Avira antivirus program finds the trojans but can not move, rename or delete them. I tried to remove the clbcatex32.dll in safemode but it keeps coming back. Any ideas on what to do about these buggars?
Here are HJT, combofix and MBAM logs... THANKS!
ComboFix 08-12-29.01 - 2.4ghz of fury 2008-12-29 21:24:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.479.207 [GMT -5:00]
Running from: c:\documents and settings\2.4ghz of fury\Desktop\LOGS\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\2.4ghz of fury\Application Data\020000002883faca509C.manifest
c:\documents and settings\2.4ghz of fury\Application Data\020000002883faca509O.manifest
c:\documents and settings\2.4ghz of fury\Application Data\020000002883faca509P.manifest
c:\documents and settings\2.4ghz of fury\Application Data\020000002883faca509S.manifest
c:\program files\outlook
c:\windows\fnts~1
c:\windows\fnts~1\BLUEPD__.TTF
c:\windows\GnuHashes.ini
c:\windows\pppatc~1
c:\windows\system32\bang-006.ico
c:\windows\system32\bszip.dll
c:\windows\system32\grouppolicy\machine\scripts\scripts.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\10.setup.zip
c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.unpack.zip
c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.limepro.zip
c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.keygen.zip
c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd
c:\windows\system32\hjkkj.bak2
c:\windows\system32\nqstv.bak1
c:\windows\system32\nqstv.bak2
c:\windows\system32\nqstv.ini
c:\windows\system32\nqstv.ini2
c:\windows\system32\nqstv.tmp
c:\windows\system32\pqtwa.bak1
c:\windows\system32\pqtwa.bak2
c:\windows\system32\pqtwa.ini
c:\windows\system32\rqstv.bak1
c:\windows\system32\rqstv.bak2
c:\windows\system32\rqstv.ini
c:\windows\system32\scurit~1
c:\windows\system32\scurit~1\s?curity\
c:\windows\system32\wycdd.bak1
c:\windows\system32\wycdd.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.
28980-02-05 05:28 . 28980-02-05 05:28 3,120 --a------ c:\windows\system32\JIPE1H35.ocx
28980-02-05 05:28 . 28980-02-05 05:28 3,120 --a------ c:\windows\O498NP3Q.ocx
28980-02-05 05:28 . 28980-02-05 05:28 3,120 --a------ c:\windows\6459SFL2.ocx
2008-12-29 21:30 . 2008-12-29 21:31 <DIR> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-12-29 21:30 . 2008-12-29 21:30 373,760 --ahs---- c:\windows\system32\2.tmp
2008-12-29 18:23 . 2008-12-29 18:23 <DIR> d-------- c:\program files\CCleaner
2008-12-29 17:19 . 2008-12-29 17:21 35,328 --ahs---- c:\windows\Thumbs.db
2008-12-29 16:49 . 2008-12-29 16:49 <DIR> d-------- c:\program files\Avira
2008-12-29 16:49 . 2008-12-29 16:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-28 19:57 . 2008-12-28 20:00 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 18:31 . 2008-12-28 18:31 <DIR> d-------- c:\program files\Panda Security
2008-12-28 18:31 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-28 17:58 . 2008-12-28 17:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 17:58 . 2008-12-28 17:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-28 17:58 . 2008-12-28 17:58 <DIR> d-------- c:\documents and settings\2.4ghz of fury\Application Data\Malwarebytes
2008-12-28 17:58 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 17:58 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-27 12:15 . 2008-12-27 12:15 373,760 --ahs---- c:\windows\system32\6E.tmp
2008-12-27 12:15 . 2008-12-29 17:19 135,168 --a------ c:\windows\system32\clbcatex32.VIR000
2008-12-27 12:15 . 2008-12-29 17:05 135,168 --a------ c:\windows\system32\clbcatex32.VIR
2008-12-27 12:15 . 2008-12-29 21:17 135,168 --a------ c:\windows\system32\clbcatex32.dll
2008-12-27 10:58 . 2008-12-27 10:58 <DIR> d-------- c:\program files\LimeWire
2008-12-27 10:58 . 2008-12-27 13:16 <DIR> d-------- c:\documents and settings\2.4ghz of fury\Application Data\LimeWire
2008-12-25 15:24 . 2008-12-25 15:24 <DIR> d-------- c:\program files\iTunes
2008-12-25 15:24 . 2008-12-25 15:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 15:21 . 2008-12-25 15:22 <DIR> d-------- c:\program files\QuickTime
2008-12-22 17:46 . 2008-12-22 17:46 <DIR> d-------- c:\program files\Common Files\Software Update Utility
2008-12-22 17:46 . 2008-12-22 17:46 <DIR> d-------- c:\program files\AIM Toolbar
2008-12-22 17:46 . 2008-12-22 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar
2008-12-22 17:45 . 2008-12-22 17:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts
2008-11-01 09:01 . 2008-11-01 09:01 <DIR> d-------- c:\documents and settings\2.4ghz of fury\Application Data\Media Player Classic
2008-11-01 09:00 . 2008-11-01 09:00 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-01 09:00 . 2008-09-15 19:14 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-11-01 09:00 . 2008-09-24 13:41 839,680 --a------ c:\windows\system32\lameACM.acm
2008-11-01 09:00 . 2008-01-10 07:15 755,027 --a------ c:\windows\system32\xvidcore.dll
2008-11-01 09:00 . 2004-01-25 11:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-11-01 09:00 . 2008-01-10 07:16 159,839 --a------ c:\windows\system32\xvidvfw.dll
2008-11-01 09:00 . 2007-09-20 19:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2008-11-01 09:00 . 2008-09-15 19:12 81,920 --a------ c:\windows\system32\dpl100.dll
2008-11-01 09:00 . 2008-06-12 13:36 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-11-01 09:00 . 2007-07-10 11:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-11-01 09:00 . 2008-10-03 07:30 414 --a------ c:\windows\system32\lame_acm.xml
2008-11-01 09:00 . 2008-07-30 14:09 38 --a------ c:\windows\avisplitter.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 01:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-29 01:44 --------- d-----w c:\program files\NoAdware4
2008-12-28 02:50 --------- d-----w c:\program files\HP
2008-12-27 15:55 --------- d-----w c:\documents and settings\2.4ghz of fury\Application Data\Shareaza
2008-12-25 20:26 --------- d-----w c:\program files\Apple Software Update
2008-12-25 20:24 --------- d-----w c:\program files\iPod
2008-12-22 22:46 --------- d-----w c:\program files\AIM6
2008-12-22 22:44 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-29 20:32 --------- d-----w c:\documents and settings\2.4ghz of fury\Application Data\U3
2008-10-30 10:11 --------- d-----w c:\documents and settings\2.4ghz of fury\Application Data\uTorrent
2004-01-02 18:22 92,464 ----a-w c:\documents and settings\2.4ghz of fury\Application Data\GDIPFONTCACHEV1.DAT
1999-04-23 22:22 12 --sha-w c:\windows\system\WININETICMP32.drv
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-03-06 90182]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SiSPower"="SiSPower.dll" [2006-03-09 c:\windows\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 c:\windows\SOUNDMAN.EXE]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-12 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2008-05-12 161160]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2003-10-10 262144]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\MSN Gaming Zone\vile.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\24778b94509]
2008-12-29 21:17 135168 c:\windows\system32\clbcatex32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=C:\prefetch.bat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
?????????? [?]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
?????????? [?]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\explorer.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-28 28544]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-30 24652]
R3 rdsdrv;rdsdrv;c:\windows\system32\DRIVERS\rdsdrv.sys [2003-12-18 1162]
R3 TNET1130;802.11 WLAN;c:\windows\system32\DRIVERS\tnet1130.sys [2004-12-01 438912]
S IT iona_services.naming.scott MyDomain;IT iona_services.naming.scott MyDomain; []
S IT iona_services.node_daemon.scott MyDomain;IT iona_services.node_daemon.scott MyDomain; []
S4 Borrow;Borrow;d:\ideas\sec\lmgrd.exe []
S4 IT iona_services.config_rep.scott cfr-MyDomain;IT iona_services.config_rep.scott cfr-MyDomain;"d:\ideas\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe" -ORBproduct_dir "d:\ideas\Iona\OrbixE2A" -ORBlicense_file "d:\ideas\Iona\OrbixE2A\Licenses.txt" -ORBconfig_dir "d:\ideas\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "d:\ideas\Iona\OrbixE2A\etc\domains" -ORBdomain_name cfr-MyDomain -ORBname iona_services.config_rep.scott -plugin=config_rep it_jump_start []
S4 IT iona_services.locator.scott MyDomain;IT iona_services.locator.scott MyDomain;"d:\ideas\Iona\OrbixE2A\asp\5.1\bin\itlocator.exe" -ORBproduct_dir "d:\ideas\Iona\OrbixE2A" -ORBlicense_file "d:\ideas\Iona\OrbixE2A\Licenses.txt" -ORBconfig_dir "d:\ideas\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "d:\ideas\Iona\OrbixE2A\etc\domains" -ORBdomain_name MyDomain -ORBname iona_services.locator.scott -plugin=locator it_jump_start []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03d4086-87d8-11dd-9a77-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-17 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1189994748.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe []
2008-12-26 c:\windows\Tasks\{06EA61A2-0163-4EBD-B0D9-3BD1E1A82F02}_SCOTT_2.4ghz of fury.job
- c:\windows\system32\mobsync.exe [2004-08-04 02:56]
2008-12-26 c:\windows\Tasks\{CF2C674C-BA47-4136-8012-CD3C01C4A72E}_SCOTT_2.4ghz of fury.job
- c:\windows\system32\mobsync.exe [2004-08-04 02:56]
2008-12-29 c:\windows\Tasks\{D4C9CDCD-E33B-4243-BB6B-2A4600D57D86}_SCOTT_2.4ghz of fury.job
- c:\windows\system32\mobsync.exe [2004-08-04 02:56]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-DXDllRegExe - dxdllreg.exe
.
------- Supplementary Scan -------
.
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: locator.cdn.imageservr.com
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {266B9238-31A5-4B53-9039-272FE846DF9D} - hxxp://www.sis.com/download/SISTransfer.cab
c:\windows\Downloaded Program Files\SISTransfer.inf
c:\windows\Downloaded Program Files\Pixami Upload Control.ocx - c:\windows\Downloaded Program Files\DragDropUploadUI.ocx
O16 -: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1}
hxxp://www.photoworks.com/pixami/DragDropUploader.cab
c:\windows\Downloaded Program Files\DragDropUploader.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 21:30:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\GroupPolicy000.dat 0 bytes
c:\windows\system32\GroupPolicyManifest
scan completed successfully
hidden files: 2
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\System32\clbcatex32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-29 21:34:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-30 02:34:50
Pre-Run: 25,772,277,760 bytes free
Post-Run: 25,761,783,808 bytes free
251 --- E O F --- 2007-07-08 17:43:55
When first running WBAM it found a trojan named 2.tmp. I attempted to remove it, rebooted, re-ran MBAM as shown here;
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2
12/29/2008 10:03:49 PM
mbam-log-2008-12-29 (22-03-49).txt
Scan type: Quick Scan
Objects scanned: 54940
Time elapsed: 11 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:32 PM, on 12/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Auto run of VideoCam Suite 1.0.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/d...SISTransfer.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1183823893890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1183823884015
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photowork...ropUploader.cab
O20 - Winlogon Notify: 24778b94509 - C:\WINDOWS\System32\clbcatex32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\vile.html
O24 - Desktop Component 1: (no name) - http://tickers.ticke.../ad75/event.png
--
End of file - 9532 bytes