Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with Trojan-Downloader.Win32, etc. [Closed]

Started by dinz , Oct 30 2007 09:22 PM

  • This topic is locked This topic is locked

#1
dinz
Posted 30 October 2007 - 09:22 PM

dinz

    New Member

  • Member
  • Pip
  • 9 posts
Hello there, my system is heavily infected with Trojans. When reboot, error message "Cannot open volume for direct access" and the computer declares the disk checked. Desktop is lost and and all the threats cannot be disinfected.

Btw I'm running Windows XP Professional Version 2002 SP2

Really need some help to resolve this.

As directed I have performed this following steps.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/31/2007 at 06:42 AM

Application Version : 3.9.1008

Core Rules Database Version : 3333
Trace Rules Database Version: 1334

Scan type : Complete Scan
Total Scan Time : 01:21:37

Memory items scanned : 375
Memory threats detected : 1
Registry items scanned : 7515
Registry threats detected : 17
File items scanned : 62848
File threats detected : 5

Trojan.Net-Spoo1v
C:\WINDOWS\SYSTEM32\SPOO1V.EXE
C:\WINDOWS\SYSTEM32\SPOO1V.EXE

Trojan.Sino-sos/LPK
HKLM\Software\Classes\CLSID\{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}
HKCR\CLSID\{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}
HKCR\CLSID\{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}
HKCR\CLSID\{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}\InprocServer32
HKCR\CLSID\{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}\InprocServer32#ThreadingModel
HKCR\CLSID\{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}\ProgID
HKCR\CLSID\{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}\Programmable
HKCR\CLSID\{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}\TypeLib
HKCR\CLSID\{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\WBDICS.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}
HKCR\CLSID\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}
HKCR\CLSID\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}
HKCR\CLSID\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}\InprocServer32
HKCR\CLSID\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}\InprocServer32#ThreadingModel
HKCR\CLSID\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}\TypeLib
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\PCTOOLS\PCTOOLS.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}

Trojan.Downloader-Sino/QQ
C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011945.DLL

Adware.Tracking Cookie
C:\WINDOWS\system32\config\systemprofile\Cookies\system@thinkmedia[1].txt

---------------------------------------------------------------------------------------------------------

Logfile of Spyware Terminator v2.0.0.194 (db:1.0.996.756)
Scan Time: 10/31/2007 4:04:28 AM length: 1696 s
Platform: Windows XP Service Pack 2 (WINNT 5.1.2600)
User: Admin
Boot Mode: Safe
Scan type: Full_Spyware_Scan
Scanned Objects: 91756 (Critical:126)
Filter: No System items, No Safe items, No Invalid items

Running Processes
ZcfgSvc.exe [Intel Corporation] : C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.google.com/ie
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft....k/?LinkId=69157
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://client.jogo.c...esearch-en.html
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://client.jogo.c...msearch-en.html
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - [Pando] : C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
02 - BHO: CAdLogic Object - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - : C:\Program Files\Common Files\CPUSH\cpush0.dll
02 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - [Pando Networks] : C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
02 - BHO: Invoke Class - {3AA0903B-1E13-4865-B114-15792D413C41} - : C:\WINDOWS\system32\c671.dll
02 - BHO: IEAux Class - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - [??????????(CNNIC)] : C:\Program Files\OCINS\ieaux.dll
02 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - [Google Inc.] : C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
02 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - [Pando] : C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL

Toolbars
03 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - [Pando] : C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SPYWATCH : [BulletProofSoft.com] : C:\Program Files\BULLETPROOFSOFT.COM\SPYWAREREMOVER\SPYWATCH.EXE
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Pando : [Pando Networks] : C:\Program Files\PANDO NETWORKS\PANDO\PANDO.EXE
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Active Desktop Calendar : [XemiComputers ltd.] : C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, swg : [Google Inc.] : C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, hnu29 : [Microsoft Corporation] : C:\WINDOWS\Downloaded Program Files\hnu29.dll
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, IdnSvr : [?????????(CNNIC)] : C:\Program Files\OCINS\idnsvr.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WMAAD : [Sony Corporation] : C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, VC7Player : [H+H Software GmbH] : C:\Program Files\HHVcdV7Sys\VC7Play.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System : : C:\Program Files\Common Files\system\Updaterun.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LoadFujitsuQuickTouch : [FUJITSU LIMITED] : C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LoadBtnHnd : [FUJITSU LIMITED] : C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, IndicatorUtility : [FUJITSU LIMITED] : C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Fix-It AV : [V Communications, Inc.] : C:\Program Files\VCOM\SystemSuite\MemCheck.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, EOUApp : [Intel Corporation] : C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ASM : [AOL LLC] : C:\Program Files\AOL\ACTIVE SECURITY MONITOR\ASMONITOR.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AVP : [Kaspersky Lab] : C:\Program Files\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 7.0\AVP.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, txqgyi57 : : C:\WINDOWS\system32\TXQGYI57.DLL
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, drdhs : : C:\WINDOWS\system32\DRDHS.DLL
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, wnn74 : : C:\WINDOWS\system32\WNN74.DLL
04 - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs : [Kaspersky Lab] : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll
04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute : : C:\WINDOWS\system32\LSDELETE.EXE
04 - Startup: %START_PROGRAMSALL%\Startup\Adobe Acrobat Speed Launcher.lnk : C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

Shell Extensions
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll
dBpShell Class - {FED7043D-346A-414D-ACD7-550D052499A7} - : C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll
dMCIShell Class - {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} - : C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll
Shell Extension for CDRW - {950FF917-7A57-46BC-8017-59D9BF474000} - [Ahead Software AG] : C:\Program Files\Ahead\InCD\incdshx.dll
Microsoft Outlook - {00020D75-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL
Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL
- {42042206-2D85-11D3-8CFF-005004838597} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Program Files\Real\RealPlayer\rpshell.dll
Acrobat Elements Context Menu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - [Adobe Systems Inc.] : C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
Image Converter context menu - {C6643EC0-49AC-4c15-A455-04104DB900A9} - : C:\Program Files\Sony\IMAGE CONVERTER 3\CtxMenu.dll
Web Anti-Virus statistics - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - [Kaspersky Lab] : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

Protocol Filters
- {807553E5-5146-11D5-A672-00B0D022E945} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

Protocol Handler
Data Page Plugable Protocal mso-offdap11 Handler - {32505114-5902-49B2-880A-1F7738E5A384} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL

Services
23 - : C:\WINDOWS\system32\DRIVERS\adcyn7.sys
23 - [Broadcom Corporation] : C:\WINDOWS\system32\DRIVERS\b57xp32.sys
23 - : C:\WINDOWS\system32\DRIVERS\bhxcer41.sys
23 - [O2 Micro] : C:\WINDOWS\system32\drivers\o2mmb.sys
23 - [FUJITSU LIMITED] : C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\iaStor.sys
23 - : C:\WINDOWS\system32\DRIVERS\iokpky.sys
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\iwca.sys
23 - : C:\WINDOWS\system32\DRIVERS\kbbhw.sys
23 - [Kaspersky Lab] : C:\WINDOWS\system32\DRIVERS\klim5.sys
23 - : C:\WINDOWS\system32\drivers\msqmx.sys
23 - : C:\WINDOWS\system32\DRIVERS\qcgrwj19.sys
23 - : C:\WINDOWS\system32\DRIVERS\sdbig.sys
23 - [Sygate Technologies, Inc.] : C:\WINDOWS\system32\Drivers\Teefer.sys
23 - : C:\WINDOWS\system32\DRIVERS\txqgyi57.sys
23 - [Intel® Corporation] : C:\WINDOWS\system32\DRIVERS\w29n51.sys
23 - [Sygate Technologies, Inc.] : C:\WINDOWS\system32\DRIVERS\WPSDRVNT.SYS
23 - : C:\WINDOWS\system32\DRIVERS\wwarvj43.sys

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent, DLLName : [ATI Technologies Inc.] : C:\WINDOWS\system32\Ati2evxx.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless, DLLName : [Intel Corporation] : C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon, DLLName : [Kaspersky Lab] : C:\WINDOWS\system32\klogon.dll

Thread Files
<Adware CDN> [?????????(CNNIC)] : C:\Program Files\OCINS\idnsvr.exe
<Trojan/Back-IRC.Zapchast> : C:\Program Files\Common Files\system\Updaterun.exe
<Unreadable Binary Files> : C:\WINDOWS\system32\DRDHS.DLL
<Unreadable Binary Files> : C:\WINDOWS\system32\WNN74.DLL
<Adware CDN> [??????????(CNNIC)] : C:\Program Files\OCINS\ieaux.dll
<AdWare.W32.Cinmus> : C:\WINDOWS\system32\DRIVERS\ACPIDISK.SYS
<Unreadable Binary Files> : C:\WINDOWS\system32\DRIVERS\adcyn7.sys
<Unreadable Binary Files> : C:\WINDOWS\system32\DRIVERS\bhxcer41.sys
<Adware CDN> [??????????(CNNIC)] : C:\WINDOWS\system32\drivers\cnprov.sys
<Trojan/Dloader.Agent.ELI> : C:\WINDOWS\system32\DRIVERS\FU8B.SYS
<Adware CDN> [??????????(CNNIC)] : C:\WINDOWS\system32\drivers\idnaux.sys
<Unreadable Binary Files> : C:\WINDOWS\system32\DRIVERS\iokpky.sys
<Unreadable Binary Files> : C:\WINDOWS\system32\DRIVERS\kbbhw.sys
<Trojan/QQHelp-Gen> : C:\WINDOWS\system32\drivers\msqmx.sys
<Trojan/w32.RetRCT.PDR> : C:\WINDOWS\system32\DRIVERS\MXDISPDR.SYS
<Unreadable Binary Files> : C:\WINDOWS\system32\DRIVERS\qcgrwj19.sys
<Unreadable Binary Files> : C:\WINDOWS\system32\DRIVERS\sdbig.sys
<Unreadable Binary Files> : C:\WINDOWS\system32\DRIVERS\txqgyi57.sys
<Unreadable Binary Files> : C:\WINDOWS\system32\DRIVERS\wwarvj43.sys
<Adware CDN> [??????????(CNNIC)] : C:\Program Files\OCINS\uninstall.exe
<Trojan/QQHelp-Gen> : C:\WINDOWS\system32\advport.dll
<Adware CDN> : C:\WINDOWS\system32\cdnprh.dll
<Adware CDN> [??????????(CNNIC)] : C:\WINDOWS\system32\idnreg.dll
<MediaPass> : C:\WINDOWS\system32\ide21201.vxd
<Trojan/QQHelp-Gen> : C:\WINDOWS\system32\Score.txt
<Trojan/QQHelp-Gen> : C:\WINDOWS\system32\wbem\ocmor.dll
<Trojan/Back-IRC.Zapchast> : C:\WINDOWS\f2.exe
<Trojan/Back-IRC.Zapchast> : C:\WINDOWS\g3.exe
<Adware CDN> [??????????(CNNIC)] : C:\Program Files\OCINS\austr.dll
<Adware CDN> [??????????(CNNIC)] : C:\Program Files\OCINS\cndsv.dll
<Adware CDN> [??????????(CNNIC)] : C:\Program Files\OCINS\cnprovh.dll
<Adware CDN> [??????????(CNNIC)] : C:\Program Files\OCINS\config.exe
<Adware CDN> [??????????(CNNIC)] : C:\Program Files\OCINS\convf.dll
<Adware CDN> [??????????(CNNIC)] : C:\Program Files\OCINS\convs.dll
<Adware CDN> [?????????(CNNIC)] : C:\Program Files\OCINS\idnsvr.dll
<Adware CDN> [??????????(CNNIC)] : C:\Program Files\OCINS\srchsp.dll
<Adware CDN> [??????????] : C:\Program Files\OCINS\update\update.exe
<Adware CDN> : C:\Program Files\OCINS\cnrbtn.html
<Adware CDN> : C:\Program Files\OCINS\cnstc.ini
<Adware CDN> : C:\Program Files\OCINS\ctrcfg.ini
<Adware CDN> : C:\Program Files\OCINS\cuscfg.dat
<Adware CDN> : C:\Program Files\OCINS\idnaux.dat
<Adware CDN> : C:\Program Files\OCINS\kwacs.dat
<Adware CDN> : C:\Program Files\OCINS\kwrep.dat
<Adware CDN> : C:\Program Files\OCINS\ocinfo.dat
<Adware CDN> : C:\Program Files\OCINS\path.dat
<Adware CDN> : C:\Program Files\OCINS\usrcfg.ini
<Adware CDN> : C:\Program Files\OCINS\version.dat
<Adware CDN> : C:\Program Files\OCINS\update\data.cab
<Adware CDN> : C:\Program Files\OCINS\update\data2.cab
<Adware CDN> : C:\Program Files\OCINS\update\idnaux.dat
<Adware CDN> : C:\Program Files\OCINS\update\ocinfo.dat
<Adware CDN> : C:\Program Files\OCINS\update\path.dat
<Adware CDN> : C:\Program Files\OCINS\update\version.dat
<Trojan/Dloader.Adload.CHN> : C:\Documents and Settings\All Users\Application Data\t\a1613.dat
<Trojan/Dloader.Adload.CHN> : C:\Documents and Settings\All Users\Application Data\t\b1613.dat
<Trojan/Dloader.Adload.CHN> : C:\Documents and Settings\All Users\Application Data\t\k1613.dat
<Trojan/Dloader.Adload.CHN> : C:\Documents and Settings\All Users\Application Data\t\p1613.dat
<Trojan/Dloader.Adload.CHN> : C:\Documents and Settings\All Users\Application Data\t\r1613.dat
<Trojan/Dloader.Agent.ELI> : C:\Documents and Settings\All Users\Templates\temp.exe
<Zwinky-MWS> : C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
<AdWare.W32.Cinmus.PCT> [???(??)??????] : C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
<Trojan.Agent.adv> : C:\Documents and Settings\Kaven\sd.exe
<Trojan.Agent.adv> [Microsoft Corporation] : C:\Program Files\Common Files\Error Report\svdll.dll

--------------------------------------------------------------------------------------------------------------------------
LOGFILE Kaspersky Internet Security 7.0

Scan My Computer : completed

Scanned: 384867
Detected: 104
Untreated: 104
Start time: 10/31/2007 7:31:20 AM
Duration: 01:27:34
Finish time: 10/31/2007 8:58:54 AM


Detected

Status Object

detected: adware not-a-virus:AdWare.Win32.AdHelper.eb File: c:\windows\system32\xfoep.dll//PE_Patch
detected: Trojan program Trojan-Downloader.Win32.Agent.dix File: c:\windows\system32\drivers\adcyn7.sys
detected: Trojan program Trojan.Win32.BHO.gn File: c:\windows\system32\drivers\iokpky.sys
detected: Trojan program Trojan-Downloader.Win32.Agent.bbb File: c:\windows\system32\drivers\kbbhw.sys
detected: Trojan program Trojan.Win32.Agent.abe File: c:\windows\system32\drivers\qcgrwj19.sys
detected: Trojan program Trojan.Win32.Agent.bps File: c:\windows\system32\drivers\txqgyi57.sys
detected: Trojan program Trojan.Win32.BHO.dg File: c:\windows\system32\drivers\wwarvj43.sys
detected: Trojan program Backdoor.Win32.Agent.cgg File: c:\windows\system32\shdocvw32.dll
detected: Trojan program Trojan.Win32.Agent.bpt File: C:\WINDOWS\system32\txqgyi57.dll
detected: Trojan program Trojan.Win32.Agent.bkk File: c:\windows\system32\wuxztt.dll
detected: Trojan program Backdoor.Win32.Agent.cgg File: C:\System Volume Information\_restore{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP11\A0007932.dll
detected: Trojan program Trojan.Win32.StartPage.apb File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP11\A0007933.SYS
detected: adware not-a-virus:AdWare.Win32.BHO.jd File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP11\A0007934.DLL
detected: Trojan program Trojan.Win32.Agent.adv File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP11\A0007935.DLL
detected: Trojan program Trojan-Downloader.Win32.Agent.dvu File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP11\A0007936.EXE
detected: virus Worm.Win32.Agent.p File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP11\A0007937.EXE
detected: Trojan program Backdoor.Win32.Agent.cgg File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0007971.DLL
detected: Trojan program Trojan-Downloader.Win32.QQHelper.adn File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0007972.EXE
detected: virus Worm.Win32.Agent.p File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0007973.EXE
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0007974.EXE
detected: virus Worm.Win32.Agent.p File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0007975.EXE
detected: Trojan program Trojan.Win32.Agent.adv File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0008906.DLL
detected: Trojan program Trojan-Downloader.Win32.Agent.dvu File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0008907.EXE
detected: Trojan program Trojan-Downloader.Win32.QQHelper.adf File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0008908.DLL//PE_Patch
detected: Trojan program Trojan-Downloader.Win32.Agent.dix File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0008909.SYS
detected: Trojan program Trojan.Win32.StartPage.apb File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0008910.SYS
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0008911.DLL//UPack
detected: Trojan program Backdoor.Win32.Agent.cgg File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0008912.DLL
detected: adware not-a-virus:AdWare.Win32.BHO.jd File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0008914.DLL
detected: virus Worm.Win32.Agent.p File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0008915.EXE
detected: Trojan program Trojan-Dropper.Win32.Agent.cbc File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP12\A0008916.EXE
detected: Trojan program Backdoor.Win32.Agent.cgg File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP13\A0008922.DLL
detected: virus Worm.Win32.Agent.p File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP13\A0008923.EXE
detected: Trojan program Backdoor.Win32.Agent.cgg File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0008945.DLL
detected: Trojan program Trojan-Downloader.Win32.QQHelper.adn File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0008946.EXE
detected: virus Worm.Win32.Agent.p File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0008947.EXE
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0008948.EXE
detected: virus Worm.Win32.Agent.p File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0008949.EXE
detected: Trojan program Trojan.Win32.Agent.adv File: C:\System Volume Information\_restore{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011908.exe//data.rar/svdll.dll
detected: Trojan program Trojan.Win32.Agent.adv File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011909.DLL
detected: Trojan program Trojan-Downloader.Win32.Agent.dvu File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011910.EXE
detected: Trojan program Trojan-Downloader.Win32.Agent.bbb File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011911.EXE
detected: Trojan program Trojan.Win32.StartPage.apb File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011912.EXE
detected: Trojan program Trojan-Downloader.Win32.Agent.dix File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011913.SYS
detected: Trojan program Trojan-Dropper.Win32.Agent.cbc File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011914.EXE
detected: adware not-a-virus:AdWare.Win32.BHO.jd File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011918.DLL
detected: adware not-a-virus:AdWare.Win32.Cinmus.d File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011920.DLL
detected: Trojan program Trojan-Downloader.Win32.QQHelper.adf File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011941.DLL//PE_Patch
detected: Trojan program Trojan.Win32.StartPage.apb File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011942.SYS
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011953.DLL//UPack
detected: Trojan program Backdoor.Win32.Agent.cgg File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011954.DLL
detected: Trojan program Trojan-Downloader.Win32.QQHelper.afk File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011955.DLL
detected: Trojan program Trojan-Downloader.Win32.QQHelper.adn File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011956.EXE
detected: virus Worm.Win32.Agent.p File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011957.EXE
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011958.EXE
detected: virus Worm.Win32.Agent.p File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP14\A0011959.EXE
detected: Trojan program Backdoor.Win32.Agent.cgg File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011961.DLL
detected: Trojan program Trojan-Downloader.Win32.QQHelper.afk File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011963.DLL
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011964.DLL//UPack
detected: virus Worm.Win32.Agent.p File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011965.EXE
detected: Trojan program Trojan-Downloader.Win32.QQHelper.adn File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011966.EXE
detected: virus Worm.Win32.Agent.p File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011967.EXE
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011968.DLL//UPack
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\SYSTEM VOLUME INFORMATION\_RESTORE{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011969.EXE
detected: Trojan program Trojan-Downloader.Win32.Hmir.u File: C:\System Volume Information\_restore{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011970.exe
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\System Volume Information\_restore{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011973.exe
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\System Volume Information\_restore{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011979.dll//UPack
detected: Trojan program Backdoor.Win32.Agent.cgg File: C:\System Volume Information\_restore{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011980.dll
detected: Trojan program Trojan-Downloader.Win32.QQHelper.afk File: C:\System Volume Information\_restore{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011981.dll
detected: virus Worm.Win32.Agent.p File: C:\System Volume Information\_restore{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011982.exe
detected: Trojan program Trojan-Downloader.Win32.QQHelper.adn File: C:\System Volume Information\_restore{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011987.exe
detected: virus Worm.Win32.Agent.p File: C:\System Volume Information\_restore{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011988.exe
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\System Volume Information\_restore{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011989.exe
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\System Volume Information\_restore{24545FEF-B211-4ADD-BCD7-5B9C5DBE970B}\RP15\A0011990.dll//UPack
detected: Trojan program Trojan-Downloader.Win32.QQHelper.adn File: C:\Documents and Settings\Kaven\bind_50104.exe
detected: adware not-a-virus:AdWare.Win32.Cinmus.po File: C:\Documents and Settings\Kaven\dodolook020.exe//data0003//data0001
detected: adware not-a-virus:AdWare.Win32.Cinmus.j File: C:\Documents and Settings\Kaven\dodolook020.exe//data0003//data0004
detected: virus Worm.Win32.Agent.p File: C:\Documents and Settings\Kaven\ie.exe
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\Documents and Settings\Kaven\RGShell.dll//UPack
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\Documents and Settings\Kaven\spool.exe
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\Documents and Settings\Kaven\todd.exe//data.rar/RGShell.dll//UPack
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\Documents and Settings\Kaven\todd.exe//data.rar/spool.exe
detected: adware not-a-virus:AdWare.Win32.WSearch.aa File: C:\Documents and Settings\Kaven\Local Settings\Temp\cml204.tmp
detected: adware not-a-virus:AdWare.Win32.WSearch.aa File: C:\Documents and Settings\Kaven\Local Settings\Temp\cml26A.tmp
detected: adware not-a-virus:AdWare.Win32.WSearch.aa File: C:\Documents and Settings\Kaven\Local Settings\Temp\cml3E.tmp
detected: virus Worm.Win32.Agent.p File: C:\Program Files\Internet Explorer\iexp1ore.exe
detected: Trojan program Trojan-Downloader.Win32.Agent.ekz File: C:\WINDOWS\DOWNLOADED PROGRAM FILES\AW7C88.DLL
detected: Trojan program Trojan-Downloader.Win32.Agent.ecv File: C:\WINDOWS\DOWNLOADED PROGRAM FILES\BUM105ZV.DLL
detected: adware not-a-virus:AdWare.Win32.Agent.mf File: C:\WINDOWS\DOWNLOADED PROGRAM FILES\D2LEHM.DLL//PE_Patch.PECompact//PecBundle//PECompact
detected: Trojan program Trojan-Downloader.Win32.Agent.ecv File: C:\WINDOWS\DOWNLOADED PROGRAM FILES\EF7M.DLL
detected: Trojan program Trojan-Downloader.Win32.Agent.ekz File: C:\WINDOWS\DOWNLOADED PROGRAM FILES\KQVVN.DLL
detected: Trojan program Trojan-Downloader.Win32.Agent.ecv File: C:\WINDOWS\DOWNLOADED PROGRAM FILES\MHC27H.DLL
detected: Trojan program Trojan-Downloader.Win32.Agent.ebs File: C:\WINDOWS\DOWNLOADED PROGRAM FILES\R5F51RM.DLL
detected: Trojan program Trojan-Downloader.Win32.Agent.ekz File: C:\WINDOWS\DOWNLOADED PROGRAM FILES\S7R9.DLL
detected: Trojan program Trojan-Downloader.Win32.Agent.ecv File: C:\WINDOWS\DOWNLOADED PROGRAM FILES\SFB.DLL
detected: Trojan program Trojan-Downloader.Win32.Agent.ekz File: C:\WINDOWS\DOWNLOADED PROGRAM FILES\XN3725E.DLL
detected: Trojan program Trojan-Downloader.Win32.Agent.ebs File: C:\WINDOWS\DOWNLOADED PROGRAM FILES\Z7R5AILD.DLL
detected: Trojan program Trojan.Win32.BHO.qi File: c:\windows\system32\apphelps.dll
detected: Trojan program Trojan-Downloader.Win32.Agent.bbb File: C:\WINDOWS\SYSTEM32\DRDHS.DLL
detected: Trojan program Trojan.Win32.Agent.abe File: C:\WINDOWS\system32\kbdics.dll
detected: Trojan program Trojan-Downloader.Win32.Hmir.u File: C:\WINDOWS\SYSTEM32\KE3HUM539S.EXE
detected: adware not-a-virus:AdWare.Win32.Agent.fv File: C:\WINDOWS\system32\RGShell.dll//UPack
detected: Trojan program Trojan-Downloader.Win32.Agent.dix File: C:\WINDOWS\system32\wnn74.dll
detected: Trojan program Trojan-Downloader.Win32.QQHelper.afk File: C:\WINDOWS\SYSTEM32\WBEM\BPTBL.DLL

-------------------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:47:49 AM, on 10/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\67751.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Kaven\Desktop\SECURITY N SYSTEM UTILITIES\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\regsvr32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.c...esearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.c...msearch-en.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: sosHlpr Class - {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} - C:\WINDOWS\system32\wuxztt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\PCTOOLS\PCTOOLS.DLL (file missing)
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Invoke Class - {3AA0903B-1E13-4865-B114-15792D413C41} - C:\WINDOWS\system32\c671.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [VC7Player] C:\Program Files\HHVcdV7Sys\VC7Play.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [sdbig] %systemroot%\system32\regsvr32.exe /s %systemroot%\system32\apphelps.dll
O4 - HKLM\..\RunOnce: [qcgrwj19] %systemroot%\system32\regsvr32.exe /s %systemroot%\system32\kbdics.dll
O4 - HKLM\..\RunOnce: [drdhs] %systemroot%\system32\Rundll32.exe %systemroot%\system32\drdhs.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [iokpky] %systemroot%\system32\regsvr32.exe /s %systemroot%\system32\obcts.dll
O4 - HKLM\..\RunOnce: [bhxcer41] %systemroot%\system32\regsvr32.exe /s %systemroot%\system32\wbdics.dll
O4 - HKLM\..\RunOnce: [wnn74] %systemroot%\system32\Rundll32.exe %systemroot%\system32\wnn74.dll,DllUnregisterServer
O4 - HKCU\..\Run: [SPYWATCH] C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Access Internet Keyword - C:\Program Files\OCINS\cnrbtn.html
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: WebControlDeploy - https://grouper.com/...rouperSetup.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Windows Management Prints System (spoo1v) - Unknown owner - spoo1v.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Program Files\HHVcdV7Sys\VC7SecS.exe

---------------------------------------------------------------------------------------------------------------------------

Hijackthis Uninstall List

Active Desktop Calendar 4.8
Active Security Monitor 2.0.0.18
Ad-Aware 2007
Adobe Acrobat 7.0.9 Professional
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9
Adobe Photoshop 6.0
Adobe Reader 7.0.8
Adobe SVG Viewer
Agere Systems AC'97 Modem
ATI Display Driver
AVS VideoConverter 3.1.1.152
CCleaner (remove only)
Crawler Toolbar with Web Security Guard
dBpowerAMP Monkeys Audio Codec
dBpowerAMP mp3PRO Input Codec
dBpowerAMP Music Converter
dBpowerAMP Ogg Vorbis Codec
dBPowerAMP Real Audio Encoder R3
dBpowerAMP VTX Codec
dBpowerAMP Winamp Codec
dBpowerAMP WMA V8 Codec
Diablo II
dMC Auxiliary Input
dMC File Selector
dMC Generic CLI Encoder
dMC mp3PRO (CLI) Encoder
dMC Power Pack
DSL100U USB ADSL Modem
eMule
FlashGet 1.9.6.1073
Form Fill (Windows Live Toolbar)
Fruity Loops Studio XXL 5.01
Fujitsu Hotkey Utility
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HouseCall 6.6
Image Converter 3
Intel® PROSet/Wireless Software
IsoBuster 1.5
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_10
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
Kaspersky Internet Security 7.0
Kaspersky Internet Security 7.0
K-Lite Codec Pack 2.49 Full
LifeBook Application Panel
LimeWire 4.13.2
Macromedia Shockwave Player
Map Button (Windows Live Toolbar)
mCore
mDriver
mDrWiFi
mEoU.msi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mIWCA
Mixed In Key 2.5
mLogView
mMHouse
Mozilla Firefox (2.0.0.8)
mPfMgr
mPfWiz
mProSafe
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB927977)
mWlsSafe
mXML
mZConfig
Nero Suite
OneCare Advisor (Windows Live Toolbar)
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Orion Platinum v5.8
Pando
Pando Toolbar
PDF Manual NW-A800 Series
Popup Blocker (Windows Live Toolbar)
PowerDVD
PPLive 1.5.43
RealPlayer
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Up

Edited by dinz, 31 October 2007 - 08:06 AM.

  • 0

Advertisements

#2
kahdah
Posted 31 October 2007 - 10:48 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello dinz

Welcome to G2Go. :)

Please go here and download the newest version of Hijackthis.
Save it and install it to your Program Files folder.
Or anywhere as long as it is in its own Permanent folder.
=============================================
After that Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

In case you have used Combofix before, please delete the version you have and redownload it again, because Combofix is being updated everyday.

In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Even if it takes combofix a while to run please let it complete all steps and reboot the machine Do Not Stop it from running
  • 0

#3
dinz
Posted 01 November 2007 - 03:13 PM

dinz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
jhh

Edited by dinz, 01 November 2007 - 03:44 PM.

  • 0

#4
dinz
Posted 01 November 2007 - 04:08 PM

dinz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi there,

These are the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:47, on 2007-11-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\Program Files\HHVcdV7Sys\VC7Play.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: sosHlpr Class - {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} - C:\WINDOWS\system32\apphelps.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\PCTOOLS\PCTOOLS.DLL (file missing)
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Invoke Class - {3AA0903B-1E13-4865-B114-15792D413C41} - C:\WINDOWS\system32\c671.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [VC7Player] C:\Program Files\HHVcdV7Sys\VC7Play.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Vmlist] regsvr32 /s apphelps.dll
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [hnu29] rundll32 "C:\WINDOWS\Downlo~1\hnu29.dll",Run
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: WebControlDeploy - https://grouper.com/...rouperSetup.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: ms_2fax - Unknown owner - C:\WINDOWS\system32\67751.exe (file missing)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Windows Management Prints System (spoo1v) - Unknown owner - spoo1v.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Program Files\HHVcdV7Sys\VC7SecS.exe

--
End of file - 15459 bytes

----------------------------------------------------------------------------------------------------------------------------------

ComboFix 07-11-01.1 - Kaven 2007-11-02 5:51:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.220 [GMT 8:00]
Running from: C:\Documents and Settings\Kaven\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\t
C:\Documents and Settings\All Users\Application Data.\t\a2001.dat
C:\Documents and Settings\All Users\Application Data.\t\b2001.dat
C:\Documents and Settings\All Users\Application Data.\t\k2001.dat
C:\Documents and Settings\All Users\Application Data.\t\p2001.dat
C:\Documents and Settings\All Users\Application Data.\t\r2001.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ACPIDISK
-------\LEGACY_CNPROV
-------\LEGACY_IDNAUX
-------\LEGACY_MSQMX
-------\LEGACY_MS_2FAX
-------\LEGACY_MXDISPDR
-------\LEGACY_SOSCAR
-------\ms_2fax


((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 )))))))))))))))))))))))))))))))
.

2007-11-02 05:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\t
2007-11-02 04:45 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 04:34 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-02 04:33 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-10-31 09:40 <DIR> d-------- C:\Program Files\MSBuild
2007-10-31 09:36 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-10-31 09:35 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-10-31 09:34 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-10-31 09:33 <DIR> d-------- C:\WINDOWS\system32\DRM
2007-10-31 09:31 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-10-31 09:31 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-10-31 09:31 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-10-31 07:25 94,480 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-31 07:23 <DIR> d-------- C:\Documents and Settings\Kaven\Application Data\HouseCall 6.6
2007-10-31 04:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-31 04:49 <DIR> d-------- C:\Documents and Settings\Kaven\Application Data\SUPERAntiSpyware.com
2007-10-31 04:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-31 03:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-10-30 22:00 <DIR> d-------- C:\Program Files\WinClamAVShield
2007-10-30 21:59 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-10-30 20:54 <DIR> d-------- C:\Documents and Settings\Kaven\.housecall6.6
2007-10-30 20:02 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-30 20:02 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-30 20:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-10-30 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-30 20:01 3,585,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-30 20:01 37,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-30 20:00 <DIR> d-------- C:\KAV
2007-10-30 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-30 19:32 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-30 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-30 19:30 <DIR> d-------- C:\Program Files\FlashGet
2007-10-30 19:11 <DIR> d-------- C:\Documents and Settings\Kaven\Application Data\Sereniti
2007-10-30 19:09 <DIR> d-------- C:\Program Files\WinDirStat
2007-10-30 18:44 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-10-30 18:44 <DIR> d-------- C:\Program Files\Crawler
2007-10-30 18:44 <DIR> d-------- C:\Documents and Settings\Kaven\Application Data\Spyware Terminator
2007-10-30 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-10-30 18:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-30 18:15 <DIR> d-------- C:\Documents and Settings\Kaven\Application Data\SiteAdvisor
2007-10-30 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-30 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-30 17:55 <DIR> d-------- C:\Program Files\CCleaner
2007-10-30 03:46 1,467 --a------ C:\WINDOWS\mozver.dat
2007-10-30 03:14 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-29 06:00 <DIR> d-------- C:\Program Files\Incesoft
2007-10-28 12:42 <DIR> d-------- C:\Inetpub
2007-10-20 21:40 <DIR> d-------- C:\WINDOWS\pss
2007-10-09 07:17 86,016 --a------ C:\WINDOWS\system32\apphelps.dll
2007-10-09 06:51 45,056 --a------ C:\WINDOWS\system32\ke3hum539s.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-01 21:55 6,692 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-01 21:55 55,316 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-01 21:35 180,224 ----a-w C:\WINDOWS\system32\shdocvw32.dll
2007-11-01 21:29 224,216 -c--a-w C:\Documents and Settings\Kaven\RGShell.dll
2007-11-01 21:29 188,416 -c--a-w C:\Documents and Settings\Kaven\spool.exe
2007-11-01 21:25 282,624 -c--a-w C:\Documents and Settings\Kaven\ie.exe
2007-11-01 21:22 20,480 -c--a-w C:\Documents and Settings\Kaven\bind_50104.exe
2007-10-31 01:11 403,113 ----a-w C:\Documents and Settings\Kaven\todd.exe
2007-10-31 01:11 178,999 ----a-w C:\Documents and Settings\Kaven\dodolook020.exe
2007-10-30 20:38 --------- d-----w C:\Program Files\Common Files\Error Report
2007-10-30 09:55 --------- d-----w C:\Program Files\Yahoo!
2007-10-29 06:05 --------- d-----w C:\Program Files\Soulseek
2007-10-29 02:03 53,248 ----a-r C:\WINDOWS\system32\c671.dll
2007-10-29 02:03 53,248 ----a-r C:\WINDOWS\73e1.exe
2007-10-28 22:00 20,541 ----a-w C:\WINDOWS\system32\detoured.dll
2007-10-28 22:00 --------- d-----w C:\Program Files\MSN Messenger
2007-10-15 00:28 --------- d-----w C:\Program Files\Tencent
2007-10-14 02:03 --------- d-----w C:\Documents and Settings\Kaven\Application Data\TENCENT
2007-09-28 17:06 --------- d-----w C:\Program Files\Windows Live
2007-09-16 11:04 113,054 ----a-w C:\Documents and Settings\Kaven\(null)F9229844.DLL
2007-08-23 01:40 212,287 -c--a-w C:\WINDOWS\svd.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-13 10:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 10:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 10:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 10:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 10:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 10:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 10:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 10:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 10:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-04-26 10:43 113,054 -c--a-w C:\Documents and Settings\Kaven\(null)A74D8CC5.DLL
2007-04-20 22:03 113,054 -c--a-w C:\Documents and Settings\Kaven\(null)2C01D5.DLL
2007-03-30 03:12 113,054 -c--a-w C:\Documents and Settings\Kaven\(null)C76B36AA.DLL
2006-12-25 03:46 126,976 -c--a-w C:\Documents and Settings\Kaven\(null)8DCC927.DLL
2006-12-05 15:07 126,976 -c--a-w C:\Documents and Settings\Kaven\(null)577B03F.DLL
2006-11-02 17:36 113,054 -c--a-w C:\Documents and Settings\Kaven\(null)175E9A13.DLL
2006-10-17 07:44 113,054 -c--a-w C:\Documents and Settings\Kaven\(null)96F086CB.DLL
2006-09-15 12:56 126,976 -c--a-w C:\Documents and Settings\Kaven\(null)8D95466.DLL
2006-08-16 02:09 113,054 -c--a-w C:\Documents and Settings\Kaven\(null)E78E5330.DLL
2006-07-28 21:37 299,008 -c--a-w C:\Documents and Settings\Kaven\(null)BA8A64DE.DLL
2006-07-04 01:08 299,008 -c--a-w C:\Documents and Settings\Kaven\(null)2A859FC6.DLL
2006-02-04 16:07 299,008 -c--a-w C:\Documents and Settings\Kaven\(null)11FA7E3B.DLL
2005-10-30 08:05 126,976 -c--a-w C:\Documents and Settings\Kaven\(null)B95D3B11.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}]
2007-11-02 05:15 86016 --a------ C:\WINDOWS\system32\apphelps.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AA0903B-1E13-4865-B114-15792D413C41}]
2007-10-29 10:03 53248 -ra------ C:\WINDOWS\system32\c671.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-07-03 22:50 266240]

[HKEY_CLASSES_ROOT\CLSID\{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-07-03 22:50 266240]

[HKEY_CLASSES_ROOT\CLSID\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMAAD"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 18:41]
"VC7Player"="C:\Program Files\HHVcdV7Sys\VC7Play.exe" [2005-03-02 15:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SoundMan"="SOUNDMAN.EXE" [2004-07-28 00:01 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2004-08-10 17:48]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2004-08-10 17:47]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 11:27]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2004-08-04 16:19]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 14:39]
"Fix-It AV"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [2003-06-12 14:29]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 11:31]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 18:50 C:\WINDOWS\AGRSMMSG.exe]
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [2006-11-07 15:11]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"Vmlist"="regsvr32 /s apphelps.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-06-18 12:52]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [2005-02-01 15:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 23:31]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll


R0 adcyn7;adcyn;C:\WINDOWS\system32\DRIVERS\adcyn7.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R1 vdrv7000;vdrv7000;C:\WINDOWS\system32\DRIVERS\vdrv7000.sys
R2 VC7SecS;Virtual CD v7 Management Service;C:\Program Files\HHVcdV7Sys\VC7SecS.exe
R3 ATMEPVCM;Microsoft Ethernet PVC;C:\WINDOWS\system32\DRIVERS\atmepvc.sys
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S0 bhxcer41;bhxcer4;C:\WINDOWS\system32\DRIVERS\bhxcer41.sys
S0 iokpky;iokpk;C:\WINDOWS\system32\DRIVERS\iokpky.sys
S0 ipdname;ipdnam;C:\WINDOWS\system32\DRIVERS\ipdname.sys
S0 kbbhw;kbbh;C:\WINDOWS\system32\DRIVERS\kbbhw.sys
S0 qcgrwj19;qcgrwj1;C:\WINDOWS\system32\DRIVERS\qcgrwj19.sys
S0 sdbig;sdbi;C:\WINDOWS\system32\DRIVERS\sdbig.sys
S0 txqgyi57;txqgyi5;C:\WINDOWS\system32\DRIVERS\txqgyi57.sys
S0 wwarvj43;wwarvj4;C:\WINDOWS\system32\DRIVERS\wwarvj43.sys
S2 AtWork;Distributed Console Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs
S2 gafwload;DSL100U USB ADSL Modem Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys
S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys
S3 ATMEPVCP;Microsoft Ethernet PVC - RFC2684;C:\WINDOWS\system32\DRIVERS\atmepvc.sys
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys
S3 I97DRIVER;I97DRIVER;\??\C:\Program Files\VCOM\SystemSuite\dgs.sys
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe"
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys
S3 UKS11LDR;Midiman USB Keystation Loader;C:\WINDOWS\system32\drivers\uks11ldr.sys
S3 USBKS1X1;Midiman USB Keystation Midi Driver;C:\WINDOWS\system32\drivers\usbks1x1.sys
S3 wanusb;DSL100U USB ADSL Modem (RFC2364);C:\WINDOWS\system32\DRIVERS\gwausb.sys
S4 Http2api;Http2api;C:\WINDOWS\system32\attrib.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20113800-f4da-11d9-8bbc-0012f04d4488}]
\Shell\AutoRun\command - L:\ie.exe
\Shell\explore\Command - L:\ie.exe
\Shell\open\Command - L:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f48ec1e-eae7-11da-8dde-0012f04d4488}]
\Shell\AutoRun\command - J:\.\start\START.EXE /NOASSOC=.\readme.txt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8b431fb-f574-11d9-8bb1-0012f04d4488}]
\Shell\AutoRun\command - I:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 21:35:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 05:57:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-02 5:59:13 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-02 04:55
.
--- E O F ---

--------------------------------------------------------------------------------------------------------------------

After Combofix, I ran HIjackthis scan again

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:46 AM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\Program Files\HHVcdV7Sys\VC7Play.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Invoke Class - {3AA0903B-1E13-4865-B114-15792D413C41} - C:\WINDOWS\system32\c671.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [VC7Player] C:\Program Files\HHVcdV7Sys\VC7Play.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Vmlist] regsvr32 /s apphelps.dll
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [hnu29] rundll32 "C:\WINDOWS\Downlo~1\hnu29.dll",Run
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: WebControlDeploy - https://grouper.com/...rouperSetup.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Windows Management Prints System (spoo1v) - Unknown owner - spoo1v.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Program Files\HHVcdV7Sys\VC7SecS.exe

--
End of file - 15210 bytes



Thanks a lot..
  • 0

#5
kahdah
Posted 01 November 2007 - 06:24 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste them in)

C:\WINDOWS\system32\DRIVERS\adcyn7.sys
C:\WINDOWS\system32\DRIVERS\bhxcer41.sys
C:\WINDOWS\system32\DRIVERS\kbbhw.sys
C:\WINDOWS\system32\DRIVERS\qcgrwj19.sys
C:\WINDOWS\system32\DRIVERS\txqgyi57.sys
C:\WINDOWS\system32\DRIVERS\wwarvj43.sys
Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.
  • 0

#6
dinz
Posted 04 November 2007 - 10:20 AM

dinz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
VIRUS TOTAL RESULT

Antivirus Version Last Update Result
AhnLab-V3 2007.11.3.0 2007.11.02 -
AntiVir 7.6.0.30 2007.11.02 -
Authentium 4.93.8 2007.11.03 -
Avast 4.7.1074.0 2007.11.04 -
AVG 7.5.0.503 2007.11.04 -
BitDefender 7.2 2007.11.04 -
CAT-QuickHeal 9.00 2007.11.03 -
ClamAV 0.91.2 2007.11.04 -
DrWeb 4.44.0.09170 2007.11.04 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5264 2007.11.02 -
Ewido 4.0 2007.11.04 -
FileAdvisor 1 2007.11.04 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.03 -
F-Secure 6.70.13030.0 2007.11.02 -
Ikarus T3.1.1.12 2007.11.04 -
Kaspersky 7.0.0.125 2007.11.04 -
McAfee 5155 2007.11.02 -
Microsoft 1.2908 2007.11.04 -
NOD32v2 2636 2007.11.03 -
Norman 5.80.02 2007.11.02 -
Panda 9.0.0.4 2007.11.04 -
Prevx1 V2 2007.11.04 -
Rising 20.16.62.00 2007.11.04 -
Sophos 4.23.0 2007.11.04 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.04 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.11.03 -
VirusBuster 4.3.26:9 2007.11.03 -

----------------------------------------------------------------------------------------------------------------------

I cant open the jotti virus scan
  • 0

#7
kahdah
Posted 04 November 2007 - 10:24 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Is that for all of the files or just one?
  • 0

#8
dinz
Posted 04 November 2007 - 03:17 PM

dinz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
For all files
  • 0

#9
dinz
Posted 04 November 2007 - 03:26 PM

dinz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi there..
So very sorry, my previous post is incorrect..

---------

Scan Result

0 bytes size received / Se ha recibido un archivo vacio

Thanks
  • 0

#10
kahdah
Posted 04 November 2007 - 05:41 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\c671.dll
C:\WINDOWS\73e1.exe
C:\WINDOWS\svd.exe
C:\WINDOWS\system32\apphelps.dll
C:\WINDOWS\system32\DRIVERS\adcyn7.sys
C:\WINDOWS\system32\DRIVERS\iokpky.sys
C:\WINDOWS\system32\DRIVERS\bhxcer41.sys
C:\WINDOWS\system32\DRIVERS\kbbhw.sys
C:\WINDOWS\system32\DRIVERS\qcgrwj19.sys
C:\WINDOWS\system32\DRIVERS\sdbig.sys
C:\WINDOWS\system32\DRIVERS\txqgyi57.sys
C:\WINDOWS\system32\DRIVERS\wwarvj43.sys
C:\WINDOWS\Downlo~1\hnu29.dll

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AA0903B-1E13-4865-B114-15792D413C41}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vmlist"=-

Driver::
"adcyn"
"iokpky"
"bhxcer41"
"kbbhw"
"qcgrwj19"
"sdbig"
"txqgyi57"
"wwarvj43"


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please save the following report/log into to post in your next reply:
  • Combofix.txt .
===========================================
After that double-click the SUPERantispyware icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
  • Close browsers before scanning
  • Scan for tracking cookies
  • Scan for Alternate Data streams
  • Terminate memory threats before quarantining.
  • Please leave the others unchecked.
  • Click the Close button to leave the control center screen.
*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Then run Superantispyware.
  • Double click on the icon to start Superantispyware.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
1. To retrieve the removal information for me please do the following:
2. After reboot, double-click the SUPERAntispyware icon on your desktop.
3. Click Preferences. Click the Statistics/Logs tab.
4. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
5. It will open in your default text editor (such as Notepad/Wordpad).
6. Please highlight everything in the notepad, then right-click and choose copy.
7. Click close and close again to exit the program.
Save the log information. If needed (still infected) paste this info along with your HijackThis log.
==================================
Please post these logs:
New Hijackthis log
Combofix log
Superantispyware log
  • 0

Advertisements

#11
dinz
Posted 06 November 2007 - 12:32 PM

dinz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
These are the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:26, on 2007-11-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\Program Files\HHVcdV7Sys\VC7Play.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [VC7Player] C:\Program Files\HHVcdV7Sys\VC7Play.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [hnu29] rundll32 "C:\WINDOWS\Downlo~1\hnu29.dll",Run
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: WebControlDeploy - https://grouper.com/...rouperSetup.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Windows Management Prints System (spoo1v) - Unknown owner - spoo1v.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Program Files\HHVcdV7Sys\VC7SecS.exe

--
End of file - 15067 bytes

---------------------------------------------------------------------------------------------------------------------

ComboFix 07-11-06.4 - Kaven 2007-11-07 0:14:03.4 - NTFSx86
Running from: C:\Documents and Settings\Kaven\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kaven\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\73e1.exe
C:\WINDOWS\Downlo~1\hnu29.dll
C:\WINDOWS\svd.exe
C:\WINDOWS\system32\apphelps.dll
C:\WINDOWS\system32\c671.dll
C:\WINDOWS\system32\DRIVERS\adcyn7.sys
C:\WINDOWS\system32\DRIVERS\bhxcer41.sys
C:\WINDOWS\system32\DRIVERS\iokpky.sys
C:\WINDOWS\system32\DRIVERS\kbbhw.sys
C:\WINDOWS\system32\DRIVERS\qcgrwj19.sys
C:\WINDOWS\system32\DRIVERS\sdbig.sys
C:\WINDOWS\system32\DRIVERS\txqgyi57.sys
C:\WINDOWS\system32\DRIVERS\wwarvj43.sys
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\t
C:\Documents and Settings\All Users\Application Data.\t\a2001.dat
C:\Documents and Settings\All Users\Application Data.\t\b2001.dat
C:\Documents and Settings\All Users\Application Data.\t\k2001.dat
C:\Documents and Settings\All Users\Application Data.\t\p2001.dat
C:\Documents and Settings\All Users\Application Data.\t\r2001.dat
C:\WINDOWS\73e1.exe
C:\WINDOWS\Downlo~1\hnu29.dll
C:\WINDOWS\svd.exe
C:\WINDOWS\system32\67751.exe
C:\WINDOWS\system32\apphelps.dll
C:\WINDOWS\system32\c671.dll
C:\WINDOWS\system32\DRIVERS\adcyn7.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_BHXCER41
-------\LEGACY_IOKPKY
-------\LEGACY_KBBHW
-------\LEGACY_MS_2FAX
-------\LEGACY_QCGRWJ19
-------\LEGACY_SDBIG
-------\LEGACY_TXQGYI57
-------\LEGACY_WWARVJ43
-------\bhxcer41
-------\iokpky
-------\kbbhw
-------\ms_2fax
-------\qcgrwj19
-------\sdbig
-------\txqgyi57
-------\wwarvj43


((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
.

2007-11-02 17:27 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-02 04:45 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 04:34 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-02 04:33 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-10-31 09:40 <DIR> d-------- C:\Program Files\MSBuild
2007-10-31 09:36 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-10-31 09:35 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-10-31 09:34 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-10-31 09:33 <DIR> d-------- C:\WINDOWS\system32\DRM
2007-10-31 09:31 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-10-31 09:31 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-10-31 09:31 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-10-31 07:25 94,480 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-31 07:23 <DIR> d-------- C:\Documents and Settings\Kaven\Application Data\HouseCall 6.6
2007-10-31 04:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-31 04:49 <DIR> d-------- C:\Documents and Settings\Kaven\Application Data\SUPERAntiSpyware.com
2007-10-31 04:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-31 03:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-10-30 22:00 <DIR> d-------- C:\Program Files\WinClamAVShield
2007-10-30 21:59 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-10-30 20:54 <DIR> d-------- C:\Documents and Settings\Kaven\.housecall6.6
2007-10-30 20:02 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-30 20:02 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-30 20:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-10-30 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-30 20:01 4,132,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-30 20:01 54,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-30 20:00 <DIR> d-------- C:\KAV
2007-10-30 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-30 19:32 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-30 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-30 19:30 <DIR> d-------- C:\Program Files\FlashGet
2007-10-30 19:11 <DIR> d-------- C:\Documents and Settings\Kaven\Application Data\Sereniti
2007-10-30 19:09 <DIR> d-------- C:\Program Files\WinDirStat
2007-10-30 18:44 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-10-30 18:44 <DIR> d-------- C:\Program Files\Crawler
2007-10-30 18:44 <DIR> d-------- C:\Documents and Settings\Kaven\Application Data\Spyware Terminator
2007-10-30 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-10-30 18:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-30 18:15 <DIR> d-------- C:\Documents and Settings\Kaven\Application Data\SiteAdvisor
2007-10-30 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-30 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-30 17:55 <DIR> d-------- C:\Program Files\CCleaner
2007-10-30 03:46 1,467 --a------ C:\WINDOWS\mozver.dat
2007-10-30 03:14 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-29 06:00 <DIR> d-------- C:\Program Files\Incesoft
2007-10-28 12:42 <DIR> d-------- C:\Inetpub
2007-10-20 21:40 <DIR> d-------- C:\WINDOWS\pss
2007-10-09 06:51 45,056 --a------ C:\WINDOWS\system32\ke3hum539s.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-06 16:18 8,228 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-06 16:18 62,108 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-06 15:04 2,308 ----a-w C:\Program Files\instructions.txt
2007-11-06 14:57 282,624 -c--a-w C:\Documents and Settings\Kaven\ie.exe
2007-11-06 14:57 20,480 -c--a-w C:\Documents and Settings\Kaven\bind_50104.exe
2007-11-06 14:57 188,416 -c--a-w C:\Documents and Settings\Kaven\spool.exe
2007-11-06 14:30 --------- d-----w C:\Program Files\Soulseek
2007-11-05 05:03 403,113 ----a-w C:\Documents and Settings\Kaven\todd.exe
2007-11-05 05:03 178,999 ----a-w C:\Documents and Settings\Kaven\dodolook020.exe
2007-11-05 05:02 224,216 -c--a-w C:\Documents and Settings\Kaven\RGShell.dll
2007-10-30 20:38 --------- d-----w C:\Program Files\Common Files\Error Report
2007-10-30 09:55 --------- d-----w C:\Program Files\Yahoo!
2007-10-28 22:00 --------- d-----w C:\Program Files\MSN Messenger
2007-10-15 00:28 --------- d-----w C:\Program Files\Tencent
2007-10-14 02:03 --------- d-----w C:\Documents and Settings\Kaven\Application Data\TENCENT
2007-09-28 17:06 --------- d-----w C:\Program Files\Windows Live
2007-09-16 11:04 113,054 ----a-w C:\Documents and Settings\Kaven\(null)F9229844.DLL
2007-04-26 10:43 113,054 -c--a-w C:\Documents and Settings\Kaven\(null)A74D8CC5.DLL
2007-04-20 22:03 113,054 -c--a-w C:\Documents and Settings\Kaven\(null)2C01D5.DLL
2007-03-30 03:12 113,054 -c--a-w C:\Documents and Settings\Kaven\(null)C76B36AA.DLL
2006-12-25 03:46 126,976 -c--a-w C:\Documents and Settings\Kaven\(null)8DCC927.DLL
2006-12-05 15:07 126,976 -c--a-w C:\Documents and Settings\Kaven\(null)577B03F.DLL
2006-11-02 17:36 113,054 -c--a-w C:\Documents and Settings\Kaven\(null)175E9A13.DLL
2006-10-17 07:44 113,054 -c--a-w C:\Documents and Settings\Kaven\(null)96F086CB.DLL
2006-09-15 12:56 126,976 -c--a-w C:\Documents and Settings\Kaven\(null)8D95466.DLL
2006-08-16 02:09 113,054 -c--a-w C:\Documents and Settings\Kaven\(null)E78E5330.DLL
2006-07-28 21:37 299,008 -c--a-w C:\Documents and Settings\Kaven\(null)BA8A64DE.DLL
2006-07-04 01:08 299,008 -c--a-w C:\Documents and Settings\Kaven\(null)2A859FC6.DLL
2006-02-04 16:07 299,008 -c--a-w C:\Documents and Settings\Kaven\(null)11FA7E3B.DLL
2005-10-30 08:05 126,976 -c--a-w C:\Documents and Settings\Kaven\(null)B95D3B11.DLL
.

((((((((((((((((((((((((((((( snapshot@2007-11-02_ 5.58.25.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 10:40:05 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\magnify.exe
+ 2006-10-04 10:40:06 53,760 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\narrator.exe
+ 2006-10-04 10:40:06 215,552 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\osk.exe
+ 2006-10-04 14:05:57 35,840 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\umandlg.dll
+ 2006-10-04 10:40:06 50,176 ----a-w C:\WINDOWS\$hf_mig$\KB925720\SP2QFE\utilman.exe
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925720\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925720\update\updspapi.dll
- 2007-10-31 01:11:21 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\aw7c88.dll
+ 2007-11-05 05:02:53 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\aw7c88.dll
- 2007-10-31 01:11:21 49,152 -c--a-r C:\WINDOWS\Downloaded Program Files\bum105zv.dll
+ 2007-11-05 05:02:53 49,152 -c--a-r C:\WINDOWS\Downloaded Program Files\bum105zv.dll
- 2007-10-31 01:11:21 218,112 -c--a-w C:\WINDOWS\Downloaded Program Files\d2lehm.dll
+ 2007-11-06 17:00:42 218,112 -c--a-w C:\WINDOWS\Downloaded Program Files\d2lehm.dll
- 2007-10-31 01:11:21 49,152 -c--a-r C:\WINDOWS\Downloaded Program Files\ef7m.dll
+ 2007-11-05 05:02:57 49,152 -c--a-r C:\WINDOWS\Downloaded Program Files\ef7m.dll
- 2007-10-31 01:11:21 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\kqvvn.dll
+ 2007-11-05 05:02:57 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\kqvvn.dll
- 2007-10-31 01:11:21 49,152 -c--a-r C:\WINDOWS\Downloaded Program Files\mhc27h.dll
+ 2007-11-05 05:02:58 49,152 -c--a-r C:\WINDOWS\Downloaded Program Files\mhc27h.dll
- 2007-10-31 01:11:21 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\r5f51rm.dll
+ 2007-11-05 05:02:58 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\r5f51rm.dll
- 2007-10-31 01:11:21 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\s7r9.dll
+ 2007-11-05 05:02:58 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\s7r9.dll
- 2007-10-31 01:11:21 49,152 -c--a-r C:\WINDOWS\Downloaded Program Files\sfb.dll
+ 2007-11-05 05:02:58 49,152 -c--a-r C:\WINDOWS\Downloaded Program Files\sfb.dll
- 2007-10-31 01:11:21 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\xn3725e.dll
+ 2007-11-05 05:02:59 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\xn3725e.dll
- 2007-10-31 01:11:21 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\z7r5aild.dll
+ 2007-11-05 05:02:59 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\z7r5aild.dll
- 2006-10-14 08:43:18 27,648 -c----w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll
+ 2007-03-22 12:24:58 28,160 -c----w C:\WINDOWS\system32\dllcache\FilterPipelinePrintProc.dll
- 2004-08-04 13:00:00 72,704 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
+ 2006-10-04 08:48:36 72,704 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
- 2004-08-04 13:00:00 53,760 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
+ 2006-10-04 08:48:36 53,760 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
- 2004-08-04 13:00:00 215,552 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
+ 2006-10-04 08:48:37 215,552 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
- 2006-10-14 08:44:44 671,744 -c----w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
+ 2007-03-22 12:25:42 677,376 -c----w C:\WINDOWS\system32\dllcache\PrintFilterPipelineSvc.exe
- 2004-08-04 13:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\umandlg.dll
+ 2006-10-04 13:33:38 35,840 -c--a-w C:\WINDOWS\system32\dllcache\umandlg.dll
- 2004-08-04 13:00:00 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
+ 2006-10-04 08:48:37 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
- 2006-10-14 12:21:58 580,352 -c----w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
+ 2007-03-22 22:07:54 583,504 -c----w C:\WINDOWS\system32\dllcache\XPSSHHDR.dll
- 2006-10-14 12:22:00 1,698,048 -c----w C:\WINDOWS\system32\dllcache\XpsSvcs.dll
+ 2007-03-22 22:07:56 1,683,280 -c----w C:\WINDOWS\system32\dllcache\XpsSvcs.dll
- 2004-08-04 13:00:00 9,216 ----a-w C:\WINDOWS\system32\drdhs.dll
+ 2007-11-05 05:02:29 9,216 ----a-w C:\WINDOWS\system32\drdhs.dll
- 2007-04-16 15:52:53 73,728 ----a-w C:\WINDOWS\system32\kbdics.dll
+ 2007-11-05 05:02:33 73,728 ----a-w C:\WINDOWS\system32\kbdics.dll
- 2004-08-04 13:00:00 72,704 -c--a-w C:\WINDOWS\system32\magnify.exe
+ 2006-10-04 08:48:36 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
- 2006-11-04 12:25:50 1,321,744 ----a-w C:\WINDOWS\system32\msxml6.dll
+ 2007-05-15 07:43:10 1,320,800 ----a-w C:\WINDOWS\system32\msxml6.dll
- 2004-08-04 13:00:00 53,760 -c--a-w C:\WINDOWS\system32\narrator.exe
+ 2006-10-04 08:48:36 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
- 2004-08-04 13:00:00 215,552 -c--a-w C:\WINDOWS\system32\osk.exe
+ 2006-10-04 08:48:37 215,552 ----a-w C:\WINDOWS\system32\osk.exe
- 2006-10-14 08:43:38 124,416 ------w C:\WINDOWS\system32\prntvpt.dll
+ 2007-03-22 12:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
- 2007-11-01 21:35:39 180,224 ----a-w C:\WINDOWS\system32\shdocvw32.dll
+ 2007-11-04 15:45:59 180,224 ----a-w C:\WINDOWS\system32\shdocvw32.dll
- 2006-10-14 08:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2007-03-22 12:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdrv.dll
- 2006-10-14 08:42:40 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2007-03-22 12:24:34 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mxdwdui.dll
- 2006-10-14 08:42:18 376,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2007-03-22 12:24:06 376,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrv.dll
- 2006-10-14 08:42:28 510,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2007-03-22 13:03:54 749,568 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll
- 2006-10-14 08:40:36 619,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2007-03-22 13:03:58 761,344 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
- 2006-10-14 12:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2007-03-22 22:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XpsSvcs.dll
- 2006-10-14 08:44:44 671,744 ------w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2007-03-22 12:25:42 677,376 ------w C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
- 2006-10-14 09:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2007-03-22 12:53:16 746,496 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
- 2006-10-14 12:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2007-03-22 12:59:24 2,932,224 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
- 2006-10-14 09:12:14 737,792 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2007-03-22 12:53:16 746,496 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\mxdwdrv.dll
- 2006-10-14 12:09:04 2,946,304 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2007-03-22 12:59:24 2,932,224 ----a-w C:\WINDOWS\system32\spool\XPSEP\amd64\xpssvcs.dll
- 2006-10-14 08:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2007-03-22 12:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
- 2006-10-14 12:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2007-03-22 22:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\i386\xpssvcs.dll
- 2006-10-14 08:43:18 751,104 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2007-03-22 12:24:50 762,880 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\mxdwdrv.dll
- 2006-10-14 12:22:00 1,698,048 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2007-03-22 22:07:56 1,683,280 ----a-w C:\WINDOWS\system32\spool\XPSEP\i386\xpssvcs.dll
- 2004-08-04 13:00:00 35,840 -c--a-w C:\WINDOWS\system32\umandlg.dll
+ 2006-10-04 13:33:38 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
- 2004-08-04 13:00:00 50,176 -c--a-w C:\WINDOWS\system32\utilman.exe
+ 2006-10-04 08:48:37 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
- 2004-08-04 13:00:00 131,072 ----a-w C:\WINDOWS\system32\wnn74.dll
+ 2007-11-06 17:00:47 131,072 ----a-w C:\WINDOWS\system32\wnn74.dll
- 2007-04-16 15:52:53 73,728 ----a-w C:\WINDOWS\system32\wuxztt.dll
+ 2007-11-05 05:02:38 73,728 ----a-w C:\WINDOWS\system32\wuxztt.dll
- 2006-10-14 12:21:58 580,352 ------w C:\WINDOWS\system32\XPSSHHDR.dll
+ 2007-03-22 22:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
- 2006-10-14 12:22:00 1,698,048 ------w C:\WINDOWS\system32\XpsSvcs.dll
+ 2007-03-22 22:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-07-03 22:50 266240]

[HKEY_CLASSES_ROOT\CLSID\{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2007-07-03 22:50 266240]

[HKEY_CLASSES_ROOT\CLSID\{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMAAD"="C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 18:41]
"VC7Player"="C:\Program Files\HHVcdV7Sys\VC7Play.exe" [2005-03-02 15:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SoundMan"="SOUNDMAN.EXE" [2004-07-28 00:01 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2004-08-10 17:48]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2004-08-10 17:47]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 11:27]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2004-08-04 16:19]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 14:39]
"Fix-It AV"="C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe" [2003-06-12 14:29]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 11:31]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 18:50 C:\WINDOWS\AGRSMMSG.exe]
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [2006-11-07 15:11]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-06-18 12:52]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [2005-02-01 15:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 23:31]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll


R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R1 vdrv7000;vdrv7000;C:\WINDOWS\system32\DRIVERS\vdrv7000.sys
R2 VC7SecS;Virtual CD v7 Management Service;C:\Program Files\HHVcdV7Sys\VC7SecS.exe
R3 ATMEPVCM;Microsoft Ethernet PVC;C:\WINDOWS\system32\DRIVERS\atmepvc.sys
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S0 adcyn7;adcyn;C:\WINDOWS\system32\DRIVERS\adcyn7.sys
S0 ipdname;ipdnam;C:\WINDOWS\system32\DRIVERS\ipdname.sys
S2 AtWork;Distributed Console Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs
S2 gafwload;DSL100U USB ADSL Modem Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys
S3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys
S3 ATMEPVCP;Microsoft Ethernet PVC - RFC2684;C:\WINDOWS\system32\DRIVERS\atmepvc.sys
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys
S3 I97DRIVER;I97DRIVER;\??\C:\Program Files\VCOM\SystemSuite\dgs.sys
S3 ICScsiSV;Image Converter SCSI Service;C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe"
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys
S3 UKS11LDR;Midiman USB Keystation Loader;C:\WINDOWS\system32\drivers\uks11ldr.sys
S3 USBKS1X1;Midiman USB Keystation Midi Driver;C:\WINDOWS\system32\drivers\usbks1x1.sys
S3 wanusb;DSL100U USB ADSL Modem (RFC2364);C:\WINDOWS\system32\DRIVERS\gwausb.sys
S4 Http2api;Http2api;C:\WINDOWS\system32\attrib.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20113800-f4da-11d9-8bbc-0012f04d4488}]
\Shell\AutoRun\command - L:\ie.exe
\Shell\explore\Command - L:\ie.exe
\Shell\open\Command - L:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f48ec1e-eae7-11da-8dde-0012f04d4488}]
\Shell\AutoRun\command - J:\.\start\START.EXE /NOASSOC=.\readme.txt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8b431fb-f574-11d9-8bb1-0012f04d4488}]
\Shell\AutoRun\command - I:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-06 15:36:20 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 01:00:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-07 1:02:13 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-02 05:59
C:\ComboFix3.txt ... 2007-11-02 04:55
.
--- E O F ---

---------------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/07/2007 at 02:18 AM

Application Version : 3.9.1008

Core Rules Database Version : 3338
Trace Rules Database Version: 1339

Scan type : Complete Scan
Total Scan Time : 01:03:01

Memory items scanned : 192
Memory threats detected : 0
Registry items scanned : 7143
Registry threats detected : 0
File items scanned : 58083
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Kaven\Cookies\kaven@atdmt[2].txt
C:\Documents and Settings\Kaven\Cookies\kaven@mediaplex[1].txt

Trojan.Net-Spoo1v
C:\DOCUMENTS AND SETTINGS\KAVEN\SPOOL.EXE

Trojan.Downloader-Sino/QQ
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WBEM\BPTBL.DLL.VIR

Trojan.Downloader-Gen/MSXML-Fake
C:\WINDOWS\DOWNLOADED PROGRAM FILES\D2LEHM.DLL
  • 0

#12
kahdah
Posted 06 November 2007 - 04:52 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#13
dinz
Posted 11 November 2007 - 12:23 AM

dinz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Incident Status Location

Adware:adware/seekmo Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Potentially unwanted tool:application/funweb Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.com.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.xxxcounter.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.server.iad.liveperson.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.server.iad.liveperson.net/hc/24631554]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.server.iad.liveperson.net/hc/61201819]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.xiti.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.research-int.se/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.goclick.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.go.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.revenue.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.mysearch.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.888.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.adtech.de/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Kaven\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Kaven\Desktop\ComboFix.exe[nircmd.cfexe]
Virus:Generic Malware Not disinfected C:\Documents and Settings\Kaven\dodolook020.exe[²ÖÇ\5.exe][DoSSSetup.dll]
Adware:Adware/888Bar Not disinfected C:\Documents and Settings\Kaven\dodolook020.exe[²ÖÇ\5.exe][acpidisk.sys]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Kaven\todd.exe[RGShell.dll]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Kaven\todd.exe[spool.exe]
Adware:Adware/BaiduBar Not disinfected C:\qoobox\Quarantine\C\WINDOWS\871.bmp.vir
Adware:Adware/BaiduBar Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\5c1.dll.vir
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Downloaded Program Files\bum105zv.dll
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Downloaded Program Files\ef7m.dll
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Downloaded Program Files\kqvvn.dll
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Downloaded Program Files\mhc27h.dll
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Downloaded Program Files\s7r9.dll
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Downloaded Program Files\sfb.dll
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Adware:Adware/BaiduBar Not disinfected
  • 0

#14
dinz
Posted 11 November 2007 - 12:24 AM

dinz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Incident Status Location

Adware:adware/seekmo Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Potentially unwanted tool:application/funweb Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.com.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.xxxcounter.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.server.iad.liveperson.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.server.iad.liveperson.net/hc/24631554]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.server.iad.liveperson.net/hc/61201819]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.xiti.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.webpower.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.research-int.se/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.goclick.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.go.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.revenue.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.mysearch.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.888.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Kaven\Application Data\Mozilla\Firefox\Profiles\nz4yb2p1.default\cookies.txt[.adtech.de/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Kaven\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Kaven\Desktop\ComboFix.exe[nircmd.cfexe]
Virus:Generic Malware Not disinfected C:\Documents and Settings\Kaven\dodolook020.exe[²ÖÇ\5.exe][DoSSSetup.dll]
Adware:Adware/888Bar Not disinfected C:\Documents and Settings\Kaven\dodolook020.exe[²ÖÇ\5.exe][acpidisk.sys]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Kaven\todd.exe[RGShell.dll]
Virus:Trj/Downloader.MDW Not disinfected C:\Documents and Settings\Kaven\todd.exe[spool.exe]
Adware:Adware/BaiduBar Not disinfected C:\qoobox\Quarantine\C\WINDOWS\871.bmp.vir
Adware:Adware/BaiduBar Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\5c1.dll.vir
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Downloaded Program Files\bum105zv.dll
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Downloaded Program Files\ef7m.dll
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Downloaded Program Files\kqvvn.dll
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Downloaded Program Files\mhc27h.dll
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Downloaded Program Files\s7r9.dll
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\Downloaded Program Files\sfb.dll
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Adware:Adware/BaiduBar Not disinfected
  • 0

#15
kahdah
Posted 11 November 2007 - 07:54 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Some of the log was cut off if you could please repost it into 2 post so I can see all of it that would be great. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP