12 replies to this topic

[Squall]

need a little help killing of some spyware, ive run Ad-aware, Spybot and still can't seem to get it.

Logfile of HijackThis v1.99.1
Scan saved at 3:38:57 PM, on 6/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ipmon.exe
C:\Documents and Settings\All Users\Application Data\gbgdotoh.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\DOCUME~1\Tom\MYDOCU~1\DOBE~1\taskmgr.exe
C:\WINDOWS\system32\ipmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {C22D4E62-D7FC-AD5E-D108-F9ADAEE073B7} - C:\WINDOWS\system32\een.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [gbgdotoh.exe] C:\Documents and Settings\All Users\Application Data\gbgdotoh.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pjaiqa] C:\WINDOWS\system32\??sks\spool32.exe
O4 - HKCU\..\Run: [Sths] "C:\DOCUME~1\Tom\MYDOCU~1\DOBE~1\taskmgr.exe" -vt ndrv
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58B7508D-07B2-468E-9D3B-B9F97F957DB9}: NameServer = 203.0.178.191
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyg32 - C:\WINDOWS\SYSTEM32\winjyg32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[Scotty]

Hi! Welcome to the Tom Coyote forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient and I'd be grateful if you would note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

My posts to you will be checked by one of the Forum Admins, so my replies may take a little longer.

[Scotty]

Hi Squall

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Download AVG Anti-Spyware.

• Install AVG Anti-Spyware.
• Launch AVG by double-clicking on the icon.
• The program will now open to the main screen.
• You will need to update AVG to the latest definition files.
• At the top of the main screen click Update.
• Then in the Manual Update section, click on Start Update.

[*]The update will start and a progress bar will show the updates being installed.
[/list]If you are having problems with the updater, you can use this link to manually update AVG.
AVG manual updates

Run a scan with AVG.

• Click on Scanner
  • Click on the Settings tab, and set the following settings.
    • How to act
    • Click on Recommended actions, and set to Quarantine.
  • How to scan
    • Check all options.
  • Possibly unwanted software.
    • Check all options.
  • Reports
    • Check Automatically generate report after every scan.
    • Uncheck Only if threats were found.
  • What to scan
    • Check Scan every file.
• Click on the Scan tab.
  • Click on Complete System Scan and the scan will begin.
  • When the scan has finished
  • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
  • At the bottom of the window click on the Apply all Actions button.

Note: Don't save the report before you hit the Apply action button.

Close AVG Anti-Spyware.

AVG will save a report in the following location C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports

Post back with the Vundofix.txt, the Avg log and a new HijackThis log

[Squall]

Done

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 4:37:23 PM 6/17/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:39:03 PM 6/17/2007

+ Scan result:



C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP605\A0112045.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP605\A0112046.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP607\A0112053.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP608\A0114075.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP608\A0114076.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP611\A0114104.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP611\A0114107.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP611\A0114108.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP614\A0114117.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP614\A0114122.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP614\A0114123.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP625\A0114275.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP625\A0114276.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP628\A0114369.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP628\A0114370.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP630\A0114378.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP630\A0114379.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP635\A0114997.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP635\A0114998.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP641\A0115042.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP641\A0115043.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP647\A0115421.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP647\A0115422.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP652\A0115677.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP653\A0115711.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP661\A0116986.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP661\A0116987.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\WіnSxS\arpa.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\een.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Tom\Desktop\the_sims_2_seasons_keygen.exe/crack.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP657\A0115881.exe/crack.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP657\A0115882.exe/crack.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Tom\Desktop\the_sims_2_seasons_keygen.exe/keygen.exe -> Downloader.LoadAdv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP657\A0115881.exe/keygen.exe -> Downloader.LoadAdv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP657\A0115882.exe/keygen.exe -> Downloader.LoadAdv : Cleaned with backup (quarantined).
C:\Documents and Settings\Tom\My Documents\Аdobe\taskmgr.exe~ -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
C:\Documents and Settings\Tom\My Documents\Аdobe\taskmgr.exe -> Downloader.PurityScan.ee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP661\A0116959.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP661\A0116983.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP661\A0116958.exe -> Downloader.PurityScan.ej : Cleaned with backup (quarantined).
C:\Documents and Settings\Tom\Desktop\WinASO.Registry.Optimizer.v3.0.8.Incl.Keygen-ViRiLiTY.rar/KeyGen.rar/keygen.exe -> Logger.Hacko : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Games\Application Data\Mozilla\Firefox\Profiles\dgoso32p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.179:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.194:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.59:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.645:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.646:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.17:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.18:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.193:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.19:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.211:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.212:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.213:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.214:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.152:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.11:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.45:C:\Documents and Settings\Games\Application Data\Mozilla\Firefox\Profiles\dgoso32p.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.43:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.47:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.48:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.49:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.57:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.66:C:\Documents and Settings\Games\Application Data\Mozilla\Firefox\Profiles\dgoso32p.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.66:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.67:C:\Documents and Settings\Games\Application Data\Mozilla\Firefox\Profiles\dgoso32p.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.67:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.68:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.6:C:\Documents and Settings\Brenton\Application Data\Mozilla\Firefox\Profiles\hnmwfio0.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.70:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.7:C:\Documents and Settings\Brenton\Application Data\Mozilla\Firefox\Profiles\hnmwfio0.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.154:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.81:C:\Documents and Settings\Games\Application Data\Mozilla\Firefox\Profiles\dgoso32p.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.82:C:\Documents and Settings\Games\Application Data\Mozilla\Firefox\Profiles\dgoso32p.default\cookies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.767:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.79:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.80:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.81:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.82:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.83:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.84:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.8:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies-4.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.8:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies-5.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.8:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies-6.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.8:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies-7.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.8:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies-8.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.633:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.50:C:\Documents and Settings\Games\Application Data\Mozilla\Firefox\Profiles\dgoso32p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Games\Application Data\Mozilla\Firefox\Profiles\dgoso32p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\Games\Application Data\Mozilla\Firefox\Profiles\dgoso32p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.637:C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profilesr510om3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.45:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.46:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\a2syq82s.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP641\A0115342.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP661\A0116976.exe -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winjyg32.dll -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\gbgdotoh.exe -> Trojan.Obfuscated.gj : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Trojan.Sinowal : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Sinowal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP605\A0112049.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP608\A0114079.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP611\A0114111.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP614\A0114126.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP625\A0114279.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP628\A0114373.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP630\A0114382.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP635\A0115001.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP641\A0115046.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP647\A0115408.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP647\A0115429.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFD5A51C-E5A3-4A02-BF04-20CE621F066E}\RP660\A0116957.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wtssvsu.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end



Logfile of HijackThis v1.99.1
Scan saved at 5:47:13 PM, on 6/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\scchk32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {902C433F-82FC-F805-DD08-F9ADAEE321E1} - C:\WINDOWS\system32\iyl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C22D4E62-D7FC-AD5E-D108-F9ADAEE073B7} - C:\WINDOWS\system32\een.dll (file missing)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gbgdotoh.exe] C:\Documents and Settings\All Users\Application Data\gbgdotoh.exe
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sths] "C:\DOCUME~1\Tom\MYDOCU~1\DOBE~1\taskmgr.exe" -vt ndrv
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58B7508D-07B2-468E-9D3B-B9F97F957DB9}: NameServer = 203.0.178.191
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[Scotty]

Hi Squall

Download and Run ComboFix

• Download this file from either of the two below listed places :
  
  http://download.blee...Bs/ComboFix.exe
  http://www.techsuppo...Bs/ComboFix.exe
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Download and run Sysclean

• Create a folder on your desktop called Sysclean.
• Go to http://www.trendmicr...ownload/dcs.asp and download sysclean package to the folder you made.
• Go to http://www.trendmicr...oad/pattern.asp and download the Virus Pattern File (Official Pattern Release) to your desktop.
  This file will be called lptXXX.zip (XXX represents the version number)
• Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX. Read here how to unzip/extract properly.
• Move the lpt$vpn.XXX to the Sysclean-folder you created on your desktop.
• Open the sysclean-folder and doubleclick sysclean.com.
• Check: "Automatically clean or delete detected files".
• Click scan.

Open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.

Scan with HijackThis again and post the new log along with the Sysclean and Combofix logs, thanks.

[Squall]

All done,



Logfile of HijackThis v1.99.1
Scan saved at 10:58:38 PM, on 6/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {902C433F-82FC-F805-DD08-F9ADAEE321E1} - C:\WINDOWS\system32\iyl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C22D4E62-D7FC-AD5E-D108-F9ADAEE073B7} - C:\WINDOWS\system32\een.dll (file missing)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gbgdotoh.exe] C:\Documents and Settings\All Users\Application Data\gbgdotoh.exe
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sths] "C:\DOCUME~1\Tom\MYDOCU~1\DOBE~1\taskmgr.exe" -vt ndrv
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58B7508D-07B2-468E-9D3B-B9F97F957DB9}: NameServer = 203.0.178.191
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe









/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2007-06-17, 21:59:16, Auto-clean mode specified.
2007-06-17, 21:59:16, Running scanner "C:\Documents and Settings\Tom\Desktop\Sysclean\TSC.BIN"...
2007-06-17, 21:59:27, Scanner "C:\Documents and Settings\Tom\Desktop\Sysclean\TSC.BIN" has finished running.
2007-06-17, 21:59:27, TSC Log:

Damage Cleanup Engine (DCE) 5.3(Build 1103)
Windows XP(Build 2600: Service Pack 2)

Start time : Sun Jun 17 2007 21:59:16

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Tom\Desktop\Sysclean\TMRDCT.ptn" (version ) [fail]
Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Tom\Desktop\Sysclean\tsc.ptn" (version 870) [success]

Complete time : Sun Jun 17 2007 21:59:27
Execute pattern count(3095), Virus found count(0), Virus clean count(0), Clean failed count(0)

2007-06-17, 21:59:29, An error was detected on "C:\Documents and Settings\Tom\Application Data\??stem32\*.*": The filename, directory name, or volume label syntax is incorrect.
2007-06-17, 22:00:50, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2007-06-17, 22:50:30, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 6/17/2007 22:00:54
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 539 (199845 Patterns) (2007/06/16) (453900)
Command Line: C:\Documents and Settings\Tom\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Tom\Desktop\Sysclean

129720 files have been read.
129720 files have been checked.
99247 files have been scanned.
274360 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/17/2007 22:50:29
---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-17, 22:50:30, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 6/17/2007 22:00:54
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 539 (199845 Patterns) (2007/06/16) (453900)
Command Line: C:\Documents and Settings\Tom\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Tom\Desktop\Sysclean

129720 files have been read.
129720 files have been checked.
99247 files have been scanned.
274360 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/17/2007 22:50:29 49 minutes 34 seconds (2974.78 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-17, 22:50:30, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 6/17/2007 22:00:54
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 539 (199845 Patterns) (2007/06/16) (453900)
Command Line: C:\Documents and Settings\Tom\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Tom\Desktop\Sysclean

129720 files have been read.
129720 files have been checked.
99247 files have been scanned.
274360 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/17/2007 22:50:29 49 minutes 34 seconds (2974.78 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-06-17, 22:50:30, Scanner "C:\Documents and Settings\Tom\Desktop\Sysclean\VSCANTM.BIN" has finished running.







ComboFix 07-06-13.3 - C:\Documents and Settings\Tom\Desktop\ComboFix.exe
"Tom" - 2007-06-17 21:44:10 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Tom\APPLIC~1.\appatc~1
C:\DOCUME~1\Tom\APPLIC~1.\crosof~1.net
C:\DOCUME~1\Tom\APPLIC~1.\dobe~1
C:\DOCUME~1\Tom\APPLIC~1.\fnts~1
C:\DOCUME~1\Tom\APPLIC~1.\icroso~1.net
C:\DOCUME~1\Tom\MYDOCU~1.\dobe~1
C:\DOCUME~1\Tom\MYDOCU~1.\ecurit~1
C:\DOCUME~1\Tom\MYDOCU~1.\pppatc~1
C:\DOCUME~1\Tom\MYDOCU~1.\racle~1
C:\DOCUME~1\Tom\MYDOCU~1.\sembly~1
C:\DOCUME~1\Tom\MYDOCU~1.\sstem~1
C:\DOCUME~1\Tom\MYDOCU~1.\ystem~1
C:\Program Files\appatc~1
C:\Program Files\asks~1
C:\Program Files\Common Files\{B4F0A~2
C:\Program Files\Common Files\asembl~1
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\microsoft shared\web folders\ibm00003.dll
C:\Program Files\Common Files\microsoft shared\web folders\ibm00004.dll
C:\Program Files\Common Files\microsoft shared\web folders\ibm00005.dll
C:\Program Files\Common Files\microsoft shared\web folders\ibm00006.dll
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Common Files\ymante~1
C:\Program Files\dobe~1
C:\Program Files\install.log
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\sembly~1
C:\Program Files\smbols~1
C:\Program Files\stem~1
C:\Program Files\ystem~1
C:\WINDOWS\icroso~1
C:\WINDOWS\ppatch~1
C:\WINDOWS\pppatc~1
C:\WINDOWS\smante~1
C:\WINDOWS\sstem~1
C:\WINDOWS\stem~1
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\ssembl~1
C:\WINDOWS\wnsxs~1


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_COM+_MESSAGES


((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))


2007-06-17 21:43 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 17:43 100,096 --a------ C:\mevqvvvb2.exe
2007-06-17 17:05 <DIR> d-------- C:\WINDOWS\system32\mevqvvvb
2007-06-17 16:43 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-17 16:37 <DIR> d-------- C:\VundoFix Backups
2007-06-17 16:32 651 --a------ C:\mevqvvvb1.exe
2007-06-16 23:06 662 --a------ C:\mevqvvvb3.exe
2007-06-16 22:04 286,720 --a------ C:\WINDOWS\system32\scchk32.exe
2007-06-16 20:31 <DIR> d-------- C:\DOCUME~1\Games\APPLIC~1\Talkback
2007-06-16 19:51 1,048,576 --ah----- C:\DOCUME~1\Games\NTUSER.DAT
2007-06-13 19:15 <DIR> d-------- C:\Program Files\Lionhead Studios
2007-06-11 17:30 75,625 --a------ C:\WINDOWS\War3Unin.dat
2007-06-11 17:30 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-06-11 17:30 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-06-11 14:29 <DIR> d-------- C:\Program Files\WinASO
2007-06-11 14:22 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-11 14:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-09 23:36 754,808 --a------ C:\WINDOWS\system32\LiveProtectSetup.exe
2007-06-09 21:44 967 --a------ C:\WINDOWS\ScUnin.pif
2007-06-09 21:44 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-06-09 21:44 35,190 --a------ C:\WINDOWS\scunin.dat
2007-06-09 19:19 <DIR> d-------- C:\DOCUME~1\Guest\Contacts
2007-06-09 19:19 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Google
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-02 15:13 <DIR> d-------- C:\DOCUME~1\Tom\APPLIC~1\??stem32
2007-05-26 20:00 <DIR> d-------- C:\Program Files\Starcraft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 11:50:37 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-06-17 11:41:45 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-06-17 11:17:51 -------- d-----w C:\Program Files\Warcraft III
2007-06-17 07:52:05 -------- d-----w C:\Program Files\mIRC
2007-06-13 09:15:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-11 04:22:36 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-11 04:03:50 -------- d-----w C:\Program Files\SpywareBlaster
2007-06-10 12:59:06 1,187 ----a-w C:\WINDOWS\eReg.dat
2007-06-10 12:14:33 -------- d-----w C:\Program Files\EA GAMES
2007-06-03 11:56:56 -------- d-----w C:\Program Files\BitComet
2007-06-03 09:21:02 -------- d-----w C:\Program Files\THQ
2007-06-03 09:20:06 -------- d-----w C:\Program Files\Telltale Games
2007-06-03 09:17:30 -------- d-----w C:\Program Files\BF2G15Mod
2007-06-02 05:13:14 -------- d-----w C:\DOCUME~1\Tom\APPLIC~1\??stem32
2007-06-01 07:16:49 -------- d-----w C:\Program Files\City of Heroes
2007-06-01 07:10:12 -------- d-----w C:\Program Files\World of Warcraft
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:34:23 -------- d-----w C:\DOCUME~1\Tom\APPLIC~1\U3
2007-04-27 06:26:43 1,324 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-22 05:34:20 -------- d-----w C:\DOCUME~1\Tom\APPLIC~1\My Games
2007-04-22 05:33:40 163,644 ----a-w C:\WINDOWS\system32\drivers\SECDRV.SYS
2007-04-22 03:50:16 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-22 03:50:09 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-04-22 03:31:23 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-04-22 03:16:30 -------- d-----w C:\Program Files\Electronic Arts
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-13 05:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 03:16]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 15:19]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 00:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{902C433F-82FC-F805-DD08-F9ADAEE321E1}=C:\WINDOWS\system32\iyl.dll []
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 22:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-15 18:07]
{C22D4E62-D7FC-AD5E-D108-F9ADAEE073B7}=C:\WINDOWS\system32\een.dll []
{F156768E-81EF-470C-9057-481BA8380DBA}=C:\PROGRA~1\FlashGet\getflash.dll [2006-09-12 10:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 08:42]
"PtiuPbmd"="ptipbm.dll" [2003-01-16 08:41 C:\WINDOWS\system32\ptipbm.dll]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44]
"vptray"="C:\PROGRA~1\SYMANT~1\\vptray.exe" [2004-03-12 14:18]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 11:22 C:\WINDOWS\system32\nvmctray.dll]
"gbgdotoh.exe"="C:\Documents and Settings\All Users\Application Data\gbgdotoh.exe" []
"ipmon"="ipmon.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2005-04-18 11:16]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 18:07]
"Sths"="C:\DOCUME~1\Tom\MYDOCU~1\DOBE~1\taskmgr.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 22:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyg32]
winjyg32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
NtmlSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a44838d-d2b8-11db-97c3-000ea66bd1e6}]


Contents of the 'Scheduled Tasks' folder
2007-06-17 11:52:11 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 21:50:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-17 21:52:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-17 21:52

--- E O F ---

[Scotty]

Hi Squall

Please go to Jotti, click on Browse, and upload the following files for analysis:

C:\WINDOWS\system32\scchk32.exe
C:\DOCUME~1\Tom\MYDOCU~1\DOBE~1\taskmgr.exe
C:\Documents and Settings\All Users\Application Data\gbgdotoh.exe
C:\mevqvvvb1.exe.

Post the results back here.

[Squall]

C:\WINDOWS\system32\scchk32.exe Scan taken on 18 Jun 2007 09:49:48 (GMT) A-Squared Found nothing AntiVir Found TR/Crypt.XPACK.Gen ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found Trojan.Dropper-638 Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found Trojan.DL.Obfuscated.gs VirusBuster Found nothing VBA32 Found nothing C:\DOCUME~1\Tom\MYDOCU~1\DOBE~1\taskmgr.exe The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file C:\Documents and Settings\All Users\Application Data\gbgdotoh.exe The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file C:\mevqvvvb1.exe. Scan taken on 18 Jun 2007 09:58:36 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Thats what i got

[Scotty]

Hi squall

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):
O2 - BHO: (no name) - {902C433F-82FC-F805-DD08-F9ADAEE321E1} - C:\WINDOWS\system32\iyl.dll (file missing)
O2 - BHO: (no name) - {C22D4E62-D7FC-AD5E-D108-F9ADAEE073B7} - C:\WINDOWS\system32\een.dll (file missing)
O4 - HKLM\..\Run: [gbgdotoh.exe] C:\Documents and Settings\All Users\Application Data\gbgdotoh.exe
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKCU\..\Run: [Sths] "C:\DOCUME~1\Tom\MYDOCU~1\DOBE~1\taskmgr.exe" -vt ndrv
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)


WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.

Reboot into SAFE MODEBy pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

If it does not work on the first try, reboot and try again, as you have to be quick when you press it.

I have found that during boot up, right after the computer displays the equipment , memory, etc
installed on your computer, if you start lightly tapping the F8 key, the system will usually display the menu.
To enable the viewing of Hidden files follow these steps:

• Close all programs so that you are at your desktop.
• Double-click on the My Computer icon (or click Start, then select My Computer)
• Select the Tools menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and shutdown My Computer.
  Now your computer is configured to show all hidden files.

Use Explorer to navigate to and delete the following files and/or folders (if they are present):

Files:

• C:\Documents and Settings\All Users\Application Data\gbgdotoh.exe
• C:\WINDOWS\nircmd.exe
• C:\WINDOWS\system32\mevqvvvb
• C:\mevqvvvb1.exe
• C:\mevqvvvb2.exe
• C:\mevqvvvb3.exe
• C:\WINDOWS\system32\scchk32.exe
• C:\WINDOWS\system32\drivers\AvgAsCln.sys
• C:\WINDOWS\ScUnin.pif
• C:\WINDOWS\ScUnin.exe
• C:\WINDOWS\scunin.dat
• C:\DOCUME~1\Tom\APPLIC~1\??stem32 <----------- probably system32, within the Application Data folder
  
• C:\WINDOWS\system32\d3d9caps.dat

Folders:

• C:\DOCUME~1\Tom\MYDOCU~1\DOBE~1 <--- look for a folder in My Documents beginning with DOBE

Using Windows search, attempt to locate and delete the following:

• [b]ipmon.exe
  

Reboot into Normal Mode then scan again with HijackThis and post the new log.

[Squall]

did all steps

Logfile of HijackThis v1.99.1
Scan saved at 5:21:03 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58B7508D-07B2-468E-9D3B-B9F97F957DB9}: NameServer = 203.0.178.191
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[Scotty]

Hi squall

You could uninstall AVG Anti-Spyware now. Having it running alongside Adaware will possibly slow your pc down.

I would advise updating Adobe Reader, as the latest version clears up any vulnerabilities of previous versions.
First uninstall the version you have on your computer then download and install Adobe Reader 8.1.

This is my usual speech for when you are clean, which you appear to be.

Please follow these simple steps in order to keep your computer clean and secure:

• Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable
  and reenable system restore to make sure there are no infected files found in a restore point.
  
  You can find instructions on how to enable and reenable system restore here:
  
  Managing Windows Millenium System Restore
  
  or
  
  Windows XP System Restore Guide
  
  Re-enable system restore with instructions from tutorial above
  
  
• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine.
  This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online & their stand-alone antivirus programs:
  
  Virus, Spyware, and Malware Protection and Removal Resources
  
  
• Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
  (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
  Without a firewall your computer is succeptible to being hacked and taken over.
  I am very serious about this and see it happen almost every day with my clients.
  Simply using a Firewall in its default configuration can lower your risk greatly.
  
  For a tutorial on Firewalls and a listing of some available ones see the link below:
  
  Understanding and Using Firewalls
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
  This will ensure your computer has always the latest security updates available installed on your computer.
  If there are new updates to install, install them immediately, reboot your computer, and revisit the site
  until there are no more critical updates.
  
  
• Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
  This will provide realtime spyware & hijacker protection on your computer alongside your virus protection.
  You should also scan your computer with this program on a regular basis just as you would an antivirus software.
  
  A tutorial on installing & using this product can be found here:
  
  Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  
  
• Install Ad-Aware - Download and install Ad-Aware.
  You should also scan your computer with this program on a regular basis
  just as you would an antivirus software in conjunction with Spybot.
  
  A tutorial on installing & using this product can be found here:
  
  Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
  
  
• Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
  settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  
  Using IE-SPYAD to help block unwanted sites and activities
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly.
  Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

[Squall]

thank you very very much for your help, fantastic job, i am most greatfull

[LDTate]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php