebytes' Anti-Malware 1.31
Database version: 1535
Windows 5.1.2600 Service Pack 3

23/12/2008 4:06:56 PM
mbam-log-2008-12-23 (16-06-56).txt

Scan type: Quick Scan
Objects scanned: 78484
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\ffxymhmm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tuvVOFwT.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\cbXOGXRh.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8cea8d0d-684c-4a70-a51b-edd0b51c500c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8cea8d0d-684c-4a70-a51b-edd0b51c500c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxogxrh (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8cea8d0d-684c-4a70-a51b-edd0b51c500c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\68eedd17 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvvofwt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvvofwt -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\ADMIN\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\tuvVOFwT.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TwFOVvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\TwFOVvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ffxymhmm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\mmhmyxff.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cbXOGXRh.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\ADMIN\Local Settings\temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temporary Internet Files\Content.IE5\0IEY2UGZ\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temporary Internet Files\Content.IE5\NQY0UMIF\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\rqRiHwXO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

after this I reset the pc and did another scan with the same program and in that scan it found nothing.

Thanks for the help.

#25
Jimmy2012

Posted 23 December 2008 - 01:20 PM

Trusted Helper

Retired Staff
6,238 posts

Hello ace101,

Please post a new HijackThis log in your next reply, lets make sure there is nothing else there.

#26
ace101

Posted 23 December 2008 - 01:22 PM

Member

Topic Starter
Member
24 posts

Hi, below is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:36 PM, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {bea0bb49-b3a6-9549-e104-433632a67f45} - {54f76a23-6334-401e-9459-6a3b94bb0aeb} - C:\WINDOWS\system32\zaflsp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {08829741-43FC-4ADB-90E2-9F980695253B} (Data_Version_Check.RegProcs) - http://www.hadleyhea...rsion_Check.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.5.1.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish...shUKActivia.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com.../crusher-uk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88CB960A-5419-4539-B401-B9C1BED697BB}: NameServer = 90.207.238.99
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0150511230056676) (0150511230056676mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\015051~1.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 15515 bytes

#27
Jimmy2012

Posted 23 December 2008 - 01:31 PM

Trusted Helper

Retired Staff
6,238 posts

Hello ace101,
Please delete ComboFix.exe and do the following.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt and a new HijackThis log in your next reply for further review.

#28
ace101

Posted 23 December 2008 - 01:35 PM

Member

Topic Starter
Member
24 posts

Hello ace101,
Please delete ComboFix.exe and do the following.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt and a new HijackThis log in your next reply for further review.

Hi, do you want me to delete combofix from the c:\ ?

#29
Jimmy2012

Posted 23 December 2008 - 01:39 PM

Trusted Helper

Retired Staff
6,238 posts

Hello ace101,

Nope, just ComboFix.exe on your Desktop.

Edited by Jimmy2012, 23 December 2008 - 01:39 PM.

#30
ace101

Posted 23 December 2008 - 02:35 PM

Member

Topic Starter
Member
24 posts

Hello ace101,

Nope, just ComboFix.exe on your Desktop.

Hi, ok done that, but I can't see any log at C:\ComboFix.txt ?

Here is the new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:30 PM, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {bea0bb49-b3a6-9549-e104-433632a67f45} - {54f76a23-6334-401e-9459-6a3b94bb0aeb} - C:\WINDOWS\system32\zaflsp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ADMIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {08829741-43FC-4ADB-90E2-9F980695253B} (Data_Version_Check.RegProcs) - http://www.hadleyhea...rsion_Check.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.5.1.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish...shUKActivia.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...SS.cab69309.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com.../crusher-uk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88CB960A-5419-4539-B401-B9C1BED697BB}: NameServer = 90.207.238.99
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0150511230056676) (0150511230056676mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\015051~1.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 15515 bytes