Jump to content
Sign in to follow this  
andybigfoot2

Internet Explorer is Always Running

Recommended Posts

Hello, lately I have been having some pc problems. My internet explorer is always running, even when IE is not open. I have run multiple virus scans ( Norton, spybot, ad-aware, windows defender) and they come up with nothing that solves this problem. This is my HijackThis log:

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\clclean.0001

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.break.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137607460546

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: SysTray.Exinv - {2363ECFC-4E5D-2f3b-B384-D67432FC72F6} - blank (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

 

Thanks

-Andrew

Share this post


Link to post
Share on other sites

Hello andybigfoot2 :wp:

You need to read this >> http://forums.pcpitstop.com/index.php?showtopic=36065 then post the HJT log in correct forum, which is here> http://forums.pcpitstop.com/index.php?showforum=25 you can either re-post it there or ask one of our mods or admins to move this for you. You can PM one by scrolling down this page>> http://forums.pcpitstop.com/index.php?act=idx at bottom of page you will see which ones are logged in, Mods are in ( green ) Admins are in ( Red ) simply click the user name ( mod or admin ) and pm them to ask this be moved for you, or repost in the hjt forum link above ( http://forums.pcpitstop.com/index.php?showforum=25 )

Good luck.. :)

Wademan

Share this post


Link to post
Share on other sites

You have a lot of things running!

 

Please download Combofix from here:

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

** Take note that the links are case sensitive

 

Save ComboFix to the desktop.

 

1. Double click on combo.exe & follow the prompts.

2. When finished, it will produce a logfile located at C:\ComboFix.txt.

3. Post the contents of that log in your next reply with a new hijackthis log.

 

Note:

Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Share this post


Link to post
Share on other sites

ComboFix 07-06-18.2 - C:\Documents and Settings\Andrew F\Desktop\ComboFix.exe

"Andrew F" - 2007-06-19 15:48:45 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\bszip.dll

C:\WINDOWS\system32\drivers\sfsync02.sys

C:\WINDOWS\system32\msxml3a.dll

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_SFSYNC02

-------\sfsync02

 

 

((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))

 

 

2007-06-19 15:55 0 --a------ C:\WINDOWS\system32\sfsync02.dll

2007-06-19 15:46 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-19 15:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft

2007-06-18 16:08 2,064,434 --a------ C:\Program Files\server_AV Devil.exe

2007-06-05 00:23 388,105 --ahs---- C:\WINDOWS\system32\klog.dat

2007-06-05 00:23 22,040 --a------ C:\DOCUME~1\ANDREW~1\APPLIC~1\addon.dat

2007-06-05 00:23 1,248,363 --a------ C:\WINDOWS\system32\svhost.exe

2007-06-04 18:10 78,848 --a------ C:\WINDOWS\system32\drivers\SSHDRV85.sys

2007-06-04 17:42 120,320 --a------ C:\WINDOWS\system32\drivers\SSHDRV65.sys

2007-06-03 23:54 132,429 --a------ C:\WINDOWS\unstall.exe

2007-06-03 01:56 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll

2007-06-03 01:56 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll

2007-06-03 01:56 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll

2007-06-03 01:56 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll

2007-06-03 01:56 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll

2007-06-03 01:56 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll

2007-06-03 01:55 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll

2007-06-03 01:55 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll

2007-06-03 01:55 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll

2007-06-03 01:55 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll

2007-06-03 01:55 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll

2007-06-03 01:55 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll

2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll

2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll

2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll

2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbd101.dll

2007-05-30 18:05 <DIR> d-------- C:\Program Files\Common Files\Viewpoint

2007-05-30 18:05 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google

2007-05-28 01:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BetZip

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-19 18:35:35 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-06-19 18:35:28 -------- d-----w C:\Program Files\games

2007-06-19 18:26:35 -------- d-----w C:\Program Files\Steam

2007-06-15 06:25:27 -------- d-----w C:\Program Files\Stuff

2007-06-14 01:12:56 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-06-13 00:24:11 -------- d-----w C:\DOCUME~1\ANDREW~1\APPLIC~1\uTorrent

2007-06-05 05:01:07 -------- d-----w C:\Program Files\Norton AntiVirus

2007-06-02 18:18:34 -------- d-----w C:\Program Files\AIM6

2007-05-30 22:05:27 -------- d-----w C:\Program Files\Viewpoint

2007-05-28 05:14:09 -------- d-----w C:\Program Files\BetZip

2007-05-17 23:16:45 -------- d-----w C:\DOCUME~1\ANDREW~1\APPLIC~1\WinRAR

2007-05-17 22:31:57 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-06 05:49:21 -------- d--h--r C:\DOCUME~1\ANDREW~1\APPLIC~1\SecuROM

2007-05-05 18:52:40 -------- d-----w C:\Program Files\Common Files\AOL

2007-05-05 15:55:04 -------- d-----w C:\Program Files\Bonjour

2007-05-05 15:43:24 -------- d-----w C:\Program Files\Common Files\Macrovision Shared

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-22 06:39:10 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-04-22 06:39:09 20,640 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2007-04-22 06:39:09 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-04-19 17:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll

2007-04-19 17:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-04-19 17:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-04-19 17:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-04-19 17:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-04-19 17:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll

2007-04-19 17:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-04-19 17:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-04-19 17:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-04-19 17:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-04-19 17:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-04-19 17:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-04-19 17:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-04-19 17:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-04-19 17:26:00 3,988,384 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-04-19 17:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-04-19 17:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-04-19 17:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-04-19 17:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-04-19 17:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-04-19 17:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll

2007-04-19 17:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe

2007-04-19 17:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe

2007-04-19 17:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll

2007-04-19 17:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe

2007-04-19 17:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll

2007-04-19 17:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe

2007-04-19 17:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll

2007-04-19 17:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll

2007-04-19 17:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-17 02:29:41 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll

2007-04-01 03:17:19 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll

2007-03-28 22:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll

2007-03-28 22:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll

2007-03-25 19:34:16 200 ----a-w C:\WINDOWS\AUDC70UI.dat

2007-03-22 00:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL

2007-03-22 00:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE

2007-03-22 00:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE

2007-01-18 04:58:43 56 --sh--r C:\WINDOWS\system32\0C9A8A2A4D.sys

2005-06-22 06:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll

2007-01-18 04:58:43 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 21:12]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]

{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 06:33]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 03:14]

{A7327C09-B521-4EDB-8509-7D2660C9EC98}=C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [2007-05-23 11:44]

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2006-02-05 01:03]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar5.dll [2007-01-20 00:55]

{CA6319C0-31B7-401E-A518-A07C3DB8F777}=c:\Program Files\GoogleAFE\GoogleAE.dll [2005-12-08 16:00]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56]

"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12]

"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 11:47]

"MBMon"="CTMBHA.DLL" [2005-05-19 10:54 C:\WINDOWS\system32\CTMBHA.DLL]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsHistory"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"{2363ECFC-4E5D-2f3b-B384-D67432FC72F6}"="blank" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad Muncher]

C:\Program Files\Ad Muncher\AdMunch.exe /bt

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]

C:\Program Files\AGEIA Technologies\TrayIcon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]

"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

"C:\Program Files\DellSupport\DSAgnt.exe" /startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

C:\WINDOWS\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

C:\Program Files\Common Files\AOL\1137713107\ee\AOLSoftware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver AutoDB]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\loaddr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]

C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvVideoCenter]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RapidCheck]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]

MIDIDef.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

stsystra.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]

"C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"AOL ACS"=2 (0x2)

"AdobeActiveFileMonitor5.0"=2 (0x2)

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

AutoRun\command- E:\setup.exe

 

*Newly Created Service* - GTNDIS5

 

Contents of the 'Scheduled Tasks' folder

2007-06-19 20:02:21 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-06-09 15:18:08 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Andrew F.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-19 16:00:40

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-06-19 16:06:36 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-19 16:06

 

--- E O F ---

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\bszip.dll

C:\WINDOWS\system32\drivers\sfsync02.sys

C:\WINDOWS\system32\msxml3a.dll

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_SFSYNC02

-------\sfsync02

 

 

((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))

 

 

No new files created in this timespan

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-19 18:35:35 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-06-19 18:35:28 -------- d-----w C:\Program Files\games

2007-06-19 18:26:35 -------- d-----w C:\Program Files\Steam

2007-06-15 06:25:27 -------- d-----w C:\Program Files\Stuff

2007-06-14 01:12:56 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-06-13 00:24:11 -------- d-----w C:\DOCUME~1\ANDREW~1\APPLIC~1\uTorrent

2007-06-05 05:01:07 -------- d-----w C:\Program Files\Norton AntiVirus

2007-06-02 18:18:34 -------- d-----w C:\Program Files\AIM6

2007-05-30 22:05:27 -------- d-----w C:\Program Files\Viewpoint

2007-05-28 05:14:09 -------- d-----w C:\Program Files\BetZip

2007-05-17 23:16:45 -------- d-----w C:\DOCUME~1\ANDREW~1\APPLIC~1\WinRAR

2007-05-17 22:31:57 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-06 05:49:21 -------- d--h--r C:\DOCUME~1\ANDREW~1\APPLIC~1\SecuROM

2007-05-05 18:52:40 -------- d-----w C:\Program Files\Common Files\AOL

2007-05-05 15:55:04 -------- d-----w C:\Program Files\Bonjour

2007-05-05 15:43:24 -------- d-----w C:\Program Files\Common Files\Macrovision Shared

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-22 06:39:10 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-04-22 06:39:09 20,640 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2007-04-22 06:39:09 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-04-19 17:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll

2007-04-19 17:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-04-19 17:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-04-19 17:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-04-19 17:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-04-19 17:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll

2007-04-19 17:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-04-19 17:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-04-19 17:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-04-19 17:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-04-19 17:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-04-19 17:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-04-19 17:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-04-19 17:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-04-19 17:26:00 3,988,384 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-04-19 17:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-04-19 17:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-04-19 17:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-04-19 17:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-04-19 17:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-04-19 17:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll

2007-04-19 17:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe

2007-04-19 17:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe

2007-04-19 17:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll

2007-04-19 17:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe

2007-04-19 17:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll

2007-04-19 17:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe

2007-04-19 17:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll

2007-04-19 17:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll

2007-04-19 17:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-17 02:29:41 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll

2007-04-01 03:17:19 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll

2007-03-28 22:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll

2007-03-28 22:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll

2007-03-25 19:34:16 200 ----a-w C:\WINDOWS\AUDC70UI.dat

2007-03-22 00:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL

2007-03-22 00:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE

2007-03-22 00:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE

2007-01-18 04:58:43 56 --sh--r C:\WINDOWS\system32\0C9A8A2A4D.sys

2005-06-22 06:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll

2007-01-18 04:58:43 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 21:12]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]

{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 06:33]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 03:14]

{A7327C09-B521-4EDB-8509-7D2660C9EC98}=C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [2007-05-23 11:44]

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2006-02-05 01:03]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar5.dll [2007-01-20 00:55]

{CA6319C0-31B7-401E-A518-A07C3DB8F777}=c:\Program Files\GoogleAFE\GoogleAE.dll [2005-12-08 16:00]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56]

"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12]

"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 11:47]

"MBMon"="CTMBHA.DLL" [2005-05-19 10:54 C:\WINDOWS\system32\CTMBHA.DLL]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsHistory"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"{2363ECFC-4E5D-2f3b-B384-D67432FC72F6}"="blank" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad Muncher]

C:\Program Files\Ad Muncher\AdMunch.exe /bt

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]

C:\Program Files\AGEIA Technologies\TrayIcon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]

"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

"C:\Program Files\DellSupport\DSAgnt.exe" /startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

C:\WINDOWS\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

C:\Program Files\Common Files\AOL\1137713107\ee\AOLSoftware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver AutoDB]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\loaddr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]

C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvVideoCenter]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RapidCheck]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]

MIDIDef.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

stsystra.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]

"C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"AOL ACS"=2 (0x2)

"AdobeActiveFileMonitor5.0"=2 (0x2)

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

AutoRun\command- E:\setup.exe

 

*Newly Created Service* - GTNDIS5

 

Contents of the 'Scheduled Tasks' folder

2007-06-19 20:02:21 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-06-09 15:18:08 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Andrew F.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-19 16:07:59

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-06-19 16:08:47 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-19 16:08

 

--- E O F ---

 

 

Thats it

 

Here is the HijackThis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 16:11, on 2007-06-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\clclean.0001

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.break.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137607460546

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: SysTray.Exinv - {2363ECFC-4E5D-2f3b-B384-D67432FC72F6} - blank (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Edited by andybigfoot2

Share this post


Link to post
Share on other sites

Rescan with HJT, check these items:

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

DO NOT check this item if you have set up a proxy server

 

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab

O21 - SSODL: SysTray.Exinv - {2363ECFC-4E5D-2f3b-B384-D67432FC72F6} - blank (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

Close all windows except HJT, then click 'fix checked'.

 

Next, go to Add/Remove Programs and uninstall

Viewpoint

ViewpointManager

***see this article:

A "potentially unwanted program." It is a application that displays contextual advertisements while searching the web.

http://vil.mcafeesecurity.com/vil/content/v_137262.htm

 

Now reboot your computer and update your Java... The version that is showing is old and vulnerable to attacks.

 

Please follow these steps to remove older version Java components and update.

 

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1 allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
Reboot once again and download Avg-Anti-Spyware:

 

Download and install AVG Anti-Spyware v7.5

(This is Ewido 4.0 renamed. If you already have Ewido installed, please update to AVG Anti-Spyware which has a special "clean driver" for removing persistent malware.)

  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling it's active protection features until your system is clean, then you can reenable them.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
  • Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

 

Scan with AVG Anti-Spyware as follows:

  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next reply along with a fresh HJT log.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

 

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG AntiSpyware with its real-time protection disabled. Once your system is clean you may renable it so you can continue using this feature for the remainder of the trial period.

Share this post


Link to post
Share on other sites

It could be whatever this is....C:\Program Files\server_AV Devil.exe

Do you know what it is? There is no information on Google about it.

 

Please continue with my instructions...

Share this post


Link to post
Share on other sites

Yea, that was on my computer. I think I deleted it.

 

Wait, nvm, its back...

 

And there is no AVG anti spyware in the services list, I installed AVG anti virus.

Nvm... I installed AVG anti spyware also now.

Edited by andybigfoot2

Share this post


Link to post
Share on other sites

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 01:43:21 AM 06/20/07

 

+ Scan result:

 

 

 

C:\Program Files\Stuff\Total_Video_Converter_3.02\Total Video Converter 3.02\Crack\Patch.exe -> Backdoor.Bifrose.aas : Cleaned.

C:\Program Files\Total Video Converter\Patch.exe -> Backdoor.Bifrose.aas : Cleaned.

C:\Program Files\server_AV Devil.exe -> Dropper.VB.on : Cleaned.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP825\A0426186.exe -> Dropper.VB.on : Cleaned.

C:\Documents and Settings\Andrew F\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-25df0b80-2c8353ef.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.

:mozilla.40:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.6:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.7:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.8:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.9:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.10:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.11:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@2.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@4.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.129:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.

:mozilla.130:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.

:mozilla.131:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.

:mozilla.134:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@com[1].txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.

:mozilla.46:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.47:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@overture[1].txt -> TrackingCookie.Overture : Cleaned.

:mozilla.137:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.

:mozilla.14:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.15:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.16:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.17:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.18:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.68:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.69:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.80:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.81:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.82:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.83:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.84:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.32:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.33:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.34:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.92:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.93:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.94:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.95:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.96:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.99:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.124:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.

:mozilla.112:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.113:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.114:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.115:C:\Documents and Settings\Andrew F\Application Data\Mozilla\Firefox\Profiles\9n9bchd6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

 

 

::Report end

Share this post


Link to post
Share on other sites

I did another scan in normal boot mode and this came up.

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 09:04:03 AM 06/20/07

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP836\A0427566.exe -> Backdoor.Bifrose.aas : Cleaned.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP836\A0427567.exe -> Backdoor.Bifrose.aas : Cleaned.

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP836\A0427565.exe -> Dropper.VB.on : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.

C:\Documents and Settings\Andrew F\Cookies\andrew_f@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.

 

 

::Report end

Share this post


Link to post
Share on other sites

Download ATF Cleaner http://www.atribune.org/content/view/19/2/

Click "Main" > check 'select all' this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.

 

Then go to Control Panel > Internet Options.

On the General tab under "Temporary Internet Files" Click "Delete Files".

Put a check by "Delete Offline Content" and click OK.

 

 

Please post another Combofix and HJT log.

Share this post


Link to post
Share on other sites

ComboFix 07-06-18.2 - C:\Program Files\Stuff\ComboFix.exe

"Andrew F" - 2007-06-20 10:56:00 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))

 

 

2007-06-20 00:28 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-06-19 21:00 <DIR> d-------- C:\Program Files\AutoCAD 2008

2007-06-19 21:00 <DIR> d-------- C:\DOCUME~1\ANDREW~1\APPLIC~1\Autodesk

2007-06-19 21:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk

2007-06-19 20:59 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared

2007-06-19 20:59 <DIR> d-------- C:\Program Files\Autodesk

2007-06-19 20:27 <DIR> d-------- C:\Program Files\PowerISO

2007-06-19 15:55 0 --a------ C:\WINDOWS\system32\sfsync02.dll

2007-06-19 15:46 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-19 15:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft

2007-06-05 00:23 421,044 --ahs---- C:\WINDOWS\system32\klog.dat

2007-06-05 00:23 22,040 --a------ C:\DOCUME~1\ANDREW~1\APPLIC~1\addon.dat

2007-06-05 00:23 1,248,363 --a------ C:\WINDOWS\system32\svhost.exe

2007-06-04 18:10 78,848 --a------ C:\WINDOWS\system32\drivers\SSHDRV85.sys

2007-06-04 17:42 120,320 --a------ C:\WINDOWS\system32\drivers\SSHDRV65.sys

2007-06-03 23:54 132,429 --a------ C:\WINDOWS\unstall.exe

2007-06-03 01:56 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll

2007-06-03 01:56 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll

2007-06-03 01:56 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll

2007-06-03 01:56 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll

2007-06-03 01:56 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll

2007-06-03 01:56 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll

2007-06-03 01:55 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll

2007-06-03 01:55 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll

2007-06-03 01:55 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll

2007-06-03 01:55 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll

2007-06-03 01:55 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll

2007-06-03 01:55 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll

2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll

2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll

2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll

2007-06-03 01:55 6,144 --a------ C:\WINDOWS\system32\kbd101.dll

2007-05-30 18:05 <DIR> d-------- C:\Program Files\Common Files\Viewpoint

2007-05-30 18:05 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google

2007-05-28 01:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BetZip

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-20 06:13:14 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-06-20 05:38:44 -------- d-----w C:\Program Files\Total Video Converter

2007-06-20 01:25:37 -------- d-----w C:\Program Files\Stuff

2007-06-20 00:54:56 -------- d-----w C:\DOCUME~1\ANDREW~1\APPLIC~1\uTorrent

2007-06-19 23:09:37 -------- d-----w C:\Program Files\MSECACHE

2007-06-19 22:45:54 -------- d-----w C:\Program Files\Viewpoint

2007-06-19 21:31:45 -------- d-----w C:\Program Files\CureROM

2007-06-19 18:35:35 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-06-19 18:35:28 -------- d-----w C:\Program Files\games

2007-06-19 18:26:35 -------- d-----w C:\Program Files\Steam

2007-06-05 05:01:07 -------- d-----w C:\Program Files\Norton AntiVirus

2007-06-02 18:18:34 -------- d-----w C:\Program Files\AIM6

2007-05-28 05:14:09 -------- d-----w C:\Program Files\BetZip

2007-05-17 23:16:45 -------- d-----w C:\DOCUME~1\ANDREW~1\APPLIC~1\WinRAR

2007-05-17 22:31:57 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-06 05:49:21 -------- d--h--r C:\DOCUME~1\ANDREW~1\APPLIC~1\SecuROM

2007-05-05 18:52:40 -------- d-----w C:\Program Files\Common Files\AOL

2007-05-05 15:55:04 -------- d-----w C:\Program Files\Bonjour

2007-05-05 15:43:24 -------- d-----w C:\Program Files\Common Files\Macrovision Shared

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-22 06:39:10 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-04-22 06:39:09 20,640 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2007-04-22 06:39:09 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-04-19 17:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll

2007-04-19 17:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-04-19 17:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-04-19 17:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-04-19 17:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-04-19 17:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll

2007-04-19 17:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-04-19 17:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-04-19 17:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-04-19 17:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-04-19 17:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-04-19 17:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-04-19 17:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-04-19 17:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-04-19 17:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-04-19 17:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-04-19 17:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-04-19 17:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-04-19 17:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-04-19 17:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-04-19 17:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll

2007-04-19 17:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe

2007-04-19 17:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe

2007-04-19 17:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll

2007-04-19 17:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe

2007-04-19 17:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll

2007-04-19 17:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe

2007-04-19 17:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll

2007-04-19 17:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll

2007-04-19 17:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-17 02:29:41 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll

2007-04-01 03:17:19 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll

2007-03-28 22:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll

2007-03-28 22:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll

2007-03-25 19:34:16 200 ----a-w C:\WINDOWS\AUDC70UI.dat

2007-03-22 00:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL

2007-03-22 00:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE

2007-03-22 00:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE

2007-01-18 04:58:43 56 --sh--r C:\WINDOWS\system32\0C9A8A2A4D.sys

2005-06-22 06:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll

2007-01-18 04:58:43 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 21:12]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]

{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 06:33]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2006-02-05 01:03]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar5.dll [2007-01-20 00:55]

{CA6319C0-31B7-401E-A518-A07C3DB8F777}=c:\Program Files\GoogleAFE\GoogleAE.dll [2005-12-08 16:00]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56]

"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12]

"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 11:47]

"MBMon"="CTMBHA.DLL" [2005-05-19 10:54 C:\WINDOWS\system32\CTMBHA.DLL]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsHistory"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad Muncher]

C:\Program Files\Ad Muncher\AdMunch.exe /bt

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]

C:\Program Files\AGEIA Technologies\TrayIcon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]

"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

"C:\Program Files\DellSupport\DSAgnt.exe" /startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

C:\WINDOWS\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

C:\Program Files\Common Files\AOL\1137713107\ee\AOLSoftware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver AutoDB]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\loaddr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]

C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]

C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvVideoCenter]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RapidCheck]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]

MIDIDef.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

stsystra.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]

"C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"AOL ACS"=2 (0x2)

"AdobeActiveFileMonitor5.0"=2 (0x2)

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

AutoRun\command- E:\setup.exe

 

*Newly Created Service* - GTNDIS5

 

Contents of the 'Scheduled Tasks' folder

2007-06-20 05:52:22 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-06-09 15:18:08 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Andrew F.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-20 11:01:34

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-06-20 11:03:06

C:\ComboFix-quarantined-files.txt ... 2007-06-20 11:02

C:\ComboFix2.txt ... 2007-06-19 16:08

 

--- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:53:54 AM, on 06/20/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.break.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137607460546

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

Share this post


Link to post
Share on other sites

Your HJT log looks okay.

 

Please disconnect from the net....

 

Disable Windows Defender, as it might try to interfere:

Open Windows Defender

Tools

General Settings

Scroll down to "Realtime Protection Settings" and uncheck

 

Go to control panel > Add/Remove Programs and uninstall:

Total Video Converter

 

Reboot into safe mode

Restart the computer

Immediately begin tapping the <F8> key.

Use the arrow keys to highlight Safe Mode and press the <Enter> key.

 

Show Hidden Files and Folders

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

 

UsingWindows Explorer, navigate to and delete:

 

C:\WINDOWS\system32\sfsync02.dll <--file

 

C:\Program Files\Total Video Converter <--folder

 

Re-hide 'hidden files and folders'.

 

Reboot normally and let me know how things are going

Share this post


Link to post
Share on other sites

According to these items,

C:\Program Files\Stuff\Total_Video_Converter_3.02\Total Video Converter 3.02\Crack\Patch.exe -> Backdoor.Bifrose.aas : Cleaned.

C:\Program Files\Total Video Converter\Patch.exe -> Backdoor.Bifrose.aas : Cleaned.

 

Is this a program you paid for?

Share this post


Link to post
Share on other sites

I didn't think so. You see...when you ask for help to clean an infected computer, you can either waste my time by not following my instructions....or you can follow through get your computer cleaned for free and stay away from cracks that WILL infect you.

 

You should take a look at what came with the program:

http://en.wikipedia.org/wiki/Bifrose_(trojan_horse)

 

Bifrose is a stealthy backdoor that allows remote access to infected machine. It is usually installed to system by a trojan dropper.

 

 

After the installation, Bifrose tries to locate a running web browser and inject code into it. The injected code is the actual backdoor. The backdoor starts to communicate with the server part using specially crafted HTTP queries. The server can instruct the backdoor to execute the following actions:

 

 

Basic file operations (copy, delete, rename, find, execute)

Download/upload files

Process operations (list, kill)

Registry operations (create/delete keys/values)

Create screenshots of the desktop

Your computer has been compromised. :geezer:

Share this post


Link to post
Share on other sites

YES!!!

Does this mean you're all through with my free help?

 

We could finish this up so you won't be a source of infection to other computers ... and possibly take care of your own. :shrug:

Share this post


Link to post
Share on other sites

Let's continue then....

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

a.. 1. Doubleclick the drweb-cureit.exe file and Allow to run the

express scan

b.. 2. This will scan the files currently running in memory and when

something is found, click the yes button when it asks you if you want to

cure it. This is only a short scan.

c.. 3. Once the short scan has finished, mark the drives that you want to

scan.

d.. 4. Select all drives. A red dot shows which drives have been chosen.

e.. 5. Click the green arrow at the right, and the scan will start.

f.. 6. Click 'Yes to all' if it asks if you want to cure/move the file.

g.. 7. When the scan has finished, in the menu, click file and

choose save report list

h.. 8. Save the report to your desktop. The report will be called

DrWeb.csv

i.. 9. Close Dr.Web Cureit.

j.. 10. Reboot your computer....it could be possible that files in

use will be moved/deleted during reboot.

k.. 11. After reboot, post the contents of the log from Dr.Web you saved

previously and a new HJT log in your next reply.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 04:01:15 AM, on 06/22/07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\clclean.0001

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.break.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137607460546

O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

 

 

DrWeb log:

 

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338;Probably BACKDOOR.Trojan;;

 

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024;Probably BACKDOOR.Trojan;;

 

setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131;Probably BACKDOOR.Trojan;;

 

setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2;Probably BACKDOOR.Trojan;;

 

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1;Probably BACKDOOR.Trojan;;

 

3 Months Free NetZero.exe;C:\Documents and Settings\All Users\Start Menu;Trojan.Click.1487;Deleted.;

 

Process.exe;C:\Documents and Settings\Andrew F\Desktop\Security\SmitfraudFix\SmitfraudFix;Tool.Prockill;;

 

restart.exe;C:\Documents and Settings\Andrew F\Desktop\Security\SmitfraudFix\SmitfraudFix;Tool.ShutDown.11;;

 

qdiagd.ocx;C:\Program Files\DellSupport;Probably DLOADER.Trojan;;

 

A0431758.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP839;Trojan.Click.1487;Deleted.;

 

Process.exe;C:\WINDOWS\system32;Tool.Prockill;;

Share this post


Link to post
Share on other sites

Did you follow this part of the instructions when running Dr. Web?

6. Click 'Yes to all' if it asks if you want to cure/move the file

 

Close down Windows Defender

Rescan and be sure to click 'yes' to all. All of those items should have been either moved or deleted.

Reboot

Please post another log from Dr.Web

Share this post


Link to post
Share on other sites

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338;Probably BACKDOOR.Trojan;Incurable.Moved.;

 

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024;Probably BACKDOOR.Trojan;Incurable.Moved.;

 

setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131;Probably BACKDOOR.Trojan;Incurable.Moved.;

 

setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2;Probably BACKDOOR.Trojan;Incurable.Moved.;

 

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1;Probably BACKDOOR.Trojan;Incurable.Moved.;

 

Process.exe;C:\Documents and Settings\Andrew F\Desktop\Security\SmitfraudFix\SmitfraudFix;Tool.Prockill;Incurable.Moved.;

 

restart.exe;C:\Documents and Settings\Andrew F\Desktop\Security\SmitfraudFix\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;

 

qdiagd.ocx;C:\Program Files\DellSupport;Probably DLOADER.Trojan;Incurable.Moved.;

 

Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;

Share this post


Link to post
Share on other sites
Sign in to follow this  

Click here to Read Amazon Reviews!



×