WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help With Hijack Logfile. Thanks!

Started by jimmya , Jun 01 2007 08:51 AM

Please log in to reply

27 replies to this topic

#1 jimmya

New Member

Authentic Member
13 posts

Posted 01 June 2007 - 08:51 AM

here is the log.

Logfile of HijackThis v1.99.1
Scan saved at 10:41:38 AM, on 6/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1161812728\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\RECYCLER\msnupdate.exe
C:\RECYCLER\msnservice.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
c:\program files\common files\aol\1161812728\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1161812728\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1161812728\ee\aolsoftware.exe
c:\program files\common files\aol\1161812728\ee\AOLOpenRide.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\DOCUME~1\JIMMYA~1\LOCALS~1\Temp\Rar$EX01.844\HijackThis.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061020
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scottrade.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061020
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1161812728\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Update Services] C:\RECYCLER\winupdate32.exe
O4 - HKLM\..\Run: [Windows Updater Services] C:\RECYCLER\msnupdate.exe
O4 - HKLM\..\Run: [MSN Services] C:\RECYCLER\msnservice.exe
O4 - HKLM\..\Run: [System Sentry] "C:\DOCUME~1\JIMMYA~1\Desktop\Protect.exe" protect
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT
O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171....638189OneCC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Advertisements

Register to Remove

#2 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 01 June 2007 - 03:41 PM

Howdy jimmya, Welcome to Tom Coyote. I will be reviewing your log and will post back once that is completed.

#3 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 01 June 2007 - 04:35 PM

Some serious enough infection showing here, so let's get right to repairs.

As it may interfere with those, disable SpySweeper and keep it disabled until all repairs are complete.

1.) Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
2.) Over to the left click "shields" and uncheck all there.
3.) Uncheck "home page shield".
4.) Uncheck "automatically restore default without notification".
5.) Exit the program.

Then download SDFix.exe and save it to your desktop.

===================================================

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).

In Safe Mode, click the SDFix.exe and allow it to extract to it's own folder. Open the extracted folder and double click RunThis.bat to start the script.

Next type Y to begin the script. Once the fix has run it will prompt you to restart your computer. Press any key to restart at this time. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Then open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back here.

==================================

After the reboot download ComboFix.exe from here to your desktop, and click the downloaded file to run the repair.

When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

---------------------------------

Run a new HijackThis scan, and post that back here along with the SDFix Report.txt and the combofix.txt please.

#4 jimmya

New Member

Authentic Member
13 posts

Posted 01 June 2007 - 06:31 PM

thanks so much for the quick reply and my comp. is working a million times faster already! here are the log reports from the combofix , sdfix and also the new hijack list. just one quick question is there any private info divulged form my system on all these reports. thanks again in advance! :wavey:

Logfile of HijackThis v1.99.1
Scan saved at 8:25:03 PM, on 6/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\1161812728\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\RECYCLER\msnupdate.exe
C:\RECYCLER\msnservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\aol\1161812728\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1161812728\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1161812728\ee\aolsoftware.exe
c:\program files\common files\aol\1161812728\ee\AOLOpenRide.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JIMMYA~1\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scottrade.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061020
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1161812728\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Update Services] C:\RECYCLER\winupdate32.exe
O4 - HKLM\..\Run: [Windows Updater Services] C:\RECYCLER\msnupdate.exe
O4 - HKLM\..\Run: [MSN Services] C:\RECYCLER\msnservice.exe
O4 - HKLM\..\Run: [System Sentry] "C:\DOCUME~1\JIMMYA~1\Desktop\Protect.exe" protect
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171....638189OneCC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

SDFix: Version 1.85

Run by Jimmya - Fri 06/01/2007 - 18:48:56.82

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\JIMMYA~1\Desktop\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\wr.txt - Deleted

Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1161812728\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1161812728\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\RECYCLER\\winupdate.exe"="C:\\RECYCLER\\winupdate.exe:*:Enabled:RSBX"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\JIMMYA~1\Desktop\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\America Online 9.0\AOLphx.exe
C:\Program Files\America Online 9.0\rbm.exe
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp

Finished

"JimmyA" - 2007-06-01 18:57:10 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Jimmya\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\Program Files\outlook\p.zip"
"C:\Temp\17O7\tmpTF.log"
"C:\Program Files\outlook"
"C:\Temp\17O7"
"C:\Temp\tn3"

((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 ))))))))))))))))))))))))))))))))))

2007-06-01 11:01 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-06-01 11:01 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-06-01 11:01 2,046,496 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-01 11:01 14,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-01 11:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-06-01 11:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-01 09:46 <DIR> d-------- C:\WINDOWS\Sysbckup
2007-06-01 09:39 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2007-06-01 09:39 16,736 --a------ C:\WINDOWS\irunin.dat
2007-06-01 09:39 <DIR> d-------- C:\Program Files\Easy Desk Utilities
2007-06-01 00:19 <DIR> d-------- C:\Program Files\RegCure
2007-05-31 22:19 58,880 --a------ C:\abc.exe
2007-05-31 15:00 28,672 --a------ C:\eaea.exe
2007-05-29 22:36 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\Sony Setup
2007-05-27 14:09 28,672 --a------ C:\joae.exe
2007-05-27 13:53 28,672 --a------ C:\joe.exe
2007-05-27 13:51 28,672 --a------ C:\aabababab.exe
2007-05-27 13:36 28,672 --a------ C:\getme.exe
2007-05-27 13:33 51,712 --a------ C:\abca.exe
2007-05-27 13:28 28,672 --a------ C:\ararar.exe
2007-05-27 13:24 28,672 --a------ C:\aabababa.exe
2007-05-27 10:21 86 --a------ C:\SCMGC.bat
2007-05-27 10:21 86 --a------ C:\QOCLH.bat
2007-05-27 10:21 86 --a------ C:\PDFIH.bat
2007-05-27 10:21 86 --a------ C:\KCRLS.bat
2007-05-27 10:21 86 --a------ C:\HJPEE.bat
2007-05-27 10:21 86 --a------ C:\FMDHI.bat
2007-05-27 10:21 86 --a------ C:\CNBEG.bat
2007-05-27 10:19 49,664 --a------ C:\areara.exe
2007-05-27 10:01 49,664 --a------ C:\abababa.exe
2007-05-27 07:06 49,664 --a------ C:\aakrkak.exe
2007-05-27 06:57 49,664 --a------ C:\kakakak.exe
2007-05-27 06:24 49,664 --a------ C:\update.exe
2007-05-27 06:24 28,672 --a------ C:\aaaab.exe
2007-05-27 06:09 49,664 --a------ C:\ababab.exe
2007-05-26 14:42 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\SlySoft
2007-05-26 14:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-05-26 14:37 <DIR> d-------- C:\Program Files\SlySoft
2007-05-26 12:27 <DIR> d-------- C:\Program Files\Azureus
2007-05-26 12:27 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\Azureus
2007-05-26 12:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-05-26 12:22 <DIR> d-------- C:\Program Files\Mythusoft
2007-05-22 14:27 <DIR> d-------- C:\Program Files\STOPzilla!
2007-05-22 14:27 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-05-22 14:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZILLAbar
2007-05-22 14:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-05-22 11:07 <DIR> d-------- C:\Program Files\McAfee
2007-05-22 11:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-05-22 11:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-05-20 13:26 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-05-20 13:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-05-20 13:18 <DIR> d-------- C:\KAV
2007-05-19 16:58 164 --a------ C:\install.dat
2007-05-19 16:57 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\GetRightToGo
2007-05-18 18:46 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-05-18 18:19 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-18 18:19 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\Simply Super Software
2007-05-18 11:17 <DIR> d-------- C:\Program Files\Wise Registry Cleaner
2007-05-18 11:14 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-05-18 11:14 <DIR> d-------- C:\Program Files\SpeedItUpFree
2007-05-18 09:56 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-05-18 09:53 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\Help
2007-05-18 03:27 <DIR> d-------- C:\WINDOWS\system32\PAV
2007-05-16 01:06 <DIR> d-------- C:\Program Files\X-Cleaner
2007-05-15 17:38 <DIR> d--hs---- C:\Documents and Settings\JIMMYA~1\Complete
2007-05-15 17:38 <DIR> d--hs---- C:\DOCUME~1\JIMMYA~1\Complete
2007-05-15 17:38 <DIR> d-------- C:\WINDOWS\system32\SBO
2007-05-15 17:38 <DIR> d-------- C:\Temp
2007-05-11 08:41 <DIR> d-------- C:\Program Files\Image-Line

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 22:40:35 -------- d-----w C:\Program Files\America Online 9.0
2007-05-30 21:09:07 -------- d-----w C:\Program Files\Sony
2007-05-30 02:34:50 -------- d-----w C:\Program Files\Sony Setup
2007-05-25 13:47:37 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-22 18:32:17 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-18 15:10:01 -------- d-----w C:\Program Files\BAE
2007-04-27 06:06:41 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-04-25 21:02:48 -------- d-----w C:\DOCUME~1\JIMMYA~1\APPLIC~1\acccore
2007-04-25 21:01:42 -------- d-----w C:\DOCUME~1\JIMMYA~1\APPLIC~1\AOL
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-04-13 17:30:43 33,592 ----a-w C:\WINDOWS\system32\drivers\atwpkt264.sys
2007-04-13 17:30:39 25,136 ----a-w C:\WINDOWS\system32\drivers\atwpkt2.sys
2007-03-28 19:33:08 152,469 ----a-w C:\WINDOWS\Wave@MP3 Uninstaller.exe
2007-03-19 17:57:46 98,304 ----a-w C:\WINDOWS\system32\CddbLangNL.dll
2007-03-19 17:57:46 98,304 ----a-w C:\WINDOWS\system32\CddbLangFR.dll
2007-03-19 17:57:46 98,304 ----a-w C:\WINDOWS\system32\CddbLangES.dll
2007-03-19 17:57:46 98,304 ----a-w C:\WINDOWS\system32\CddbLangDE.dll
2007-03-19 17:57:46 102,400 ----a-w C:\WINDOWS\system32\CddbLangIT.dll
2007-03-19 17:57:44 77,824 ----a-w C:\WINDOWS\system32\CddbLangJA.dll
2007-03-19 17:57:44 765,952 ----a-w C:\WINDOWS\system32\CDDBUI.dll
2007-03-19 17:57:44 655,360 ----a-w C:\WINDOWS\system32\CDDBControl.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 16:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 16:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-09 23:52:52 200,768 ----a-w C:\WINDOWS\system32\klogon.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 08:15]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"CTHelper"="CTHELPER.EXE" []
"HostManager"="C:\Program Files\Common Files\AOL\1161812728\ee\AOLSoftware.exe" [2006-09-25 20:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-25 18:07]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 14:25]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"Windows Update Services"="C:\RECYCLER\winupdate32.exe" []
"Windows Updater Services"="C:\RECYCLER\msnupdate.exe" [2007-05-27 14:18]
"MSN Services"="C:\RECYCLER\msnservice.exe" [2007-05-31 22:19]
"System Sentry"="C:\DOCUME~1\JIMMYA~1\Desktop\Protect.exe" [2006-10-05 12:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 22:29]
"SetDefaultMIDI"="MIDIDef.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"X-Cleaner Deluxe"="C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" [2007-04-16 14:18]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-25 22:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

Contents of the 'Scheduled Tasks' folder
2007-05-30 12:24:06 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-01 22:51:18 C:\WINDOWS\tasks\RegCure Program Check.job
2007-06-01 04:19:35 C:\WINDOWS\tasks\RegCure.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-01 19:15:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-06-01 19:15:47
C:\ComboFix-quarantined-files.txt ... 2007-06-01 19:15

--- E O F ---

#5 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 02 June 2007 - 09:53 AM

Normally these logs rarely bring out any truly personally identifiable information, but if I did notice any I would either let you know, or ask a Moderator to edit that information out of the post, and inform you after. Good progress so far, but more to go here. You will want to have a copy of or access to the following steps, as you will need to do some without net access.

Open HijackThis, and choose None of the above, just start the program. Click Config – Misc Tools – Open process manager. From the list, click each of the following if it is present, and Kill Process. Close HijackThis.

C:\RECYCLER\msnupdate.exe
C:\RECYCLER\msnservice.exe

Download The Avenger from here to your Desktop and unzip it and save this for use later.

-------------------------------------

Download the trial version of AVG Anti-Spyware 7.5 from here and install it.

If you have an exisiting copy of Ewido (which this software replaces), agree to the uninstall notification and uninstall Ewido. Reboot after. Then click the AVG download file again to install the software. (If you have a paid version of Ewido installed, go here to follow the steps to upgrade that now.)

After installation, double-click the icon on your Desktop to launch AVG Anti-Spyware 7.5.

On the top of the main screen click Shield. Then click the word active to change it to inactive.

You will need to also update AVG Anti-Spyware 7.5 to the latest definition files. On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed.

Now close AVG Anti-Spyware 7.5 (don't scan just yet).

-----------------------------------------

Now disconnect from net access. If you have cable/dsl, physically disconnect the modem.

----------------------------------------

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\RECYCLER\\winupdate.exe"=-

Open Notepad and copy and paste the above text (inside the box, not including the CODE word) into the text file. Now go to File > Save As and call it fixer.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry.

----------------------------------------

Copy all the text contained in the code box below by highlighting it and right clicking and selecting "Copy"

Files to delete:
C:\RECYCLER\winupdate32.exe
C:\RECYCLER\msnupdate.exe
C:\RECYCLER\msnservice.exe
C:\abc.exe
C:\eaea.exe
C:\joae.exe
C:\joe.exe
C:\aabababab.exe
C:\getme.exe
C:\abca.exe
C:\ararar.exe
C:\aabababa.exe
C:\SCMGC.bat
C:\QOCLH.bat
C:\PDFIH.bat
C:\KCRLS.bat
C:\HJPEE.bat
C:\FMDHI.bat
C:\CNBEG.bat
C:\areara.exe
C:\abababa.exe
C:\aakrkak.exe
C:\kakakak.exe
C:\update.exe
C:\aaaab.exe
C:\ababab.exe

Now, start The Avenger program by clicking on its icon on your desktop. Look under "Script file to execute" and click on "Input Script Manually". Next click on the Magnifying Glass icon and a blank dialogue box will open called "View/Edit script". Position your mouse inside the box, rightclick and choose Paste. All the text above in the code box should now appear there. Click Done and click on the Green Light to begin execution of the script. Answer "Yes" twice when prompted.

The Avenger will restart your computer. (if the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)

When you have rebooted, a black command window briefly opens on your desktop, this is normal. A logfile will be created that records all actions that The Avenger performed. This log file is saved to C:\avenger.txt. The deleted files will be backed up and saved to C:\avenger\backup.zip.

=================================================

Once your computer has fully rebooted, reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).

Make sure all windows are closed and run AVG Anti-Spyware 7.5. Click Scanner, then click on the Scan tab. Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine. Then click Apply all actions.

Once the scan has finished, click the Save report button, then click Save Report As. This will create a text file. Make sure you know where to find this file again.

=============================

Now re-establish your net access/reconnect your modem.

Run new ComboFix, HijackThis and Silent Runners scans and post those logs back here, along with the C:\avenger.txt log and the AVG log please.

I would like to check on some of the files removed now as well. When responding here, look at the bottom right of the reply text box and you will see a "Manage Current Attachments" window. Just click the Browse button, and on your system locate and select the following file.

C:\avenger\backup.zip

Then click the UPLOAD button to attach the file with your next reply.

#6 jimmya

New Member

Authentic Member
13 posts

Posted 05 June 2007 - 01:30 PM

ok my comp has begun to freeze again my kaspersky is tpicking up win32 trojan no matter how many times i delete it. i tried to run silent runners on my comp. and it says i need to start sme kind of windows management so i just have the new hijack this log and the combofix log. one more thing i found tkbelle on a hijackthis log before this and deleted it as i believe this is also a virus. thanks for your continued help, im in a tough spot here. :scratch:

latest combofix log

((((((((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 ))))))))))))))))))))))))))))))))))

2007-06-04 11:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-02 12:46 82 --a------ C:\MIQNB.bat
2007-06-02 12:44 28,672 --a------ C:\ababa.exe
2007-06-01 19:15 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-01 11:01 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-06-01 11:01 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-06-01 11:01 51,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-01 11:01 3,569,696 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-01 11:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-06-01 11:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-01 09:46 <DIR> d-------- C:\WINDOWS\Sysbckup
2007-06-01 09:39 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2007-06-01 09:39 16,736 --a------ C:\WINDOWS\irunin.dat
2007-06-01 09:39 <DIR> d-------- C:\Program Files\Easy Desk Utilities
2007-06-01 00:19 <DIR> d-------- C:\Program Files\RegCure
2007-05-31 15:00 28,672 --a------ C:\eaea.exe
2007-05-29 22:36 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\Sony Setup
2007-05-27 14:09 28,672 --a------ C:\joae.exe
2007-05-27 13:53 28,672 --a------ C:\joe.exe
2007-05-27 13:51 28,672 --a------ C:\aabababab.exe
2007-05-27 13:36 28,672 --a------ C:\getme.exe
2007-05-27 13:33 51,712 --a------ C:\abca.exe
2007-05-27 13:28 28,672 --a------ C:\ararar.exe
2007-05-27 13:24 28,672 --a------ C:\aabababa.exe
2007-05-27 10:21 86 --a------ C:\SCMGC.bat
2007-05-27 10:21 86 --a------ C:\QOCLH.bat
2007-05-27 10:21 86 --a------ C:\PDFIH.bat
2007-05-27 10:21 86 --a------ C:\KCRLS.bat
2007-05-27 10:21 86 --a------ C:\HJPEE.bat
2007-05-27 10:21 86 --a------ C:\FMDHI.bat
2007-05-27 10:21 86 --a------ C:\CNBEG.bat
2007-05-27 10:19 49,664 --a------ C:\areara.exe
2007-05-27 10:01 49,664 --a------ C:\abababa.exe
2007-05-27 07:06 49,664 --a------ C:\aakrkak.exe
2007-05-27 06:57 49,664 --a------ C:\kakakak.exe
2007-05-27 06:24 49,664 --a------ C:\update.exe
2007-05-27 06:24 28,672 --a------ C:\aaaab.exe
2007-05-27 06:09 49,664 --a------ C:\ababab.exe
2007-05-26 14:42 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\SlySoft
2007-05-26 14:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-05-26 14:37 <DIR> d-------- C:\Program Files\SlySoft
2007-05-26 12:27 <DIR> d-------- C:\Program Files\Azureus
2007-05-26 12:27 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\Azureus
2007-05-26 12:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-05-26 12:22 <DIR> d-------- C:\Program Files\Mythusoft
2007-05-22 14:27 <DIR> d-------- C:\Program Files\STOPzilla!
2007-05-22 14:27 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-05-22 14:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZILLAbar
2007-05-22 14:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-05-22 11:07 <DIR> d-------- C:\Program Files\McAfee
2007-05-22 11:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-05-22 11:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-05-20 13:26 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-05-20 13:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-05-20 13:18 <DIR> d-------- C:\KAV
2007-05-19 16:58 164 --a------ C:\install.dat
2007-05-19 16:57 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\GetRightToGo
2007-05-18 18:46 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-05-18 18:19 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-18 18:19 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\Simply Super Software
2007-05-18 11:17 <DIR> d-------- C:\Program Files\Wise Registry Cleaner
2007-05-18 11:14 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-05-18 11:14 <DIR> d-------- C:\Program Files\SpeedItUpFree
2007-05-18 09:56 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-05-18 09:53 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\Help
2007-05-18 03:27 <DIR> d-------- C:\WINDOWS\system32\PAV
2007-05-16 01:06 <DIR> d-------- C:\Program Files\X-Cleaner
2007-05-15 17:38 <DIR> d--hs---- C:\Documents and Settings\JIMMYA~1\Complete
2007-05-15 17:38 <DIR> d--hs---- C:\DOCUME~1\JIMMYA~1\Complete
2007-05-15 17:38 <DIR> d-------- C:\WINDOWS\system32\SBO
2007-05-15 17:38 <DIR> d-------- C:\Temp
2007-05-11 08:41 <DIR> d-------- C:\Program Files\Image-Line

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 22:40:35 -------- d-----w C:\Program Files\America Online 9.0
2007-05-30 21:09:07 -------- d-----w C:\Program Files\Sony
2007-05-30 02:34:50 -------- d-----w C:\Program Files\Sony Setup
2007-05-25 13:47:37 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-22 18:32:17 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-18 15:10:01 -------- d-----w C:\Program Files\BAE
2007-04-27 06:06:41 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-04-25 21:02:48 -------- d-----w C:\DOCUME~1\JIMMYA~1\APPLIC~1\acccore
2007-04-25 21:01:42 -------- d-----w C:\DOCUME~1\JIMMYA~1\APPLIC~1\AOL
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-04-13 17:30:43 33,592 ----a-w C:\WINDOWS\system32\drivers\atwpkt264.sys
2007-04-13 17:30:39 25,136 ----a-w C:\WINDOWS\system32\drivers\atwpkt2.sys
2007-03-28 19:33:08 152,469 ----a-w C:\WINDOWS\Wave@MP3 Uninstaller.exe
2007-03-19 17:57:46 98,304 ----a-w C:\WINDOWS\system32\CddbLangNL.dll
2007-03-19 17:57:46 98,304 ----a-w C:\WINDOWS\system32\CddbLangFR.dll
2007-03-19 17:57:46 98,304 ----a-w C:\WINDOWS\system32\CddbLangES.dll
2007-03-19 17:57:46 98,304 ----a-w C:\WINDOWS\system32\CddbLangDE.dll
2007-03-19 17:57:46 102,400 ----a-w C:\WINDOWS\system32\CddbLangIT.dll
2007-03-19 17:57:44 77,824 ----a-w C:\WINDOWS\system32\CddbLangJA.dll
2007-03-19 17:57:44 765,952 ----a-w C:\WINDOWS\system32\CDDBUI.dll
2007-03-19 17:57:44 655,360 ----a-w C:\WINDOWS\system32\CDDBControl.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 16:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 16:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-09 23:52:52 200,768 ----a-w C:\WINDOWS\system32\klogon.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 08:15]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"CTHelper"="CTHELPER.EXE" []
"HostManager"="C:\Program Files\Common Files\AOL\1161812728\ee\AOLSoftware.exe" [2006-09-25 20:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-25 18:07]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 14:25]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"Windows Update Services"="C:\RECYCLER\winupdate32.exe" []
"Windows Updater Services"="C:\RECYCLER\msnupdate.exe" []
"System Sentry"="C:\DOCUME~1\JIMMYA~1\Desktop\Protect.exe" [2006-10-05 12:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 22:29]
"SetDefaultMIDI"="MIDIDef.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"X-Cleaner Deluxe"="C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" [2007-04-16 14:18]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-25 22:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

Contents of the 'Scheduled Tasks' folder
2007-05-30 12:24:06 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-05 18:53:18 C:\WINDOWS\tasks\RegCure Program Check.job
2007-06-01 04:19:35 C:\WINDOWS\tasks\RegCure.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-05 15:07:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-06-05 15:08:36
C:\ComboFix-quarantined-files.txt ... 2007-06-05 15:08
C:\ComboFix2.txt ... 2007-06-01 19:15

--- E O F ---

latest hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 3:28:18 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1161812728\ee\AOLSoftware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
c:\program files\common files\aol\1161812728\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1161812728\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1161812728\ee\aolsoftware.exe
c:\program files\common files\aol\1161812728\ee\AOLOpenRide.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JIMMYA~1\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\notepad.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JIMMYA~1\LOCALS~1\Temp\Rar$EX00.953\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scottrade.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061020
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1161812728\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Update Services] C:\RECYCLER\winupdate32.exe
O4 - HKLM\..\Run: [Windows Updater Services] C:\RECYCLER\msnupdate.exe
O4 - HKLM\..\Run: [System Sentry] "C:\DOCUME~1\JIMMYA~1\Desktop\Protect.exe" protect
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171....638189OneCC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

#7 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 05 June 2007 - 02:19 PM

Did you do any of the repair steps I posted?

#8 jimmya

New Member

Authentic Member
13 posts

Posted 05 June 2007 - 02:37 PM

yes i did everything exactly as you said just couldnt find the avenger log.but i followed everything exact as far as i know.

#9 jimmya

New Member

Authentic Member
13 posts

Posted 05 June 2007 - 02:40 PM

i see some programs also that i believed were removed like stopzilla , i am willing to remove any unneccesary programs that you might see running and slowing me down if you suggest. i just tried alot of things before i came here im afraid i made the problem worse with things like regcure . thanks for your help.

#10 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 05 June 2007 - 05:47 PM

Nothing shows as having been removed by Avenger - did you run into difficulties using it (error warnings etc.). No avenger.zip file I would reckon? No AVG log?

Advertisements

Register to Remove

#11 jimmya

New Member

Authentic Member
13 posts

Posted 05 June 2007 - 09:55 PM

ok i copied and pasted the list into avenger as you said above i dont think i did it correctly the first time . i recieved an error message that says "selected file does not appear to be a valid script" followed by an error code 0.

#12 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 06 June 2007 - 08:53 AM

What about the AVG scan and it's log? That Avenger error often occurs when either you failed to click in Avenger's text box before pasting the script, or copied the script incorrectly. Did the copy you made by accident include the "CODE" word (this is only the method the forum uses to create the text box)? The following is the script to copy and use.

Files to delete:
C:\RECYCLER\winupdate32.exe
C:\RECYCLER\msnupdate.exe
C:\RECYCLER\msnservice.exe
C:\abc.exe
C:\eaea.exe
C:\joae.exe
C:\joe.exe
C:\aabababab.exe
C:\getme.exe
C:\abca.exe
C:\ararar.exe
C:\aabababa.exe
C:\SCMGC.bat
C:\QOCLH.bat
C:\PDFIH.bat
C:\KCRLS.bat
C:\HJPEE.bat
C:\FMDHI.bat
C:\CNBEG.bat
C:\areara.exe
C:\abababa.exe
C:\aakrkak.exe
C:\kakakak.exe
C:\update.exe
C:\aaaab.exe
C:\ababab.exe

#13 jimmya

New Member

Authentic Member
13 posts

Posted 06 June 2007 - 09:08 AM

as far as avenger i dont understand what you mean by "code" word i just copied and pasted the list i dont see any code word. im sorry for being a bit of a noob here - this is probably where the mistake is i dont know what this code word is. this is what i followed

p.s. i ran a spysweep and its telling me i have ruin trojan and i have win32 trojan. this suuuuuuuuuuuuuuuuuuuuuuuuux! :rant2:

thanks again.
here is another latest hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 11:06:35 AM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1161812728\ee\AOLSoftware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
c:\program files\common files\aol\1161812728\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1161812728\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1161812728\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\DOCUME~1\JIMMYA~1\LOCALS~1\Temp\Rar$EX00.125\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scottrade.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061020
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1161812728\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Updater Services] C:\RECYCLER\msnupdate.exe
O4 - HKLM\..\Run: [System Sentry] "C:\DOCUME~1\JIMMYA~1\Desktop\Protect.exe" protect
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171....638189OneCC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

#14 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 07 June 2007 - 07:56 PM

Sorry for the delay. You are posting saying you are doing the steps, but in truth, at this end I am not seeing the results, or the logs requested. Going to be difficult making any progress this way. Let's see if we can give it another go, but it really is expected that you do the steps suggested, not add your own steps (like SpySweeper), and then post back the logs.

As it now may interfere with repairs, Disable SpySweeper and keep it disabled until all repairs are complete.

1.) Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
2.) Over to the left click "shields" and uncheck all there.
3.) Uncheck "home page shield".
4.) Uncheck "automatically restore default without notification".
5.) Exit the program.

Then open and update AVG AntiSpyware, but don't scan just yet. Even if you already did the scan as previously posted, since there has been no log to review let's repeat this now.

That last HijackThis log indicates some startups have been disabled through msconfig at some recent point. These will need to be allowed to start, so a proper cleaning can be done.

Go to Start - Run, type msconfig (and Enter).

Under both the Services and Startup tabs, click Enable All, then Apply/OK to close msconfig. Allow the reboot at this time. You can expect to receive alerts/error messages at reboot after this, but we will be addressing all this during the repairs.

================================================

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).

Make sure all windows are closed and run AVG Anti-Spyware 7.5. Click Scanner, then click on the Scan tab. Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine. Then click Apply all actions.

Once the scan has finished, click the Save report button, then click Save Report As. This will create a text file. Make sure you know where to find this file again.

================================================

Then reboot to normal mode, and Download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually the C drive), and launch from there.

NOTE: Please do not run any other options from SmitfraudFix until we discuss the results.

Post back that rapport.txt, the AVG log, a new ComboFix log and a new HijackThis log if you would.

Edited by Jintan, 07 June 2007 - 07:58 PM.

#15 jimmya

New Member

Authentic Member
13 posts

Posted 09 June 2007 - 11:04 AM

ok first off i want to thank you for your continued understanding as you can see this is pretty new to me and i will follow word for word your replies to the best of my ability. I hope that the spysweep has been disabled correctly because i still see it in some logs!? here are all the logs you requested . also one other point that i have noticed i see my aol process always running multiple times is this normal , i would think that is wasting ram ?

combofix log =

2007-06-09 12:11:54 Service Pack 2 [SAFE MODE]
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Jimmy Aurora\Desktop\ANTI SPYWARE PROGRAMS\"

((((((((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 ))))))))))))))))))))))))))))))))))

2007-06-09 11:22 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-06-06 14:45 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2007-06-06 14:45 21,568 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-06-06 14:45 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-06-06 14:45 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-06-06 14:45 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-06-06 14:45 128,064 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-06-06 14:45 <DIR> d-------- C:\Program Files\Webroot
2007-06-06 14:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-06-06 14:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-06-06 14:41 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\Webroot
2007-06-06 12:10 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-06 10:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-06 10:20 <DIR> d-------- C:\WINDOWS\pss
2007-06-05 23:51 <DIR> d-------- C:\Avenger
2007-06-04 11:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-02 12:46 82 --a------ C:\MIQNB.bat
2007-06-02 12:44 28,672 --a------ C:\ababa.exe
2007-06-01 19:15 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-01 11:01 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-06-01 11:01 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-06-01 11:01 5,910,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-01 11:01 144,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-01 11:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-06-01 11:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-01 09:46 <DIR> d-------- C:\WINDOWS\Sysbckup
2007-06-01 09:39 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2007-06-01 00:19 <DIR> d-------- C:\Program Files\RegCure
2007-05-31 15:00 28,672 --a------ C:\eaea.exe
2007-05-29 22:36 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\Sony Setup
2007-05-27 14:09 28,672 --a------ C:\joae.exe
2007-05-27 13:53 28,672 --a------ C:\joe.exe
2007-05-27 13:51 28,672 --a------ C:\aabababab.exe
2007-05-27 13:36 28,672 --a------ C:\getme.exe
2007-05-27 13:33 51,712 --a------ C:\abca.exe
2007-05-27 13:28 28,672 --a------ C:\ararar.exe
2007-05-27 13:24 28,672 --a------ C:\aabababa.exe
2007-05-27 10:21 86 --a------ C:\SCMGC.bat
2007-05-27 10:21 86 --a------ C:\QOCLH.bat
2007-05-27 10:21 86 --a------ C:\PDFIH.bat
2007-05-27 10:21 86 --a------ C:\KCRLS.bat
2007-05-27 10:21 86 --a------ C:\HJPEE.bat
2007-05-27 10:21 86 --a------ C:\FMDHI.bat
2007-05-27 10:21 86 --a------ C:\CNBEG.bat
2007-05-27 10:19 49,664 --a------ C:\areara.exe
2007-05-27 10:01 49,664 --a------ C:\abababa.exe
2007-05-27 07:06 49,664 --a------ C:\aakrkak.exe
2007-05-27 06:57 49,664 --a------ C:\kakakak.exe
2007-05-27 06:24 49,664 --a------ C:\update.exe
2007-05-27 06:24 28,672 --a------ C:\aaaab.exe
2007-05-27 06:09 49,664 --a------ C:\ababab.exe
2007-05-26 14:42 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\SlySoft
2007-05-26 14:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-05-26 14:37 <DIR> d-------- C:\Program Files\SlySoft
2007-05-26 12:27 <DIR> d-------- C:\Program Files\Azureus
2007-05-26 12:27 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\Azureus
2007-05-26 12:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-05-26 12:22 <DIR> d-------- C:\Program Files\Mythusoft
2007-05-22 14:27 <DIR> d-------- C:\Program Files\STOPzilla!
2007-05-22 14:27 <DIR> d-------- C:\Program Files\Common Files\iS3
2007-05-22 14:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZILLAbar
2007-05-22 14:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-05-22 11:07 <DIR> d-------- C:\Program Files\McAfee
2007-05-22 11:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
2007-05-22 11:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-05-20 13:26 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-05-20 13:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-05-20 13:18 <DIR> d-------- C:\KAV
2007-05-19 16:58 164 --a------ C:\install.dat
2007-05-19 16:57 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\GetRightToGo
2007-05-18 18:46 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-05-18 18:19 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-18 18:19 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\Simply Super Software
2007-05-18 11:17 <DIR> d-------- C:\Program Files\Wise Registry Cleaner
2007-05-18 11:14 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-05-18 11:14 <DIR> d-------- C:\Program Files\SpeedItUpFree
2007-05-18 09:56 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-05-18 09:53 <DIR> d-------- C:\DOCUME~1\JIMMYA~1\APPLIC~1\Help
2007-05-18 03:27 <DIR> d-------- C:\WINDOWS\system32\PAV
2007-05-16 01:06 <DIR> d-------- C:\Program Files\X-Cleaner
2007-05-15 17:38 <DIR> d--hs---- C:\Documents and Settings\JIMMYA~1\Complete
2007-05-15 17:38 <DIR> d--hs---- C:\DOCUME~1\JIMMYA~1\Complete
2007-05-15 17:38 <DIR> d-------- C:\WINDOWS\system32\SBO
2007-05-15 17:38 <DIR> d-------- C:\Temp
2007-05-11 08:41 <DIR> d-------- C:\Program Files\Image-Line

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 22:40:35 -------- d-----w C:\Program Files\America Online 9.0
2007-05-30 21:09:07 -------- d-----w C:\Program Files\Sony
2007-05-30 02:34:50 -------- d-----w C:\Program Files\Sony Setup
2007-05-25 13:47:37 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-22 18:32:17 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-18 15:10:01 -------- d-----w C:\Program Files\BAE
2007-04-27 06:06:41 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-04-25 21:02:48 -------- d-----w C:\DOCUME~1\JIMMYA~1\APPLIC~1\acccore
2007-04-25 21:01:42 -------- d-----w C:\DOCUME~1\JIMMYA~1\APPLIC~1\AOL
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-04-13 17:30:43 33,592 ----a-w C:\WINDOWS\system32\drivers\atwpkt264.sys
2007-04-13 17:30:39 25,136 ----a-w C:\WINDOWS\system32\drivers\atwpkt2.sys
2007-03-28 19:33:08 152,469 ----a-w C:\WINDOWS\Wave@MP3 Uninstaller.exe
2007-03-19 17:57:46 98,304 ----a-w C:\WINDOWS\system32\CddbLangNL.dll
2007-03-19 17:57:46 98,304 ----a-w C:\WINDOWS\system32\CddbLangFR.dll
2007-03-19 17:57:46 98,304 ----a-w C:\WINDOWS\system32\CddbLangES.dll
2007-03-19 17:57:46 98,304 ----a-w C:\WINDOWS\system32\CddbLangDE.dll
2007-03-19 17:57:46 102,400 ----a-w C:\WINDOWS\system32\CddbLangIT.dll
2007-03-19 17:57:44 77,824 ----a-w C:\WINDOWS\system32\CddbLangJA.dll
2007-03-19 17:57:44 765,952 ----a-w C:\WINDOWS\system32\CDDBUI.dll
2007-03-19 17:57:44 655,360 ----a-w C:\WINDOWS\system32\CDDBControl.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 16:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 16:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-09 23:52:52 200,768 ----a-w C:\WINDOWS\system32\klogon.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 08:15]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"CTHelper"="CTHELPER.EXE" []
"HostManager"="C:\Program Files\Common Files\AOL\1161812728\ee\AOLSoftware.exe" [2006-09-25 20:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 14:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-25 18:07]
"Windows Update Services"="C:\RECYCLER\winupdate32.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 22:29]
"SetDefaultMIDI"="MIDIDef.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-25 22:30]
"X-Cleaner Deluxe"="C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" [2007-04-16 14:18]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jimmy Aurora^Start Menu^Programs^Startup^AOL OpenRide.lnk]
path=C:\Documents and Settings\Jimmy Aurora\Start Menu\Programs\Startup\AOL OpenRide.lnk
backup=C:\WINDOWS\pss\AOL OpenRide.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - ATWPKT2

Contents of the 'Scheduled Tasks' folder
2007-06-06 12:24:10 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-09 15:25:47 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-06-08 21:00:06 C:\WINDOWS\tasks\RegCure Program Check.job
2007-06-07 15:19:56 C:\WINDOWS\tasks\RegCure.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 12:14:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

********************************************************************

Completion time: 2007-06-09 12:15:04
C:\ComboFix-quarantined-files.txt ... 2007-06-09 12:14
C:\ComboFix2.txt ... 2007-06-05 15:08
C:\ComboFix3.txt ... 2007-06-01 19:15

--- E O F ---

avg log = { i forgot to hit quarantine but these cookies always come back no matter how many times they have been quarantined, hope this doesnt screw up what we are trying to accomplish}
+ Created at: 12:10:53 PM 6/9/2007

+ Scan result:

C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@bizjournals.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Jimmy Aurora\Cookies\jimmy aurora@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.

::Report end

smitfraudfix log =

SmitFraudFix v2.194

Scan done at 12:25:11.87, Sat 06/09/2007
Run from C:\Program Files\America Online 9.0\download\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jimmy Aurora

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jimmy Aurora\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JIMMYA~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

hijackthis log =

Logfile of HijackThis v1.99.1
Scan saved at 12:58:43 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1161812728\ee\AOLSoftware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\program files\common files\aol\1161812728\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1161812728\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\1161812728\ee\aolsoftware.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\DOCUME~1\JIMMYA~1\LOCALS~1\Temp\Rar$EX41.172\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scottrade.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061020
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1161812728\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Update Services] C:\RECYCLER\winupdate32.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [X-Cleaner Deluxe] "C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe" -turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171....638189OneCC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

Body Background

skin color theme