Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Been HiJacked!

Started by md6597 , Oct 06 2005 05:05 PM

  • Please log in to reply

#1
md6597
Posted 06 October 2005 - 05:05 PM

md6597

    New Member

  • Member
  • Pip
  • 4 posts
I have a bunch of things poping up at me all the time on ZAPro. If I shut if off, then my system goes kinda screwy. I have used Spybot S & D, Adaware SE. ewido, Trojan Hunter, ZAPro Anti Spyware, I have NAV installed and updated, and AVG. As far as these programs say my system is malware free... This is my last resort, any help would be appriciated.


Hijack This Log...

Logfile of HijackThis v1.99.1
Scan saved at 6:46:07 PM, on 10/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\BAITHI~1\INTRAN~1.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netpenny.net/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fgimvfkuc...rZlyh_PLW6R.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.simxwqkfn...Ru6Ds5kpBU.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netpenny.net/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netpenny.net/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Netpenny - It Just Makes Cents!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=200.48.218.178:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: XBTB00429 - {1395A06F-EEA0-4445-BA0C-E8B56B48E244} - C:\PROGRA~1\CRAMTO~1\untitled.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D62D7CD2-732A-7D32-6758-E428CA940E06} - C:\DOCUME~1\Matthew\APPLIC~1\DRIVEB~1\first ace.exe
O2 - BHO: (no name) - {EE9289C2-96BA-E306-348F-6B8D05BB151F} - C:\DOCUME~1\Matthew\APPLIC~1\PEAKWARN\DeadDebug.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [*WindowsUpd4] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [*javas] C:\WINDOWS\Fonts\javas.exe
O4 - HKLM\..\Run: [*cabac] C:\WINDOWS\inf\cabac.exe
O4 - HKLM\..\Run: [*logms] C:\WINDOWS\Cursors\logms.exe
O4 - HKLM\..\Run: [*cabfont] C:\WINDOWS\security\Database\cabfont.exe
O4 - HKLM\..\Run: [*ftpbak] C:\WINDOWS\ftpbak.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\Matthew\Application Data\ROXIO\PhotoSuite4\Temp\ROXIO00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: HushEncryptionEngine - https://mailserver1....ptionEngine.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potb_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {63C4C187-E23F-4A20-898C-62CAF22335F8} (WatchOCX.WatchX) - http://members.hu-ni...tv/WatchOCX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122174609004
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...3.21/ttinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O18 - Protocol: bw+0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: doseula - C:\DOCUME~1\Matthew\LOCALS~1\Temp\aluesod.dat (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Here is my ewido scan report....

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:43:37 PM, 09/09/2005
+ Report-Checksum: B1C3F6

+ Scan result:

HKLM\SOFTWARE\Classes\ATLEvents.ATLEvents -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\ATLEvents.ATLEvents\CLSID -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\ATLEvents.ATLEvents\CurVer -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{98BC949B-3D81-4750-836F-4BC57BD032EE} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{84D08759-079A-43DE-9D0D-0BFACE83B4D2} -> Spyware.iMatchup : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8A21BDC6-1EFB-48BC-AD76-D1DF95D34FB3} -> Spyware.iMatchup : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CED91B4B-9850-4601-A0A0-EC41A155E2D5} -> Spyware.iMatchup : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F7B91BD4-2325-47E1-8EBD-AA4262C577A5} -> Spyware.iMatchup : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F7B91BD4-2325-47E1-8EBD-AA4262C577A5} -> Spyware.iMatchup : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98BC949B-3D81-4750-836F-4BC57BD032EE} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-793999233-2915903831-1203752577-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-793999233-2915903831-1203752577-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-793999233-2915903831-1203752577-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F96FB7-8AF6-439B-B7BA-2F952F9E4800} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-793999233-2915903831-1203752577-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-793999233-2915903831-1203752577-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57E69D5A-6539-4D7D-9637-775DE8A385B4} -> Spyware.Xupiter : Cleaned with backup
HKU\S-1-5-21-793999233-2915903831-1203752577-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60112085-E1CE-4E0E-823A-EBB1AD98804C} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-793999233-2915903831-1203752577-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{68132581-10F2-416E-B188-4E648075325A} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-793999233-2915903831-1203752577-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-793999233-2915903831-1203752577-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8109AF33-6949-4833-8881-43DCC232B7B2} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-793999233-2915903831-1203752577-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98BC949B-3D81-4750-836F-4BC57BD032EE} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-793999233-2915903831-1203752577-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F32F8ECD-6CF3-459D-82F2-9738392C85A8} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-793999233-2915903831-1203752577-1005\Software\Traffix -> Spyware.iMatchup : Cleaned with backup
[1548] C:\WINDOWS\system32\csmrs.exe -> Trojan.Boxed.s : Cleaned with backup
[1640] C:\WINDOWS\System\CSRSS.EXE -> Backdoor.Robobot.af : Cleaned with backup
[1700] C:\WINDOWS\System\msveup.exe -> Worm.AllocUp.c : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.507:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Adition : Cleaned with backup
:mozilla.512:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Adition : Cleaned with backup
:mozilla.516:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.517:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\default.yc8\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\default.yc8\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\default.yc8\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\default.yc8\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\default.yc8\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\default.yc8\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\Application Data\rxctvjt.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\Application Data\vgoxmkp.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\Application Data\xstxmeehktr.exe -> TrojanDownloader.FunWeb : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\matthew@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Matthew\Desktop\crack.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Matthew\Desktop\NM_PaletteTool.exe -> Backdoor.Wootbot.z : Cleaned with backup
C:\Program Files\KaZaA Lite\TopSearch.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\addins\avhard.exe -> TrojanDownloader.Agent.l : Cleaned with backup
C:\WINDOWS\AppPatch\keyps.exe -> TrojanDownloader.Agent.l : Cleaned with backup
C:\WINDOWS\Config\dllvga.exe -> Trojan.Vundo : Cleaned with backup
C:\WINDOWS\Config\svcplay.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Cursors\playkb.exe -> Trojan.Vundo : Cleaned with backup
C:\WINDOWS\Fonts\cfax.exe -> Trojan.Vundo : Cleaned with backup
C:\WINDOWS\java\classes\libras.exe -> Trojan.Vundo : Cleaned with backup
C:\WINDOWS\java\mfckb.exe -> Trojan.Vundo : Cleaned with backup
C:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\Registration\pccab.exe -> Spyware.VirtuMonde : Cleaned with backup
C:\WINDOWS\security\logs\abrmc.exe -> Trojan.Vundo : Cleaned with backup
C:\WINDOWS\ServicePackFiles\infoexp.exe -> Trojan.Vundo : Cleaned with backup
C:\WINDOWS\system32\ctts.exe -> TrojanSpy.VBStat.a : Cleaned with backup
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost : Cleaned with backup
C:\WINDOWS\system32\drivers\etc\hosts.backup -> Trojan.Qhost : Cleaned with backup
C:\WINDOWS\Tasks\ftpmfc.exe -> Trojan.Vundo : Cleaned with backup
C:\WINDOWS\Tasks\mainvss.exe -> Trojan.Vundo : Cleaned with backup


::Report End
  • 0

Advertisements

#2
Buckeye_Sam
Posted 09 October 2005 - 06:19 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
md6597
Posted 10 October 2005 - 08:23 AM

md6597

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Sam, Thanks I need all the help I can get! Below is my fresh log...

Logfile of HijackThis v1.99.1
Scan saved at 10:22:12 AM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wisptis.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netpenny.net/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.terpdrwzh...bZlyh_PLW6R.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vtdovjjtn...dRu6Ds5kpBU.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netpenny.net/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netpenny.net/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Netpenny - It Just Makes Cents!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=200.48.218.178:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: XBTB00429 - {1395A06F-EEA0-4445-BA0C-E8B56B48E244} - C:\PROGRA~1\CRAMTO~1\untitled.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D62D7CD2-732A-7D32-6758-E428CA940E06} - C:\DOCUME~1\Matthew\APPLIC~1\DRIVEB~1\SHOW HOLD.exe
O2 - BHO: (no name) - {EE9289C2-96BA-E306-348F-6B8D05BB151F} - C:\DOCUME~1\Matthew\APPLIC~1\PEAKWARN\DeadDebug.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [*WindowsUpd4] C:\WINDOWS\WindowsUpd4.exe
O4 - HKLM\..\Run: [*javas] C:\WINDOWS\Fonts\javas.exe
O4 - HKLM\..\Run: [*cabac] C:\WINDOWS\inf\cabac.exe
O4 - HKLM\..\Run: [*logms] C:\WINDOWS\Cursors\logms.exe
O4 - HKLM\..\Run: [*cabfont] C:\WINDOWS\security\Database\cabfont.exe
O4 - HKLM\..\Run: [*ftpbak] C:\WINDOWS\ftpbak.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [rule locks book ford] C:\Documents and Settings\All Users\Application Data\bait hide rule locks\error type.exe
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [procburn] C:\DOCUME~1\Matthew\APPLIC~1\JUNKBA~1\Delete Else.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\Matthew\Application Data\ROXIO\PhotoSuite4\Temp\ROXIO00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: HushEncryptionEngine - https://mailserver1....ptionEngine.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potb_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {63C4C187-E23F-4A20-898C-62CAF22335F8} (WatchOCX.WatchX) - http://members.hu-ni...tv/WatchOCX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122174609004
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...3.21/ttinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O18 - Protocol: bw+0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: doseula - C:\DOCUME~1\Matthew\LOCALS~1\Temp\aluesod.dat (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#4
Buckeye_Sam
Posted 10 October 2005 - 11:03 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please follow these steps:
  • Please make sure that you can View Hidden Files
    • Click Start -> My Computer
    • Select Tools -> Folder options
    • Select the View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
    • Also make sure that 'Display the contents of system folders' is checked.
    • For more info on how to show hidden files click here.


  • Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.terpdrwzh...bZlyh_PLW6R.jpg
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vtdovjjtn...dRu6Ds5kpBU.jsp
    R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll
    O2 - BHO: XBTB00429 - {1395A06F-EEA0-4445-BA0C-E8B56B48E244} - C:\PROGRA~1\CRAMTO~1\untitled.dll
    O2 - BHO: (no name) - {D62D7CD2-732A-7D32-6758-E428CA940E06} - C:\DOCUME~1\Matthew\APPLIC~1\DRIVEB~1\SHOW HOLD.exe
    O2 - BHO: (no name) - {EE9289C2-96BA-E306-348F-6B8D05BB151F} - C:\DOCUME~1\Matthew\APPLIC~1\PEAKWARN\DeadDebug.exe
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\Cram Toolbar\untitled.dll
    O4 - HKLM\..\Run: [*WindowsUpd4] C:\WINDOWS\WindowsUpd4.exe
    O4 - HKLM\..\Run: [*javas] C:\WINDOWS\Fonts\javas.exe
    O4 - HKLM\..\Run: [*cabac] C:\WINDOWS\inf\cabac.exe
    O4 - HKLM\..\Run: [*logms] C:\WINDOWS\Cursors\logms.exe
    O4 - HKLM\..\Run: [*cabfont] C:\WINDOWS\security\Database\cabfont.exe
    O4 - HKLM\..\Run: [*ftpbak] C:\WINDOWS\ftpbak.exe
    O4 - HKLM\..\Run: [rule locks book ford] C:\Documents and Settings\All Users\Application Data\bait hide rule locks\error type.exe
    O4 - HKCU\..\Run: [procburn] C:\DOCUME~1\Matthew\APPLIC~1\JUNKBA~1\Delete Else.exe
    O18 - Protocol: bw+0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {25E3C0AD-4EC7-47AF-97E0-2133C06E3272} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: doseula - C:\DOCUME~1\Matthew\LOCALS~1\Temp\aluesod.dat (file missing)



  • Please reboot your computer in SafeMode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.
    • If you have trouble getting into Safe mode go here for more info.



  • Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist):


    C:\WINDOWS\WindowsUpd4.exe
    C:\WINDOWS\Fonts\javas.exe
    C:\WINDOWS\inf\cabac.exe
    C:\WINDOWS\Cursors\logms.exe
    C:\WINDOWS\security\Database\cabfont.exe
    C:\WINDOWS\ftpbak.exe
    C:\Documents and Settings\All Users\Application Data\bait hide rule locks <-- delete this folder
    C:\DOCUME~1\Matthew\APPLIC~1\JUNKBA~1 <-- delete this folder
    C:\DOCUME~1\Matthew\APPLIC~1\DRIVEB~1 <-- delete this folder
    C:\DOCUME~1\Matthew\APPLIC~1\PEAKWARN <-- delete this folder
    C:\Program Files\Cram Toolbar <-- delete this folder
Reboot your computer to go back to normal mode.


Please run Panda Online Virus Scan
  • You must allow the active-x control to run when asked.
  • There may be files that this scan will not remove.
  • Please include that information in your next post.
Reboot and post a new hijackthis log and the info from your virus scan.
  • 0

#5
md6597
Posted 12 October 2005 - 03:59 PM

md6597

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Completed Steps... Logs below...

Logfile of HijackThis v1.99.1
Scan saved at 5:55:34 PM, on 10/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netpenny.net/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mfelwgjjf...7Zlyh_PLW6R.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netpenny.net/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netpenny.net/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Netpenny - It Just Makes Cents!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=200.48.218.178:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D62D7CD2-732A-7D32-6758-E428CA940E06} - C:\DOCUME~1\Matthew\APPLIC~1\DRIVEB~1\first ace.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Documents and Settings\Matthew\Application Data\ROXIO\PhotoSuite4\Temp\ROXIO00000.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: HushEncryptionEngine - https://mailserver1....ptionEngine.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct0_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potb_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {63C4C187-E23F-4A20-898C-62CAF22335F8} (WatchOCX.WatchX) - http://members.hu-ni...tv/WatchOCX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122174609004
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...3.21/ttinst.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

------------

Active Scan Log...




Incident Status Location

Adware:adware/gator No disinfected C:\GatorPatch.log
Adware:adware/comet No disinfected Windows Registry
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MEOW PLAY SOFTWARE DART\Bike Cool.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MEOW PLAY SOFTWARE DART\Browsemfcd.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MEOW PLAY SOFTWARE DART\forooze.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MEOW PLAY SOFTWARE DART\team fast.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MEOW PLAY SOFTWARE DART\test bias.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\MEOW PLAY SOFTWARE DART\WmaSoft.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Application Data\Film stop log\jjvifauj.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Application Data\Film stop log\jzagorkj.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Application Data\Film stop log\lbhelahr.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Application Data\Film stop log\ldxaksky.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Application Data\Film stop log\lovebowschin.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Application Data\Film stop log\opvzzgho.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Application Data\Film stop log\Plus Hope Comp.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Application Data\Film stop log\pxrvsnhu.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Application Data\Film stop log\rukaagdr.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Application Data\Film stop log\uidiaifg.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Application Data\Film stop log\wzyfvptp.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Application Data\Film stop log\ytpxbxfc.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Application Data\Film stop log\znxjvwkz.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\1128dc6b.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\1173aba3.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\11bab823.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\11cd86a3.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\125e6498.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\1261725d.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\1470d7eb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\1f8f07.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\211f8e.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\269d94.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\314499a.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\3dc0.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\4321538.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\4b0b5b.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\9219cb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\a5e6ba.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\c806962e.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\c8069de4.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\ca972d90.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\cd2cf668.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\cd2dd444.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\dxuuudco.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\e6eaa95.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\ecf4db.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\fc57fdb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\kvfuzinh.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\kytoyifv.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\mvvoohca.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\sta4B7.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\sta6B.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\vlnmvyzj.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\xsnzhvjq.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Matthew\Local Settings\Temp\yorrvfgb.exe
Adware:Adware/Lop No disinfected C:\HJT\backups\backup-20051012-103652-299.dll
Adware:Adware/AbxSearch No disinfected C:\HJT\backups\backup-20051012-103652-924.dll
Virus:Trj/Qhost.gen Disinfected C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP0
Virus:Trj/Qhost.gen Disinfected C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP0.tmp
Adware:Adware/Comet No disinfected C:\WINDOWS\system32\comet.inf
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20050816-000046.backup
Virus:W32/Dedler.AE.worm Disinfected C:\WINDOWS\system32\sd32c.exe
Adware:Adware/CWS No disinfected C:\WINDOWS\system32\svcmn.dll
  • 0

#6
Buckeye_Sam
Posted 13 October 2005 - 07:48 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please delete these files that Panda found, but didn't get rid of for us.

C:\GatorPatch.log
C:\WINDOWS\system32\comet.inf
C:\WINDOWS\system32\sd32c.exe
C:\WINDOWS\system32\svcmn.dll


Now I need to see a different type of log from Hijackthis so we can get rid of your LOP infection.

Open Hijackthis, click "Open the Misc Tools section"
Next to "Generate StartupList log", place a check next to "List also minor sections" (full) and "List empty sections (complete).
Then click "Generate StartupList log"
Click "Yes" to the box that pops-up.
Then copy and paste the notepad text that appears to this topic.
  • 0

#7
md6597
Posted 14 October 2005 - 06:20 AM

md6597

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
StartupList report, 10/14/2005, 8:18:34 AM
StartupList version: 1.52.2
Started from : C:\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Matthew\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

srePostpone = rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

[Setup]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\System32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
(no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
(no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\DOCUME~1\Matthew\APPLIC~1\DRIVEB~1\first ace.exe (file missing) - {D62D7CD2-732A-7D32-6758-E428CA940E06}

--------------------------------------------------

Enumerating Task Scheduler jobs:

3BE2D0DA9A69C1F6.job
BD72D8F085EE50E8.job
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[HushEncryptionEngine]
CODEBASE = https://mailserver1....ptionEngine.cab
OSD = C:\WINDOWS\Downloaded Program Files\HushEncryptionEngine.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Yahoo! Chat]
CODEBASE = http://us.chat1.yimg...t/c381/chat.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Chat.osd

[Yahoo! Chess]
CODEBASE = http://download.game...nts/y/ct0_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Chess.osd

[Yahoo! Euchre]
CODEBASE = http://download.game...nts/y/et0_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Euchre.osd

[Yahoo! Pool 2]
CODEBASE = http://download.game...ts/y/potb_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Pool 2.osd

[{00000075-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...86/voxmsdec.CAB

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zon...ry/msgrchkr.cab

[Support.com Configuration Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
CODEBASE = http://support.chart...oad/tgctlcm.cab

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.micros...tes/ieawsdc.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://active.macrom...tor/cabs/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zon...MineSweeper.cab

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE = http://aolcc.aol.com...kup/qdiagcc.cab

[WatchOCX.WatchX]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WatchOCX.ocx
CODEBASE = http://members.hu-ni...tv/WatchOCX.CAB

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.micros...b?1122174609004

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...StatsClient.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...8256.5075115741

[SassCln Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SassCln.dll
CODEBASE = http://www.microsoft.../20/SassCln.CAB

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[YAddBook Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
CODEBASE = http://us.dl1.yimg.c...utocomplete.cab

[Toontown Installer ActiveX Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ttinst.dll
CODEBASE = http://download.toon...3.21/ttinst.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://sc.groups.msn...UC/MsnPUpld.cab

[Java Plug-in 1.4.1_02]
InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.4.2_05]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.4.2_06]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[NPX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\npx.ocx
CODEBASE = http://kr.pristontal...protect/npx.cab

[{D1ACD2D8-7312-4D06-BECD-90EB094D2277}]
CODEBASE = http://mediaplayer.w...ler/install.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://chat.msn.com/...s/msnchat45.cab

[Solitaire Showdown Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
CODEBASE = http://messenger.zon...ireShowdown.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Intel® 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter: System32\DRIVERS\AN983.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG Network Redirector: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys (autostart)
basic2: System32\DRIVERS\basic2.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
C-Dilla: \??\C:\WINDOWS\System32\drivers\CDANT.SYS (manual start)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation Service: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Cnxtdiag: System32\DRIVERS\cnxtdiag.sys (autostart)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Kodak Camera Proxy: system32\DRIVERS\DcCam.sys (system)
DcFpoint: system32\DRIVERS\DcFpoint.sys (manual start)
Kodak DCFS2K Driver: system32\drivers\dcfs2k.sys (autostart)
Legacy Polling Service: system32\DRIVERS\DcLps.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
dcptp: system32\DRIVERS\DcPTP.sys (manual start)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)
Satellite USB Driver: System32\DRIVERS\dpcnet5u.sys (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Exportit: system32\DRIVERS\exportit.sys (system)
NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver: System32\DRIVERS\FA312nd5.sys (manual start)
Fallback: System32\DRIVERS\fallback.sys (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\fsksnt.sys (autostart)
Absolute USB Serial Converter Driver: system32\drivers\ftdibus.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Absolute USB Loader Port Driver: system32\drivers\ftser2k.sys (manual start)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
giveio: \??\C:\WINDOWS\System32\giveio.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (autostart)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimFP5: System32\DRIVERS\wADV07nt.sys (manual start)
iAimFP6: System32\DRIVERS\wADV08nt.sys (manual start)
iAimFP7: System32\DRIVERS\wADV09nt.sys (manual start)
iAimFP8: System32\DRIVERS\wADV11nt.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
iAimTV5: System32\DRIVERS\wATV10nt.sys (manual start)
iAimTV6: System32\DRIVERS\wATV06nt.sys (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
InCDPass: System32\DRIVERS\InCDPass.sys (system)
InCD Helper: C:\Program Files\Ahead\InCD\InCDsrv.exe (autostart)
IntelIde: System32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\k56nt.sys (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051012.017\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051012.017\NavEx15.Sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Motorola iDEN P2k Device: system32\DRIVERS\P2k.sys (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (system)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PfModNT: \??\C:\WINDOWS\system32\drivers\PfModNT.sys (autostart)
Logitech QuickCam Express(PID_0920): System32\DRIVERS\LV532AV.SYS (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Rksample: System32\DRIVERS\rksample.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS (autostart)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
Dual Mode Camera (8008 VGA): system32\DRIVERS\sndp202.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
SoftFax: System32\DRIVERS\faxnt.sys (autostart)
Micro WebCam: System32\DRIVERS\SPCA508A.SYS (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{F36D09CD-D108-4A24-ADE5-A4AF066231A8} (manual start)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (disabled)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
SymWMI Service: "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" (autostart)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tones: System32\DRIVERS\tonesnt.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
Motorola USB Modem Driver: system32\DRIVERS\usbser.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
V124: System32\DRIVERS\v124nt.sys (autostart)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WMDM PMSP Service: C:\WINDOWS\system32\MsPMSPSv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (disabled)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 41,576 bytes
Report generated in 0.579 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#8
Buckeye_Sam
Posted 14 October 2005 - 07:35 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Open notepad and copy and paste this text in it:
%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h 3BE2D0DA9A69C1F6.job
del 3BE2D0DA9A69C1F6.job
attrib -r -s -h BD72D8F085EE50E8.job
del BD72D8F085EE50E8.job
deltree /y C:\Documents and Settings\All Users\Application Data\MEOW PLAY SOFTWARE DART
deltree /y C:\Documents and Settings\Matthew\Application Data\Film stop log

Save this as remjob.bat , choose to save it as *all files and place it on your desktop.

Doubleclick on remjob.bat. A doswindow will open and close again, this is normal.



Delete your temp files
  • Navigate to the C:\Windows\Temp folder.
    • Open the Temp folder
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Navigate to the C:\Windows\Prefetch folder.
    • Open the Prefetch folder
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Click Start -> Run and type %temp% in the Run box.
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Click Start -> Control Panel -> Internet Options.
    • Select the General tab
    • Under "Temporary Internet Files" Click "Delete Files".
    • Put a check by "Delete Offline Content" and click OK.
    • Click on the Programs tab then click the "Reset Web Settings" button.
    • Click Apply then OK.
  • Empty the Recycle Bin.


Reboot and run a new scan with Panda. Post the log from Panda and a new hijackthis log in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP