Jump to content


Photo

Internet Explorer is Always Running


  • Please log in to reply
28 replies to this topic

#1 andybigfoot2

andybigfoot2

    Member

  • Members
  • 28 posts

Posted 18 June 2007 - 05:07 PM

Hello, lately I have been having some pc problems. My internet explorer is always running, even when IE is not open. I have run multiple virus scans ( Norton, spybot, ad-aware, windows defender) and they come up with nothing that solves this problem. This is my HijackThis log:

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.break.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137607460546
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: SysTray.Exinv - {2363ECFC-4E5D-2f3b-B384-D67432FC72F6} - blank (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Thanks
-Andrew

#2 Wademan

Wademan

    Advanced Member

  • Anti-Spyware Brigade
  • 3,835 posts

Posted 18 June 2007 - 07:12 PM

Hello andybigfoot2 :wp:
You need to read this >> http://forums.pcpits...showtopic=36065 then post the HJT log in correct forum, which is here> http://forums.pcpits...hp?showforum=25 you can either re-post it there or ask one of our mods or admins to move this for you. You can PM one by scrolling down this page>> http://forums.pcpits...dex.php?act=idx at bottom of page you will see which ones are logged in, Mods are in ( green ) Admins are in ( Red ) simply click the user name ( mod or admin ) and pm them to ask this be moved for you, or repost in the hjt forum link above ( http://forums.pcpits...hp?showforum=25 )
Good luck.. :)
Wademan

#3 Jacee

Jacee

    Madam Admin <aka> Maude

  • Admins
  • 27,736 posts
  • Gender:Female


Posted 19 June 2007 - 12:04 PM

You have a lot of things running!

Please download Combofix from here:
http://www.techsuppo...Bs/ComboFix.exe
** Take note that the links are case sensitive

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

MS - MVP Consumer Security 2006 thru 2014


#4 andybigfoot2

andybigfoot2

    Member

  • Members
  • 28 posts

Posted 19 June 2007 - 03:10 PM

ComboFix 07-06-18.2 - C:\Documents and Settings\Andrew F\Desktop\ComboFix.exe
"Andrew F" - 2007-06-19 15:48:45 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\msxml3a.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


2007-06-19 15:55 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-06-19 15:46 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-19 15:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
2007-06-18 16:08 2,064,434 --a------ C:\Program Files\server_AV Devil.exe
2007-06-05 00:23 388,105 --ahs---- C:\WINDOWS\system32\klog.dat
2007-06-05 00:23 22,040 --a------ C:\DOCUME~1\ANDREW~1\APPLIC~1\addon.dat
2007-06-05 00:23 1,248,363 --a------ C:\WINDOWS\system32\svhost.exe
2007-06-04 18:10 78,848 --a------ C:\WINDOWS\system32\drivers\SSHDRV85.sys
2007-06-04 17:42 120,320 --a------ C:\WINDOWS\system32\drivers\SSHDRV65.sys
2007-06-03 23:54 132,429 --a------ C:\WINDOWS\unstall.exe
2007-06-03 01:56 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-06-03 01:56 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-06-03 01:56 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-06-03 01:56 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-06-03 01:56 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-06-03 01:56 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-06-03 01:55 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-06-03 01:55 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-06-03 01:55 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-06-03 01:55 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-06-03 01:55 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-06-03 01:55 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-05-30 18:05 <DIR> d-------- C:\Program Files\Common Files\Viewpoint
2007-05-30 18:05 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-05-28 01:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BetZip


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 18:35:35 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-19 18:35:28 -------- d-----w C:\Program Files\games
2007-06-19 18:26:35 -------- d-----w C:\Program Files\Steam
2007-06-15 06:25:27 -------- d-----w C:\Program Files\Stuff
2007-06-14 01:12:56 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-13 00:24:11 -------- d-----w C:\DOCUME~1\ANDREW~1\APPLIC~1\uTorrent
2007-06-05 05:01:07 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-02 18:18:34 -------- d-----w C:\Program Files\AIM6
2007-05-30 22:05:27 -------- d-----w C:\Program Files\Viewpoint
2007-05-28 05:14:09 -------- d-----w C:\Program Files\BetZip
2007-05-17 23:16:45 -------- d-----w C:\DOCUME~1\ANDREW~1\APPLIC~1\WinRAR
2007-05-17 22:31:57 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-06 05:49:21 -------- d--h--r C:\DOCUME~1\ANDREW~1\APPLIC~1\SecuROM
2007-05-05 18:52:40 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-05 15:55:04 -------- d-----w C:\Program Files\Bonjour
2007-05-05 15:43:24 -------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-22 06:39:10 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-22 06:39:09 20,640 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-04-22 06:39:09 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-04-19 17:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 17:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 17:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 17:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 17:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 17:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 17:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 17:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 17:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 17:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 17:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 17:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 17:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 17:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 17:26:00 3,988,384 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-19 17:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 17:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 17:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 17:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 17:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 17:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 17:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-19 17:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-19 17:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 17:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-19 17:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-19 17:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 17:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-19 17:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-19 17:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:29:41 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-04-01 03:17:19 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-03-28 22:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 22:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-25 19:34:16 200 ----a-w C:\WINDOWS\AUDC70UI.dat
2007-03-22 00:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-22 00:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-22 00:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2007-01-18 04:58:43 56 --sh--r C:\WINDOWS\system32\0C9A8A2A4D.sys
2005-06-22 06:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2007-01-18 04:58:43 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 21:12]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 06:33]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 03:14]
{A7327C09-B521-4EDB-8509-7D2660C9EC98}=C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [2007-05-23 11:44]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2006-02-05 01:03]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar5.dll [2007-01-20 00:55]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}=c:\Program Files\GoogleAFE\GoogleAE.dll [2005-12-08 16:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 11:47]
"MBMon"="CTMBHA.DLL" [2005-05-19 10:54 C:\WINDOWS\system32\CTMBHA.DLL]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{2363ECFC-4E5D-2f3b-B384-D67432FC72F6}"="blank" []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad Muncher]
C:\Program Files\Ad Muncher\AdMunch.exe /bt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1137713107\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver AutoDB]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\loaddr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvVideoCenter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RapidCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
MIDIDef.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
"C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"AOL ACS"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - GTNDIS5

Contents of the 'Scheduled Tasks' folder
2007-06-19 20:02:21 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-06-09 15:18:08 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Andrew F.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-19 16:00:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-19 16:06:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-19 16:06

--- E O F ---
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\msxml3a.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 18:35:35 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-19 18:35:28 -------- d-----w C:\Program Files\games
2007-06-19 18:26:35 -------- d-----w C:\Program Files\Steam
2007-06-15 06:25:27 -------- d-----w C:\Program Files\Stuff
2007-06-14 01:12:56 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-13 00:24:11 -------- d-----w C:\DOCUME~1\ANDREW~1\APPLIC~1\uTorrent
2007-06-05 05:01:07 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-02 18:18:34 -------- d-----w C:\Program Files\AIM6
2007-05-30 22:05:27 -------- d-----w C:\Program Files\Viewpoint
2007-05-28 05:14:09 -------- d-----w C:\Program Files\BetZip
2007-05-17 23:16:45 -------- d-----w C:\DOCUME~1\ANDREW~1\APPLIC~1\WinRAR
2007-05-17 22:31:57 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-06 05:49:21 -------- d--h--r C:\DOCUME~1\ANDREW~1\APPLIC~1\SecuROM
2007-05-05 18:52:40 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-05 15:55:04 -------- d-----w C:\Program Files\Bonjour
2007-05-05 15:43:24 -------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-22 06:39:10 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-22 06:39:09 20,640 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-04-22 06:39:09 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-04-19 17:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 17:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 17:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 17:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 17:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 17:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 17:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 17:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 17:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 17:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 17:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 17:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 17:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 17:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 17:26:00 3,988,384 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-19 17:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 17:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 17:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 17:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 17:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 17:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 17:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-19 17:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-19 17:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 17:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-19 17:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-19 17:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 17:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-19 17:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-19 17:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:29:41 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-04-01 03:17:19 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-03-28 22:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 22:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-25 19:34:16 200 ----a-w C:\WINDOWS\AUDC70UI.dat
2007-03-22 00:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-22 00:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-22 00:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2007-01-18 04:58:43 56 --sh--r C:\WINDOWS\system32\0C9A8A2A4D.sys
2005-06-22 06:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2007-01-18 04:58:43 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 21:12]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 06:33]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 03:14]
{A7327C09-B521-4EDB-8509-7D2660C9EC98}=C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [2007-05-23 11:44]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2006-02-05 01:03]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar5.dll [2007-01-20 00:55]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}=c:\Program Files\GoogleAFE\GoogleAE.dll [2005-12-08 16:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 11:47]
"MBMon"="CTMBHA.DLL" [2005-05-19 10:54 C:\WINDOWS\system32\CTMBHA.DLL]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{2363ECFC-4E5D-2f3b-B384-D67432FC72F6}"="blank" []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad Muncher]
C:\Program Files\Ad Muncher\AdMunch.exe /bt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1137713107\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver AutoDB]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\loaddr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvVideoCenter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RapidCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
MIDIDef.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
"C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"AOL ACS"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - GTNDIS5

Contents of the 'Scheduled Tasks' folder
2007-06-19 20:02:21 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-06-09 15:18:08 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Andrew F.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-19 16:07:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-19 16:08:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-19 16:08

--- E O F ---


Thats it

Here is the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 16:11, on 2007-06-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.break.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137607460546
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: SysTray.Exinv - {2363ECFC-4E5D-2f3b-B384-D67432FC72F6} - blank (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Edited by andybigfoot2, 19 June 2007 - 03:11 PM.


#5 Jacee

Jacee

    Madam Admin <aka> Maude

  • Admins
  • 27,736 posts
  • Gender:Female


Posted 19 June 2007 - 06:44 PM

Rescan with HJT, check these items:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
DO NOT check this item if you have set up a proxy server

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O21 - SSODL: SysTray.Exinv - {2363ECFC-4E5D-2f3b-B384-D67432FC72F6} - blank (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Close all windows except HJT, then click 'fix checked'.

Next, go to Add/Remove Programs and uninstall
Viewpoint
ViewpointManager
***see this article:
A "potentially unwanted program." It is a application that displays contextual advertisements while searching the web.
http://vil.mcafeesec...nt/v_137262.htm

Now reboot your computer and update your Java... The version that is showing is old and vulnerable to attacks.

Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1 allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
Reboot once again and download Avg-Anti-Spyware:

Download and install AVG Anti-Spyware v7.5
(This is Ewido 4.0 renamed. If you already have Ewido installed, please update to AVG Anti-Spyware which has a special "clean driver" for removing persistent malware.)
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling it's active protection features until your system is clean, then you can reenable them.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
  • Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next reply along with a fresh HJT log.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG AntiSpyware with its real-time protection disabled. Once your system is clean you may renable it so you can continue using this feature for the remainder of the trial period.

MS - MVP Consumer Security 2006 thru 2014


#6 andybigfoot2

andybigfoot2

    Member

  • Members
  • 28 posts

Posted 19 June 2007 - 07:30 PM

Thanks, but what is a proxy server?

#7 Jacee

Jacee

    Madam Admin <aka> Maude

  • Admins
  • 27,736 posts
  • Gender:Female


Posted 19 June 2007 - 08:00 PM

It could be whatever this is....C:\Program Files\server_AV Devil.exe
Do you know what it is? There is no information on Google about it.

Please continue with my instructions...

MS - MVP Consumer Security 2006 thru 2014


#8 andybigfoot2

andybigfoot2

    Member

  • Members
  • 28 posts

Posted 19 June 2007 - 10:38 PM

Yea, that was on my computer. I think I deleted it. Wait, nvm, its back... And there is no AVG anti spyware in the services list, I installed AVG anti virus. Nvm... I installed AVG anti spyware also now.

Edited by andybigfoot2, 19 June 2007 - 11:27 PM.


#9 andybigfoot2

andybigfoot2

    Member

  • Members
  • 28 posts

Posted 20 June 2007 - 12:55 AM

--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 01:43:21 AM 06/20/07 + Scan result: C:\Program Files\Stuff\Total_Video_Converter_3.02\Total Video Converter 3.02\Crack\Patch.exe -> Backdoor.Bifrose.aas : Cleaned. C:\Program Files\Total Video Converter\Patch.exe -> Backdoor.Bifrose.aas : Cleaned. C:\Program Files\server_AV Devil.exe -> Dropper.VB.on : Cleaned. C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP825\A0426186.exe -> Dropper.VB.on : Cleaned. C:\Documents and Settings\Andrew F\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-25df0b80-2c8353ef.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.40:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.6:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.7:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.8:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.9:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. :mozilla.10:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.11:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@2.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.129:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.130:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.131:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.134:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Adobe : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@com[1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.46:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.47:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@overture[1].txt -> TrackingCookie.Overture : Cleaned. :mozilla.137:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Paypal : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned. :mozilla.14:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.15:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.16:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.17:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.18:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.68:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.69:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.80:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.81:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.82:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.83:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.84:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@revsci[2].txt -> TrackingCookie.Revsci : Cleaned. :mozilla.32:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.33:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.34:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.92:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.93:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.94:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.95:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.96:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@toplist[1].txt -> TrackingCookie.Toplist : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.99:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.124:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@yadro[1].txt -> TrackingCookie.Yadro : Cleaned. :mozilla.112:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.113:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.114:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.115:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end

#10 andybigfoot2

andybigfoot2

    Member

  • Members
  • 28 posts

Posted 20 June 2007 - 08:07 AM

I did another scan in normal boot mode and this came up. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 09:04:03 AM 06/20/07 + Scan result: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP836\A0427566.exe -> Backdoor.Bifrose.aas : Cleaned. C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP836\A0427567.exe -> Backdoor.Bifrose.aas : Cleaned. C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP836\A0427565.exe -> Dropper.VB.on : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Andrew F\Cookies\andrew_f@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned. ::Report end

#11 Jacee

Jacee

    Madam Admin <aka> Maude

  • Admins
  • 27,736 posts
  • Gender:Female


Posted 20 June 2007 - 09:18 AM

Download ATF Cleaner http://www.atribune....tent/view/19/2/
Click "Main" > check 'select all' this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

Then go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.


Please post another Combofix and HJT log.

MS - MVP Consumer Security 2006 thru 2014


#12 andybigfoot2

andybigfoot2

    Member

  • Members
  • 28 posts

Posted 20 June 2007 - 10:07 AM

ComboFix 07-06-18.2 - C:\Program Files\Stuff\ComboFix.exe
"Andrew F" - 2007-06-20 10:56:00 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))


2007-06-20 00:28 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-19 21:00 <DIR> d-------- C:\Program Files\AutoCAD 2008
2007-06-19 21:00 <DIR> d-------- C:\DOCUME~1\ANDREW~1\APPLIC~1\Autodesk
2007-06-19 21:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-06-19 20:59 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-06-19 20:59 <DIR> d-------- C:\Program Files\Autodesk
2007-06-19 20:27 <DIR> d-------- C:\Program Files\PowerISO
2007-06-19 15:55 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-06-19 15:46 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-19 15:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
2007-06-05 00:23 421,044 --ahs---- C:\WINDOWS\system32\klog.dat
2007-06-05 00:23 22,040 --a------ C:\DOCUME~1\ANDREW~1\APPLIC~1\addon.dat
2007-06-05 00:23 1,248,363 --a------ C:\WINDOWS\system32\svhost.exe
2007-06-04 18:10 78,848 --a------ C:\WINDOWS\system32\drivers\SSHDRV85.sys
2007-06-04 17:42 120,320 --a------ C:\WINDOWS\system32\drivers\SSHDRV65.sys
2007-06-03 23:54 132,429 --a------ C:\WINDOWS\unstall.exe
2007-06-03 01:56 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-06-03 01:56 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-06-03 01:56 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-06-03 01:56 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-06-03 01:56 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-06-03 01:56 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-06-03 01:55 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-06-03 01:55 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-06-03 01:55 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-06-03 01:55 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-06-03 01:55 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-06-03 01:55 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-05-30 18:05 <DIR> d-------- C:\Program Files\Common Files\Viewpoint
2007-05-30 18:05 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-05-28 01:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BetZip


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-20 06:13:14 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-20 05:38:44 -------- d-----w C:\Program Files\Total Video Converter
2007-06-20 01:25:37 -------- d-----w C:\Program Files\Stuff
2007-06-20 00:54:56 -------- d-----w C:\DOCUME~1\ANDREW~1\APPLIC~1\uTorrent
2007-06-19 23:09:37 -------- d-----w C:\Program Files\MSECACHE
2007-06-19 22:45:54 -------- d-----w C:\Program Files\Viewpoint
2007-06-19 21:31:45 -------- d-----w C:\Program Files\CureROM
2007-06-19 18:35:35 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-19 18:35:28 -------- d-----w C:\Program Files\games
2007-06-19 18:26:35 -------- d-----w C:\Program Files\Steam
2007-06-05 05:01:07 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-02 18:18:34 -------- d-----w C:\Program Files\AIM6
2007-05-28 05:14:09 -------- d-----w C:\Program Files\BetZip
2007-05-17 23:16:45 -------- d-----w C:\DOCUME~1\ANDREW~1\APPLIC~1\WinRAR
2007-05-17 22:31:57 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-06 05:49:21 -------- d--h--r C:\DOCUME~1\ANDREW~1\APPLIC~1\SecuROM
2007-05-05 18:52:40 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-05 15:55:04 -------- d-----w C:\Program Files\Bonjour
2007-05-05 15:43:24 -------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-22 06:39:10 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-22 06:39:09 20,640 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-04-22 06:39:09 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-04-19 17:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-04-19 17:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-04-19 17:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-04-19 17:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-04-19 17:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-04-19 17:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2007-04-19 17:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-04-19 17:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-04-19 17:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-04-19 17:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 17:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-04-19 17:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-04-19 17:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-04-19 17:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 17:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-04-19 17:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-19 17:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-04-19 17:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-04-19 17:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 17:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-04-19 17:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-04-19 17:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-04-19 17:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-19 17:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-04-19 17:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-04-19 17:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-04-19 17:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-04-19 17:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-04-19 17:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:29:41 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-04-01 03:17:19 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-03-28 22:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 22:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-25 19:34:16 200 ----a-w C:\WINDOWS\AUDC70UI.dat
2007-03-22 00:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-22 00:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-22 00:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2007-01-18 04:58:43 56 --sh--r C:\WINDOWS\system32\0C9A8A2A4D.sys
2005-06-22 06:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2007-01-18 04:58:43 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 21:12]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 06:33]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2006-02-05 01:03]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar5.dll [2007-01-20 00:55]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}=c:\Program Files\GoogleAFE\GoogleAE.dll [2005-12-08 16:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 11:47]
"MBMon"="CTMBHA.DLL" [2005-05-19 10:54 C:\WINDOWS\system32\CTMBHA.DLL]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad Muncher]
C:\Program Files\Ad Muncher\AdMunch.exe /bt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1137713107\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver AutoDB]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\loaddr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvVideoCenter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RapidCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
MIDIDef.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
"C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"AOL ACS"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - GTNDIS5

Contents of the 'Scheduled Tasks' folder
2007-06-20 05:52:22 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-06-09 15:18:08 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Andrew F.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-20 11:01:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-20 11:03:06
C:\ComboFix-quarantined-files.txt ... 2007-06-20 11:02
C:\ComboFix2.txt ... 2007-06-19 16:08

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 10:53:54 AM, on 06/20/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.break.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1137607460546
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

#13 Jacee

Jacee

    Madam Admin <aka> Maude

  • Admins
  • 27,736 posts
  • Gender:Female


Posted 20 June 2007 - 12:20 PM

Your HJT log looks okay.

Please disconnect from the net....

Disable Windows Defender, as it might try to interfere:
Open Windows Defender
Tools
General Settings
Scroll down to "Realtime Protection Settings" and uncheck

Go to control panel > Add/Remove Programs and uninstall:
Total Video Converter

Reboot into safe mode
Restart the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

Show Hidden Files and Folders
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

UsingWindows Explorer, navigate to and delete:

C:\WINDOWS\system32\sfsync02.dll <--file

C:\Program Files\Total Video Converter <--folder

Re-hide 'hidden files and folders'.

Reboot normally and let me know how things are going

MS - MVP Consumer Security 2006 thru 2014


#14 andybigfoot2

andybigfoot2

    Member

  • Members
  • 28 posts

Posted 20 June 2007 - 03:15 PM

I use total video converter though...

#15 Jacee

Jacee

    Madam Admin <aka> Maude

  • Admins
  • 27,736 posts
  • Gender:Female


Posted 20 June 2007 - 03:40 PM

According to these items,
C:\Program Files\Stuff\Total_Video_Converter_3.02\Total Video Converter 3.02\Crack\Patch.exe -> Backdoor.Bifrose.aas : Cleaned.
C:\Program Files\Total Video Converter\Patch.exe -> Backdoor.Bifrose.aas : Cleaned.

Is this a program you paid for?

MS - MVP Consumer Security 2006 thru 2014


#16 andybigfoot2

andybigfoot2

    Member

  • Members
  • 28 posts

Posted 20 June 2007 - 03:43 PM

No... :shifty:

#17 Jacee

Jacee

    Madam Admin <aka> Maude

  • Admins
  • 27,736 posts
  • Gender:Female


Posted 20 June 2007 - 04:02 PM

I didn't think so. You see...when you ask for help to clean an infected computer, you can either waste my time by not following my instructions....or you can follow through get your computer cleaned for free and stay away from cracks that WILL infect you.

You should take a look at what came with the program:
http://en.wikipedia...._(trojan_horse)

Bifrose is a stealthy backdoor that allows remote access to infected machine. It is usually installed to system by a trojan dropper.


After the installation, Bifrose tries to locate a running web browser and inject code into it. The injected code is the actual backdoor. The backdoor starts to communicate with the server part using specially crafted HTTP queries. The server can instruct the backdoor to execute the following actions:


Basic file operations (copy, delete, rename, find, execute)
Download/upload files
Process operations (list, kill)
Registry operations (create/delete keys/values)
Create screenshots of the desktop


Your computer has been compromised. :geezer:

MS - MVP Consumer Security 2006 thru 2014


#18 andybigfoot2

andybigfoot2

    Member

  • Members
  • 28 posts

Posted 20 June 2007 - 07:29 PM

YES!!!

#19 Jacee

Jacee

    Madam Admin <aka> Maude

  • Admins
  • 27,736 posts
  • Gender:Female


Posted 20 June 2007 - 09:29 PM

YES!!!


Does this mean you're all through with my free help?

We could finish this up so you won't be a source of infection to other computers ... and possibly take care of your own. :shrug:

MS - MVP Consumer Security 2006 thru 2014


#20 andybigfoot2

andybigfoot2

    Member

  • Members
  • 28 posts

Posted 21 June 2007 - 12:32 PM

I deleted total video converter. But IExplorer is still always running taking up 3000k to 7000k of memory.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users