WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Trojan.Virtumonde and Downloader.ConHook HELL

Started by manolo bleu , Nov 28 2007 10:30 AM

This topic is locked

14 replies to this topic

#1 manolo bleu

New Member

New Member
7 posts

Posted 28 November 2007 - 10:30 AM

I cant tell you how fustrating this is for me. I have never has a virus in my 20+ years of computing. I have tried everything and nothing seems to delete "mlljk.dll" from my registry. I have tried VundoFix and Virtumondebegone, renamed them and they still can not find the files. I have installed Spyware Doctor, Ad-aware, Spybot, Spy Sweeper, used Killbot to manually delete files and this bugger still wont leave! I have read countless posts and treads online and still am back where I started.

Please help...please...

Here is my Virtumondebegone log and** Hackthis log. **note** i had to rename in order to even locate files and they will not delete when checked.

[11/26/2007, 16:20:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Owner\Desktop\VirtumundoBeGone.exe" )
[11/26/2007, 16:21:03] - Detected System Information:
[11/26/2007, 16:21:03] - Windows Version: 5.1.2600, Service Pack 2
[11/26/2007, 16:21:03] - Current Username: Compaq_Owner (Admin)
[11/26/2007, 16:21:03] - Windows is in NORMAL mode.
[11/26/2007, 16:21:03] - Searching for Browser Helper Objects:
[11/26/2007, 16:21:03] - BHO 1: {044250FC-36C5-48B8-AB5C-692419D03883} ()
[11/26/2007, 16:21:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/26/2007, 16:21:04] - No filename found. Continuing.
[11/26/2007, 16:21:04] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[11/26/2007, 16:21:04] - BHO 3: {0D39A900-0F3A-4C29-A254-3E65244FDC34} (ContextHelper)
[11/26/2007, 16:21:04] - BHO 4: {1a67b0dc-03ca-42e4-9bef-a30a132dafcd} ()
[11/26/2007, 16:21:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/26/2007, 16:21:04] - Checking for HKLM\...\Winlogon\Notify\tojnmlyg
[11/26/2007, 16:21:04] - Key not found: HKLM\...\Winlogon\Notify\tojnmlyg, continuing.
[11/26/2007, 16:21:04] - BHO 5: {1C1DD717-53B2-485E-A17B-C9977C205E10} ()
[11/26/2007, 16:21:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/26/2007, 16:21:04] - No filename found. Continuing.
[11/26/2007, 16:21:05] - BHO 6: {1CCAE7CC-7709-43F2-A578-4D8B3D445186} ()
[11/26/2007, 16:21:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/26/2007, 16:21:05] - No filename found. Continuing.
[11/26/2007, 16:21:05] - BHO 7: {1E57D3CF-F804-47B5-893B-774A50534055} ()
[11/26/2007, 16:21:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/26/2007, 16:21:05] - No filename found. Continuing.
[11/26/2007, 16:21:05] - BHO 8: {24A59DCD-3E8F-43EA-83E3-F40234949A19} ()
[11/26/2007, 16:21:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/26/2007, 16:21:05] - Checking for HKLM\...\Winlogon\Notify\mlljk
[11/26/2007, 16:21:05] - Key not found: HKLM\...\Winlogon\Notify\mlljk, continuing.
[11/26/2007, 16:21:05] - BHO 9: {33628043-A4B2-4A2D-9840-D322BD02183E} ()
[11/26/2007, 16:21:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/26/2007, 16:21:06] - No filename found. Continuing.
[11/26/2007, 16:21:06] - BHO 10: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/26/2007, 16:21:06] - BHO 11: {695FB7DE-B99A-493A-8661-347029E3685C} ()
[11/26/2007, 16:21:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/26/2007, 16:21:06] - No filename found. Continuing.
[11/26/2007, 16:21:06] - BHO 12: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/26/2007, 16:21:06] - BHO 13: {8A0CDDD6-D1AD-423B-BCB1-BF51502D42D5} ()
[11/26/2007, 16:21:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/26/2007, 16:21:06] - No filename found. Continuing.
[11/26/2007, 16:21:06] - BHO 14: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[11/26/2007, 16:21:06] - BHO 15: {A20BD310-872B-4D97-B35C-3DD4AD01362C} ()
[11/26/2007, 16:21:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/26/2007, 16:21:07] - No filename found. Continuing.
[11/26/2007, 16:21:07] - BHO 16: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[11/26/2007, 16:21:07] - BHO 17: {A96B3405-748E-4E4C-A6E8-492B47D7639B} ()
[11/26/2007, 16:21:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/26/2007, 16:21:07] - No filename found. Continuing.
[11/26/2007, 16:21:07] - BHO 18: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/26/2007, 16:21:07] - Finished Searching Browser Helper Objects
[11/26/2007, 16:21:07] - Finishing up...
[11/26/2007, 16:21:07] - Nothing found! Exiting...

[11/27/2007, 22:15:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Owner\Desktop\VirtumundoBeGone.exe" )
[11/27/2007, 22:15:38] - Detected System Information:
[11/27/2007, 22:15:38] - Windows Version: 5.1.2600, Service Pack 2
[11/27/2007, 22:15:38] - Current Username: Compaq_Owner (Admin)
[11/27/2007, 22:15:38] - Windows is in SAFE mode with Networking.
[11/27/2007, 22:15:38] - Searching for Browser Helper Objects:
[11/27/2007, 22:15:38] - BHO 1: {044250FC-36C5-48B8-AB5C-692419D03883} ()
[11/27/2007, 22:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 22:15:38] - No filename found. Continuing.
[11/27/2007, 22:15:38] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[11/27/2007, 22:15:38] - BHO 3: {0D39A900-0F3A-4C29-A254-3E65244FDC34} (ContextHelper)
[11/27/2007, 22:15:38] - BHO 4: {1C1DD717-53B2-485E-A17B-C9977C205E10} ()
[11/27/2007, 22:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 22:15:38] - No filename found. Continuing.
[11/27/2007, 22:15:38] - BHO 5: {1CCAE7CC-7709-43F2-A578-4D8B3D445186} ()
[11/27/2007, 22:15:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 22:15:38] - No filename found. Continuing.
[11/27/2007, 22:15:38] - BHO 6: {1E57D3CF-F804-47B5-893B-774A50534055} ()
[11/27/2007, 22:15:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 22:15:39] - No filename found. Continuing.
[11/27/2007, 22:15:39] - BHO 7: {24A59DCD-3E8F-43EA-83E3-F40234949A19} ()
[11/27/2007, 22:15:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 22:15:39] - No filename found. Continuing.
[11/27/2007, 22:15:39] - BHO 8: {33628043-A4B2-4A2D-9840-D322BD02183E} ()
[11/27/2007, 22:15:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 22:15:39] - No filename found. Continuing.
[11/27/2007, 22:15:39] - BHO 9: {492e663e-a116-4edb-9be9-833c850405a7} ()
[11/27/2007, 22:15:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 22:15:39] - Checking for HKLM\...\Winlogon\Notify\xcsqqgoy
[11/27/2007, 22:15:39] - Key not found: HKLM\...\Winlogon\Notify\xcsqqgoy, continuing.
[11/27/2007, 22:15:39] - BHO 10: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/27/2007, 22:15:39] - BHO 11: {56BBB2A8-01F4-4178-B539-D7C17C86D4C6} ()
[11/27/2007, 22:15:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 22:15:39] - Checking for HKLM\...\Winlogon\Notify\mlljk
[11/27/2007, 22:15:39] - Key not found: HKLM\...\Winlogon\Notify\mlljk, continuing.
[11/27/2007, 22:15:39] - BHO 12: {695FB7DE-B99A-493A-8661-347029E3685C} ()
[11/27/2007, 22:15:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 22:15:39] - No filename found. Continuing.
[11/27/2007, 22:15:39] - BHO 13: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/27/2007, 22:15:39] - BHO 14: {8A0CDDD6-D1AD-423B-BCB1-BF51502D42D5} ()
[11/27/2007, 22:15:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 22:15:39] - No filename found. Continuing.
[11/27/2007, 22:15:39] - BHO 15: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[11/27/2007, 22:15:39] - BHO 16: {A20BD310-872B-4D97-B35C-3DD4AD01362C} ()
[11/27/2007, 22:15:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 22:15:39] - No filename found. Continuing.
[11/27/2007, 22:15:39] - BHO 17: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[11/27/2007, 22:15:39] - BHO 18: {A96B3405-748E-4E4C-A6E8-492B47D7639B} ()
[11/27/2007, 22:15:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/27/2007, 22:15:39] - No filename found. Continuing.
[11/27/2007, 22:15:39] - BHO 19: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/27/2007, 22:15:39] - Finished Searching Browser Helper Objects
[11/27/2007, 22:15:39] - Finishing up...
[11/27/2007, 22:15:39] - Nothing found! Exiting...

[11/28/2007, 0:13:32] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Owner\Desktop\bunny.exe" )
[11/28/2007, 0:13:41] - Detected System Information:
[11/28/2007, 0:13:41] - Windows Version: 5.1.2600, Service Pack 2
[11/28/2007, 0:13:41] - Current Username: Compaq_Owner (Admin)
[11/28/2007, 0:13:41] - Windows is in NORMAL mode.
[11/28/2007, 0:13:41] - Searching for Browser Helper Objects:
[11/28/2007, 0:13:41] - BHO 1: {044250FC-36C5-48B8-AB5C-692419D03883} ()
[11/28/2007, 0:13:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 0:13:41] - No filename found. Continuing.
[11/28/2007, 0:13:42] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[11/28/2007, 0:13:42] - BHO 3: {0D39A900-0F3A-4C29-A254-3E65244FDC34} (ContextHelper)
[11/28/2007, 0:13:42] - BHO 4: {1CCAE7CC-7709-43F2-A578-4D8B3D445186} ()
[11/28/2007, 0:13:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 0:13:42] - No filename found. Continuing.
[11/28/2007, 0:13:42] - BHO 5: {1E57D3CF-F804-47B5-893B-774A50534055} ()
[11/28/2007, 0:13:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 0:13:42] - No filename found. Continuing.
[11/28/2007, 0:13:42] - BHO 6: {24A59DCD-3E8F-43EA-83E3-F40234949A19} ()
[11/28/2007, 0:13:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 0:13:42] - No filename found. Continuing.
[11/28/2007, 0:13:43] - BHO 7: {33628043-A4B2-4A2D-9840-D322BD02183E} ()
[11/28/2007, 0:13:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 0:13:43] - No filename found. Continuing.
[11/28/2007, 0:13:43] - BHO 8: {492e663e-a116-4edb-9be9-833c850405a7} ()
[11/28/2007, 0:13:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 0:13:43] - Checking for HKLM\...\Winlogon\Notify\xcsqqgoy
[11/28/2007, 0:13:43] - Key not found: HKLM\...\Winlogon\Notify\xcsqqgoy, continuing.
[11/28/2007, 0:13:43] - BHO 9: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/28/2007, 0:13:44] - BHO 10: {695FB7DE-B99A-493A-8661-347029E3685C} ()
[11/28/2007, 0:13:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 0:13:44] - No filename found. Continuing.
[11/28/2007, 0:13:44] - BHO 11: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/28/2007, 0:13:44] - BHO 12: {7EDA3C14-705C-44B1-B3B9-646C9DA9377A} ()
[11/28/2007, 0:13:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 0:13:44] - Checking for HKLM\...\Winlogon\Notify\mlljk
[11/28/2007, 0:13:44] - Key not found: HKLM\...\Winlogon\Notify\mlljk, continuing.
[11/28/2007, 0:13:44] - BHO 13: {8A0CDDD6-D1AD-423B-BCB1-BF51502D42D5} ()
[11/28/2007, 0:13:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 0:13:44] - No filename found. Continuing.
[11/28/2007, 0:13:44] - BHO 14: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[11/28/2007, 0:13:44] - BHO 15: {A20BD310-872B-4D97-B35C-3DD4AD01362C} ()
[11/28/2007, 0:13:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 0:13:45] - No filename found. Continuing.
[11/28/2007, 0:13:45] - BHO 16: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[11/28/2007, 0:13:45] - BHO 17: {A96B3405-748E-4E4C-A6E8-492B47D7639B} ()
[11/28/2007, 0:13:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 0:13:45] - No filename found. Continuing.
[11/28/2007, 0:13:45] - BHO 18: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/28/2007, 0:13:45] - Finished Searching Browser Helper Objects
[11/28/2007, 0:13:45] - Finishing up...
[11/28/2007, 0:13:45] - Nothing found! Exiting...

[11/28/2007, 10:25:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Compaq_Owner\Desktop\bunny.exe" )
[11/28/2007, 10:25:13] - Detected System Information:
[11/28/2007, 10:25:13] - Windows Version: 5.1.2600, Service Pack 2
[11/28/2007, 10:25:13] - Current Username: Compaq_Owner (Admin)
[11/28/2007, 10:25:13] - Windows is in NORMAL mode.
[11/28/2007, 10:25:13] - Searching for Browser Helper Objects:
[11/28/2007, 10:25:13] - BHO 1: {044250FC-36C5-48B8-AB5C-692419D03883} ()
[11/28/2007, 10:25:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 10:25:14] - No filename found. Continuing.
[11/28/2007, 10:25:14] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[11/28/2007, 10:25:14] - BHO 3: {0D39A900-0F3A-4C29-A254-3E65244FDC34} (ContextHelper)
[11/28/2007, 10:25:14] - BHO 4: {1CCAE7CC-7709-43F2-A578-4D8B3D445186} ()
[11/28/2007, 10:25:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 10:25:14] - No filename found. Continuing.
[11/28/2007, 10:25:14] - BHO 5: {1E57D3CF-F804-47B5-893B-774A50534055} ()
[11/28/2007, 10:25:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 10:25:14] - No filename found. Continuing.
[11/28/2007, 10:25:14] - BHO 6: {24A59DCD-3E8F-43EA-83E3-F40234949A19} ()
[11/28/2007, 10:25:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 10:25:14] - No filename found. Continuing.
[11/28/2007, 10:25:14] - BHO 7: {2CB22A05-79D4-4758-B343-2E7E0666AFF8} ()
[11/28/2007, 10:25:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 10:25:15] - Checking for HKLM\...\Winlogon\Notify\mlljk
[11/28/2007, 10:25:15] - Key not found: HKLM\...\Winlogon\Notify\mlljk, continuing.
[11/28/2007, 10:25:15] - BHO 8: {33628043-A4B2-4A2D-9840-D322BD02183E} ()
[11/28/2007, 10:25:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 10:25:15] - No filename found. Continuing.
[11/28/2007, 10:25:15] - BHO 9: {492e663e-a116-4edb-9be9-833c850405a7} ()
[11/28/2007, 10:25:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 10:25:15] - Checking for HKLM\...\Winlogon\Notify\xcsqqgoy
[11/28/2007, 10:25:15] - Key not found: HKLM\...\Winlogon\Notify\xcsqqgoy, continuing.
[11/28/2007, 10:25:15] - BHO 10: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[11/28/2007, 10:25:15] - BHO 11: {695FB7DE-B99A-493A-8661-347029E3685C} ()
[11/28/2007, 10:25:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 10:25:15] - No filename found. Continuing.
[11/28/2007, 10:25:15] - BHO 12: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/28/2007, 10:25:15] - BHO 13: {7EDA3C14-705C-44B1-B3B9-646C9DA9377A} ()
[11/28/2007, 10:25:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 10:25:16] - No filename found. Continuing.
[11/28/2007, 10:25:16] - BHO 14: {8A0CDDD6-D1AD-423B-BCB1-BF51502D42D5} ()
[11/28/2007, 10:25:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 10:25:16] - No filename found. Continuing.
[11/28/2007, 10:25:16] - BHO 15: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[11/28/2007, 10:25:16] - BHO 16: {A20BD310-872B-4D97-B35C-3DD4AD01362C} ()
[11/28/2007, 10:25:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 10:25:16] - No filename found. Continuing.
[11/28/2007, 10:25:16] - BHO 17: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[11/28/2007, 10:25:16] - BHO 18: {A96B3405-748E-4E4C-A6E8-492B47D7639B} ()
[11/28/2007, 10:25:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/28/2007, 10:25:16] - No filename found. Continuing.
[11/28/2007, 10:25:16] - BHO 19: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/28/2007, 10:25:16] - Finished Searching Browser Helper Objects
[11/28/2007, 10:25:17] - Finishing up...
[11/28/2007, 10:25:17] - Nothing found! Exiting...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:27 AM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Compaq_Owner\Desktop\fuzzybunny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: (no name) - {044250FC-36C5-48B8-AB5C-692419D03883} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: (no name) - {1CCAE7CC-7709-43F2-A578-4D8B3D445186} - (no file)
O2 - BHO: (no name) - {1E57D3CF-F804-47B5-893B-774A50534055} - (no file)
O2 - BHO: (no name) - {24A59DCD-3E8F-43EA-83E3-F40234949A19} - (no file)
O2 - BHO: (no name) - {2CB22A05-79D4-4758-B343-2E7E0666AFF8} - C:\WINDOWS\system32\mlljk.dll
O2 - BHO: (no name) - {33628043-A4B2-4A2D-9840-D322BD02183E} - (no file)
O2 - BHO: {7a504058-c338-9eb9-bde4-611ae366e294} - {492e663e-a116-4edb-9be9-833c850405a7} - C:\WINDOWS\system32\xcsqqgoy.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {695FB7DE-B99A-493A-8661-347029E3685C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7EDA3C14-705C-44B1-B3B9-646C9DA9377A} - (no file)
O2 - BHO: (no name) - {8A0CDDD6-D1AD-423B-BCB1-BF51502D42D5} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A20BD310-872B-4D97-B35C-3DD4AD01362C} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {A96B3405-748E-4E4C-A6E8-492B47D7639B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WordPerfect Office 1215] "C:\Program Files\WordPerfect Office 12\Programs\Registration.exe" /title="WordPerfect Office 12" /date=121107 serial=<serial number removed>
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O8 - Extra context menu item: &Search - ?p=ZNxdm117KLUS
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12762 bytes

**UPDATE*** 11/29/07 10am

I know you guys here are super busy with these logs so I figured I'd do a lil self help. I have done a lot of reading and I think I managed to get MLLJK.dll out of my computer. Here is my Combofix log and my updated Hijackthis log file...Please let me know what you see

ComboFix 07-11-29.3 - Compaq_Owner 2007-11-29 0:58:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.614 [GMT -6:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\Compaq_Owner\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Compaq_Owner\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Compaq_Owner\Favorites\Online Security Guide.lnk
C:\setup.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ahlpnmuj.dll
C:\WINDOWS\system32\chupwgeb.dll
C:\WINDOWS\system32\gdyadeli.dll
C:\WINDOWS\system32\gjdhmihv.dll
C:\WINDOWS\system32\jbpuvjbc.dll
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini2
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mtxrmhmm.dll
C:\WINDOWS\system32\owgwhptn.dll
C:\WINDOWS\system32\tmpqmksq.dll
C:\WINDOWS\system32\vpbkkjbg.dll
C:\WINDOWS\system32\xdhinwxl.ini
C:\WINDOWS\system32\xdhinwxl.ini2
C:\WINDOWS\system32\xdhinwxl.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-27 21:36 . 2007-11-27 21:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-27 21:36 . 2007-11-27 21:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 21:36 . 2007-11-27 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-26 17:30 . 2007-11-26 17:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-26 14:11 . 2007-11-26 14:11 <DIR> d-------- C:\Program Files\Webroot
2007-11-26 14:11 . 2007-11-26 14:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-26 14:11 . 2007-11-26 14:11 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Webroot
2007-11-26 14:11 . 2007-11-26 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-26 14:11 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-11-26 14:08 . 2007-11-26 14:08 164 --a------ C:\install.dat
2007-11-26 13:31 . 2007-11-26 13:31 <DIR> d-------- C:\VundoFix Backups
2007-11-26 11:33 . 2007-08-08 20:02 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-11-26 11:32 . 2007-11-26 11:32 <DIR> d-------- C:\Program Files\Comodo
2007-11-26 10:57 . 2007-11-26 11:45 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-26 10:57 . 2007-11-26 10:57 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\PC Tools
2007-11-26 10:57 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-26 10:57 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-26 10:57 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-17 18:56 . 2007-11-17 20:04 428 --a------ C:\WINDOWS\wininit.ini
2007-11-16 23:34 . 2007-11-27 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 20:39 . 2007-11-14 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 06:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-28 07:04 --------- d-----w C:\Program Files\Java
2007-11-17 06:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 06:28 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-17 06:27 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks
2007-10-26 02:22 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Audacity
2007-10-18 06:16 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-10-01 22:24 23,864 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-01 22:24 21,816 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-01 22:24 20,280 ----a-w C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-10-01 22:24 163,640 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2006-04-28 02:20 24,192 ----a-w C:\Documents and Settings\Compaq_Owner\usbsermptxp.sys
2006-04-28 02:20 22,768 ----a-w C:\Documents and Settings\Compaq_Owner\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{044250FC-36C5-48B8-AB5C-692419D03883}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CCAE7CC-7709-43F2-A578-4D8B3D445186}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E57D3CF-F804-47B5-893B-774A50534055}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24A59DCD-3E8F-43EA-83E3-F40234949A19}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33628043-A4B2-4A2D-9840-D322BD02183E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{492e663e-a116-4edb-9be9-833c850405a7}]
C:\WINDOWS\system32\xcsqqgoy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{695FB7DE-B99A-493A-8661-347029E3685C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EDA3C14-705C-44B1-B3B9-646C9DA9377A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A0CDDD6-D1AD-423B-BCB1-BF51502D42D5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A20BD310-872B-4D97-B35C-3DD4AD01362C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A96B3405-748E-4E4C-A6E8-492B47D7639B}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-24 20:46]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-07-27 00:58]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-23 14:43]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE]
"WordPerfect Office 1215"="C:\Program Files\WordPerfect Office 12\Programs\Registration.exe" [2004-03-08 07:36]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 12:26]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-11 21:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlljk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NewShortcut1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NewShortcut1.lnk
backup=C:\WINDOWS\pss\NewShortcut1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCSService]
2003-08-21 14:12 32768 --a------ C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 06:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Air Utility]
2003-09-03 15:49 3358720 --a------ C:\Program Files\D-Link\Air Utility\AirCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2005-07-27 00:58 405583 --a------ C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 06:38 241664 --a--c--- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-04 15:28 49152 --a--c--- C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 17:04 52736 --a------ c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IcoSet]
c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-07 15:55 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-11 21:02 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2003-09-12 21:13 98304 --a------ C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 21:43 233472 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-05-08 03:17 81920 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-01-24 20:46 171448 --a------ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlog]
winlog.exe

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R3 HidMouse;HidMouse;C:\WINDOWS\system32\Drivers\HidMouse.sys
S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-29 04:49:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-17 02:00:23 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2007-11-29 07:04:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2007-11-26 20:11:34 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
- C:\
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 01:10:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 1:13:18 - machine was rebooted
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:47 AM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Compaq_Owner\Desktop\fuzzybunny.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {044250FC-36C5-48B8-AB5C-692419D03883} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: (no name) - {1CCAE7CC-7709-43F2-A578-4D8B3D445186} - (no file)
O2 - BHO: (no name) - {1E57D3CF-F804-47B5-893B-774A50534055} - (no file)
O2 - BHO: (no name) - {24A59DCD-3E8F-43EA-83E3-F40234949A19} - (no file)
O2 - BHO: (no name) - {33628043-A4B2-4A2D-9840-D322BD02183E} - (no file)
O2 - BHO: {7a504058-c338-9eb9-bde4-611ae366e294} - {492e663e-a116-4edb-9be9-833c850405a7} - C:\WINDOWS\system32\xcsqqgoy.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {695FB7DE-B99A-493A-8661-347029E3685C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7EDA3C14-705C-44B1-B3B9-646C9DA9377A} - (no file)
O2 - BHO: (no name) - {8A0CDDD6-D1AD-423B-BCB1-BF51502D42D5} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A20BD310-872B-4D97-B35C-3DD4AD01362C} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {A96B3405-748E-4E4C-A6E8-492B47D7639B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WordPerfect Office 1215] "C:\Program Files\WordPerfect Office 12\Programs\Registration.exe" /title="WordPerfect Office 12" /date=121107 serial=<serial number removed>
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Search - ?p=ZNxdm117KLUS
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12380 bytes

Thanks for your time,
Manolo

Edited by silver, 01 December 2007 - 02:34 AM.
removed software serial numbers

Advertisements

Register to Remove

#2 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 01 December 2007 - 03:10 AM

Hi manolo bleu,

Your logs are looking a lot better, but there are a few things to take care of:

Temporarily disable Spy Sweeper

Open Spysweeper and click on Options->Program Options and uncheck Load at Windows Startup
On the left side click Shields and then uncheck everything there
Uncheck Home Page Shield
Uncheck Automatically restore default without notification
Exit the program

Temporarily disable Spyware Doctor
Open Spyware Doctor, click the OnGuard button on the left side, press Click to deactivate OnGuard and OK the prompt
OnGuard will now be deactivated for 15 minutes, either complete these instructions within that time or repeat this procedure

Check that ComboFix.exe is on your Desktop

Then open Notepad: press Start->Run, type notepad and click OK

Copy/paste the contents of the below code box into Notepad:

File::
C:\WINDOWS\system32\xcsqqgoy.dll
C:\WINDOWS\ALCXMNTR.EXE

Folder::
C:\Program Files\ContextTool

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{044250FC-36C5-48B8-AB5C-692419D03883}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CCAE7CC-7709-43F2-A578-4D8B3D445186}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E57D3CF-F804-47B5-893B-774A50534055}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24A59DCD-3E8F-43EA-83E3-F40234949A19}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33628043-A4B2-4A2D-9840-D322BD02183E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{492e663e-a116-4edb-9be9-833c850405a7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{695FB7DE-B99A-493A-8661-347029E3685C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EDA3C14-705C-44B1-B3B9-646C9DA9377A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A0CDDD6-D1AD-423B-BCB1-BF51502D42D5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A20BD310-872B-4D97-B35C-3DD4AD01362C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A96B3405-748E-4E4C-A6E8-492B47D7639B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Save this to your Desktop as CFScript.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

Note: Do not click ComboFix's window while it's running - it may cause it to stall!

Next, move HijackThis from the desktop to it's own folder:

Open My Computer, navigate to C:\ and make a new folder named HJT
Move the HijackThis.exe program file (fuzzybunny.exe) from your desktop to C:\HJT
If you wish to place a shortcut to HijackThis on your desktop, then right-click fuzzybunny.exe, select Send To and choose Desktop (create shortcut)

Now open HijackThis, select Open the Misc Tools section
Press the Open Uninstall Manager... button, then press Save list...
Save the Uninstall log to your Desktop and include a copy in your next response.
Now press Back and Scan and then Save log to create and save a new HijackThis log.

Once complete, please post the new ComboFix report, the uninstall list and a new HijackThis log.

ASAP & UNITE Member

#3 manolo bleu

New Member

New Member
7 posts

Posted 01 December 2007 - 11:57 AM

Thanks Silver- When i get off of work I will make the adjustments. (5pm cmt) P.s. How does one sign up to help. I feel like I am amost an expert with all the reading I have done. Were there any courses to tak?. I feel like I can offer a lot more besides a donation.

#4 manolo bleu

New Member

New Member
7 posts

Posted 01 December 2007 - 06:26 PM

Here yea go and thanks again for your time

ComboFix 07-11-29.3 - Compaq_Owner 2007-12-01 18:08:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.491 [GMT -6:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\xcsqqgoy.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ALCXMNTR.EXE
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-01 18:04 . 2007-12-01 18:04 <DIR> d-------- C:\HJT
2007-11-30 22:39 . 2007-12-01 17:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-30 22:39 . 2007-11-30 22:39 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-30 22:32 . 2007-11-30 22:33 <DIR> d-------- C:\Program Files\iTunes
2007-11-30 22:28 . 2007-11-30 22:29 <DIR> d-------- C:\Program Files\QuickTime
2007-11-27 21:36 . 2007-11-27 21:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-27 21:36 . 2007-11-27 21:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 21:36 . 2007-11-27 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-26 17:30 . 2007-11-26 17:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-26 14:11 . 2007-11-26 14:11 <DIR> d-------- C:\Program Files\Webroot
2007-11-26 14:11 . 2007-11-26 14:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-26 14:11 . 2007-11-26 14:11 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Webroot
2007-11-26 14:11 . 2007-11-26 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-26 14:11 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-11-26 14:08 . 2007-11-26 14:08 164 --a------ C:\install.dat
2007-11-26 13:31 . 2007-11-26 13:31 <DIR> d-------- C:\VundoFix Backups
2007-11-26 11:33 . 2007-08-08 20:02 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-11-26 11:32 . 2007-11-26 11:32 <DIR> d-------- C:\Program Files\Comodo
2007-11-26 10:57 . 2007-11-26 11:45 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-26 10:57 . 2007-11-26 10:57 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\PC Tools
2007-11-26 10:57 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-26 10:57 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-26 10:57 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-17 18:56 . 2007-11-17 20:04 428 --a------ C:\WINDOWS\wininit.ini
2007-11-16 23:34 . 2007-11-27 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-14 20:39 . 2007-11-14 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 04:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-01 04:33 --------- d-----w C:\Program Files\iPod
2007-11-28 07:04 --------- d-----w C:\Program Files\Java
2007-11-17 06:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 06:28 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-17 06:27 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks
2007-10-31 20:09 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-26 02:22 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Audacity
2007-10-18 06:16 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2006-04-28 02:20 24,192 ----a-w C:\Documents and Settings\Compaq_Owner\usbsermptxp.sys
2006-04-28 02:20 22,768 ----a-w C:\Documents and Settings\Compaq_Owner\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-29_ 1.10.52.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-01 04:33:54 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
+ 2007-10-31 20:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
+ 2007-09-06 18:28:16 30,336 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\usbaapl.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{044250FC-36C5-48B8-AB5C-692419D03883}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CCAE7CC-7709-43F2-A578-4D8B3D445186}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E57D3CF-F804-47B5-893B-774A50534055}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24A59DCD-3E8F-43EA-83E3-F40234949A19}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33628043-A4B2-4A2D-9840-D322BD02183E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{492e663e-a116-4edb-9be9-833c850405a7}]
C:\WINDOWS\system32\xcsqqgoy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{695FB7DE-B99A-493A-8661-347029E3685C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EDA3C14-705C-44B1-B3B9-646C9DA9377A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A0CDDD6-D1AD-423B-BCB1-BF51502D42D5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A20BD310-872B-4D97-B35C-3DD4AD01362C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A96B3405-748E-4E4C-A6E8-492B47D7639B}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-24 20:46]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-07-27 00:58]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-23 14:43]
"AlcxMonitor"="ALCXMNTR.EXE" []
"WordPerfect Office 1215"="C:\Program Files\WordPerfect Office 12\Programs\Registration.exe" [2004-03-08 07:36]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 12:26]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-11 21:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NewShortcut1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NewShortcut1.lnk
backup=C:\WINDOWS\pss\NewShortcut1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCSService]
2003-08-21 14:12 32768 --a------ C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 06:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Air Utility]
2003-09-03 15:49 3358720 --a------ C:\Program Files\D-Link\Air Utility\AirCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2005-07-27 00:58 405583 --a------ C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 06:38 241664 --a--c--- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-04 15:28 49152 --a--c--- C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 17:04 52736 --a------ c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IcoSet]
c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-11 21:02 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2003-09-12 21:13 98304 --a------ C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 21:43 233472 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-05-08 03:17 81920 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-01-24 20:46 171448 --a------ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlog]
winlog.exe

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R3 HidMouse;HidMouse;C:\WINDOWS\system32\Drivers\HidMouse.sys
S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-29 04:49:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-01 02:01:20 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2007-12-02 00:14:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 18:12:50
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-01 18:14:21
C:\ComboFix2.txt ... 2007-11-29 01:13
.
--- E O F ---

1Click DVD Copy Pro 2.1.0.5
Ad-Aware 2007
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS
Adobe Photoshop CS2
Adobe Reader 8.1.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Agere Systems PCI Soft Modem
Air Utility
ANIO Service
ANIWZCS Service
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.3 (Unicode)
Avex DVD to iPhone Video Suite (remove only)
CC_ccProxyMSI
CC_ccStart
ccCommon
ccCommon
Compaq Connections
Compaq Organize
Corel Paint Shop Pro X
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen Vision
DeductionPro 2006
DivX
DivX Player
DreamStation DXi2
DVD Flick
DVD43 v3.9.0
Fizz Software Fizz Monitor
FL Studio 5
FruityLoops v3.4
GoldWave v5.08
Google Toolbar for Internet Explorer
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Flat Panel Monitor INF Software 4.00
HP Image Zone 3.5
HP Mouse
HP PSC & OfficeJet 3.5
HP Software Update
I930 Nunlock
IA Caller ID for Smartphone
IntelliMover Data Transfer Demo
InterActual Player
Internet Worm Protection
InterVideo WinDVD Player
iTunes
Java™ 6 Update 3
KBD
LimeWire PRO 4.12.3
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
MAGIX music studio generation 6 deLuxe
MaxBlast 3
Microsoft .NET Framework 2.0
Microsoft ActiveSync 3.8
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
MSN Music Assistant
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
My Wal-Mart Digital Photo Center
Native Instruments - Traktor 1.06
NAVShortcut
Netflix Movie Viewer
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Personal Firewall
Norton Personal Firewall (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
PC-Doctor for Windows
Pdf995
PdfEdit995
PS2
Python 2.2 combined Win32 extensions
QuickTime
RAR Password Recovery v1.1 RC16 (remove only)
RealPlayer
ResumeMaker
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
SmartFeed
Sonic RecordNow!
SonicStage 2.1.00
SPBBC
Spy Sweeper
Spybot - Search & Destroy
Spyware Doctor 5.1
Symantec
TaxCut Premium 2006
The Print Shop® 6.0 Deluxe
Theme Generator V2
TurboTax Deluxe 2005
TurboTax ItsDeductible 2005
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Virtual DJ - Atomix Productions
Virtual Sound Canvas DXi
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WordPerfect Office 12

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:17 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\fuzzybunny.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WordPerfect Office 1215] "C:\Program Files\WordPerfect Office 12\Programs\Registration.exe" /title="WordPerfect Office 12" /date=121107 serial=WS12WTX-9999998-UYR
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Search - ?p=ZNxdm117KLUS
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11318 bytes

#5 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 01 December 2007 - 09:56 PM

Hi manolo bleu,

You are most welcome to join the Classroom here at WhatTheTech and learn to help others, you can use this link to apply:
http://www.whatthetech.com/classroom

You have LimeWire, a P2P file sharing program installed on your computer. This program does not come bundled with malware as some similar programs do, but peer-to-peer file sharing networks are one of the biggest sources of malware we see. Anything downloaded from them cannot be trusted to be clean, because even if the file appears to be what it claims to be, it can have malware embedded in it.
I recommend you remove it, but of course the choice is yours.
You can remove LimeWire PRO 4.12.3 via Start->Control Panel->Add/Remove Programs.

Check that ComboFix.exe is on your Desktop

Then open Notepad: press Start->Run, type notepad and click OK

Copy/paste the contents of the below code box into Notepad:

KillAll::

Folder::
C:\Program Files\outlook

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{044250FC-36C5-48B8-AB5C-692419D03883}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CCAE7CC-7709-43F2-A578-4D8B3D445186}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E57D3CF-F804-47B5-893B-774A50534055}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24A59DCD-3E8F-43EA-83E3-F40234949A19}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33628043-A4B2-4A2D-9840-D322BD02183E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{492e663e-a116-4edb-9be9-833c850405a7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{695FB7DE-B99A-493A-8661-347029E3685C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EDA3C14-705C-44B1-B3B9-646C9DA9377A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A0CDDD6-D1AD-423B-BCB1-BF51502D42D5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A20BD310-872B-4D97-B35C-3DD4AD01362C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A96B3405-748E-4E4C-A6E8-492B47D7639B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlog]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]

Save this to your Desktop as CFScript.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

Note: Do not click ComboFix's window while it's running - it may cause it to stall!

Once ComboFix has finished, please immediately reboot your computer.

Once your computer has rebooted, press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:

cmd /c dir /a /s c:\winlog.exe >> "%userprofile%\desktop\look.txt"

A black box will open and a file will appear on your Desktop called look.txt. Please wait until the black box closes before opening look.txt. Post the contents of look.txt in your next response.

Once complete, please post the latest ComboFix report (located here: C:\ComboFix.txt), the look.txt output and a new HijackThis log.

Edited by silver, 01 December 2007 - 09:58 PM.

ASAP & UNITE Member

#6 manolo bleu

New Member

New Member
7 posts

Posted 01 December 2007 - 11:51 PM

ok sry for delay

ComboFix 07-11-29.3 - Compaq_Owner 2007-12-01 22:45:29.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.521 [GMT -6:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-01 18:04 . 2007-12-01 18:21 <DIR> d-------- C:\HJT
2007-11-30 22:39 . 2007-12-01 17:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-30 22:39 . 2007-11-30 22:39 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-30 22:32 . 2007-11-30 22:33 <DIR> d-------- C:\Program Files\iTunes
2007-11-30 22:28 . 2007-11-30 22:29 <DIR> d-------- C:\Program Files\QuickTime
2007-11-27 21:36 . 2007-11-27 21:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-27 21:36 . 2007-11-27 21:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 21:36 . 2007-11-27 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-26 17:30 . 2007-11-26 17:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-26 14:11 . 2007-11-26 14:11 <DIR> d-------- C:\Program Files\Webroot
2007-11-26 14:11 . 2007-11-26 14:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-26 14:11 . 2007-11-26 14:11 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Webroot
2007-11-26 14:11 . 2007-11-26 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-26 14:11 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-11-26 14:08 . 2007-11-26 14:08 164 --a------ C:\install.dat
2007-11-26 13:31 . 2007-11-26 13:31 <DIR> d-------- C:\VundoFix Backups
2007-11-26 11:33 . 2007-08-08 20:02 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-11-26 11:32 . 2007-11-26 11:32 <DIR> d-------- C:\Program Files\Comodo
2007-11-26 10:57 . 2007-11-26 11:45 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-26 10:57 . 2007-11-26 10:57 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\PC Tools
2007-11-26 10:57 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-26 10:57 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-26 10:57 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-17 18:56 . 2007-11-17 20:04 428 --a------ C:\WINDOWS\wininit.ini
2007-11-16 23:34 . 2007-11-27 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-14 20:39 . 2007-11-14 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 04:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-01 04:33 --------- d-----w C:\Program Files\iPod
2007-11-28 07:04 --------- d-----w C:\Program Files\Java
2007-11-17 06:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 06:28 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-17 06:27 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks
2007-10-31 20:09 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-26 02:22 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Audacity
2007-10-18 06:16 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2006-04-28 02:20 24,192 ----a-w C:\Documents and Settings\Compaq_Owner\usbsermptxp.sys
2006-04-28 02:20 22,768 ----a-w C:\Documents and Settings\Compaq_Owner\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-29_ 1.10.52.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-01 04:33:54 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
+ 2007-10-31 20:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
+ 2007-09-06 18:28:16 30,336 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\usbaapl.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-24 20:46]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-07-27 00:58]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-23 14:43]
"AlcxMonitor"="ALCXMNTR.EXE" []
"WordPerfect Office 1215"="C:\Program Files\WordPerfect Office 12\Programs\Registration.exe" [2004-03-08 07:36]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 12:26]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-11 21:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NewShortcut1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NewShortcut1.lnk
backup=C:\WINDOWS\pss\NewShortcut1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCSService]
2003-08-21 14:12 32768 --a------ C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 06:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Air Utility]
2003-09-03 15:49 3358720 --a------ C:\Program Files\D-Link\Air Utility\AirCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2005-07-27 00:58 405583 --a------ C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 06:38 241664 --a--c--- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-04 15:28 49152 --a--c--- C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 17:04 52736 --a------ c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IcoSet]
c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-11 21:02 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2003-09-12 21:13 98304 --a------ C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 21:43 233472 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-05-08 03:17 81920 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-01-24 20:46 171448 --a------ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlog]
winlog.exe

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R3 HidMouse;HidMouse;C:\WINDOWS\system32\Drivers\HidMouse.sys
S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
S3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-29 04:49:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-01 02:01:20 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2007-12-02 04:49:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 22:50:35
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-01 22:52:02
C:\ComboFix2.txt ... 2007-12-01 18:14
C:\ComboFix3.txt ... 2007-11-29 01:13
.
--- E O F ---

This was all that was in the look.txt on my desktop

Volume in drive C is PRESARIO
Volume Serial Number is 50D4-DE6D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:33 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\fuzzybunny.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WordPerfect Office 1215] "C:\Program Files\WordPerfect Office 12\Programs\Registration.exe" /title="WordPerfect Office 12" /date=121107 serial=WS12WTX-9999998-UYR
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11059 bytes

#7 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 02 December 2007 - 01:20 AM

Hi manolo bleu,

Temporarily disable Spy Sweeper

Open Spysweeper and click on Options->Program Options and uncheck Load at Windows Startup
On the left side click Shields and then uncheck everything there
Uncheck Home Page Shield
Uncheck Automatically restore default without notification
Exit the program

Temporarily disable Spyware Doctor
Open Spyware Doctor, click the OnGuard button on the left side, press Click to deactivate OnGuard and OK the prompt

Then, open HijackThis, choose Do a system scan only and place a checkmark next to the following line:

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

Backup Your Registry with ERUNT:

Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe

Open Notepad: press Start->Run, type notepad into the box and press OK
Copy/paste the following quote box into Notepad. Before starting select Format from the top menu and make sure Word Wrap is NOT checked.

@echo off
reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr" /f
reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor" /f
reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin" /f
reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook" /f
reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlog" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v AlcxMonitor /f
reg export "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg" "%userprofile%\desktop\startupreg.txt"

Go to the menu at the top of the Notepad File and Save as
Save it to your Desktop as "runme.bat" (you MUST include the quotes)
Locate runme.bat on your Desktop and double-click it. A black box should open and close after a short time, this is normal. Another text file should appear on your Desktop called startupreg.txt, do not open it until the black box has closed. Post the contents of this file in your next response.

------------------------------------------------------------------------

Next please do an online scan:
Open the ESET Online Scanner in Internet Explorer

Tick the box next to YES, I accept the Terms of Use. and click Start
Allow the ActiveX control to be installed by Internet Explorer
Once the ActiveX has finished loading click Start to initialize and update the scanner
When the Computer scan screen appears, leave Remove found threats UN-checked, but check the box next to Scan unwanted applications. Then click Scan to begin the scan.
Once complete and the summary page appears, press Start->Run, copy/paste the following command into the box and press OK:

notepad "C:\Program Files\EsetOnlineScanner\log.txt"
The log file should now appear in Notepad, copy and paste the contents in your next response.

------------------------------------------------------------------------

Once complete, please post the startupreg.txt output, the ESET log and a new HijackThis log.

ASAP & UNITE Member

#8 manolo bleu

New Member

New Member
7 posts

Posted 02 December 2007 - 01:41 PM

Ok here we go...

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCWZRD"
"hkey"="HKLM"
"command"="ALCWZRD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCSService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WZCSLDR"
"hkey"="HKLM"
"command"="C:\\Program Files\\Alpha Networks\\ANIWZCS Service\\WZCSLDR.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDetect"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Air Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AirCFG"
"hkey"="HKLM"
"command"="C:\\Program Files\\D-Link\\Air Utility\\AirCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\windows\\system\\hpsysdrv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IcoSet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="adjust"
"hkey"="HKLM"
"command"="c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\IcoSet\\adjust.bat seticon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KBD"
"hkey"="HKLM"
"command"="C:\\HP\\KBD\\KBD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ps2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SsAAD"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTTimer"
"hkey"="HKLM"
"command"="VTTimer.exe"
"inimapping"="0"

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2697 (20071202)
# vers_arch_module=1.059 (20071108)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=4f9a0579cf27b84b8263edf56ab6913a
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2007-12-02 06:58:46
# local_time=2007-12-02 12:58:46 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=497353
# found=18
# scan_time=9158
C:\!KillBox\mlljk.dll Win32/Adware.Virtumonde.FP application 9EE2FC4D5512F1650DBF49549A494458
C:\!KillBox\mlljk.dll( 1) Win32/Adware.Virtumonde.FP application 9EE2FC4D5512F1650DBF49549A494458
C:\!KillBox\mlljk.dll( 2) Win32/Adware.Virtumonde.FP application 9EE2FC4D5512F1650DBF49549A494458
C:\!KillBox\mlljk.dll( 3) Win32/Adware.Virtumonde.FP application 9EE2FC4D5512F1650DBF49549A494458
C:\!KillBox\mlljk.dll( 4) Win32/Adware.Virtumonde.FP application 9EE2FC4D5512F1650DBF49549A494458
C:\!KillBox\mlljk.dll( 5) Win32/Adware.Virtumonde.FP application 9EE2FC4D5512F1650DBF49549A494458
C:\Documents and Settings\Compaq_Owner\My Documents\930\decert3.exe Win32/PowerSpider.U trojan DFA8CC1FE1099C2C00A44021D51195CD
C:\Program Files\Nunlock\Decert3\decert3.exe Win32/PowerSpider.U trojan DFA8CC1FE1099C2C00A44021D51195CD
C:\qoobox\Quarantine\catchme2007-11-29_ 10929.20.zip Win32/Adware.Virtumonde.FP application F88E01D55A0A39C24A72416B2648215A
C:\qoobox\Quarantine\catchme2007-11-29_ 10929.20.zip »ZIP »mlljk.dll Win32/Adware.Virtumonde.FP application 00000000000000000000000000000000
C:\qoobox\Quarantine\C\WINDOWS\system32\ahlpnmuj.dll.vir Win32/Adware.Virtumonde application 27485B9DF921C54FC59C4E1A046FDD81
C:\qoobox\Quarantine\C\WINDOWS\system32\chupwgeb.dll.vir Win32/BHO.G trojan 6E68B6D2AFEBF34405855B528294BF8A
C:\qoobox\Quarantine\C\WINDOWS\system32\gdyadeli.dll.vir Win32/Adware.Virtumonde application 27485B9DF921C54FC59C4E1A046FDD81
C:\qoobox\Quarantine\C\WINDOWS\system32\gjdhmihv.dll.vir Win32/Adware.Virtumonde application 27485B9DF921C54FC59C4E1A046FDD81
C:\qoobox\Quarantine\C\WINDOWS\system32\jbpuvjbc.dll.vir Win32/Adware.Virtumonde application 27485B9DF921C54FC59C4E1A046FDD81
C:\qoobox\Quarantine\C\WINDOWS\system32\mtxrmhmm.dll.vir Win32/Adware.Virtumonde application 27485B9DF921C54FC59C4E1A046FDD81
C:\qoobox\Quarantine\C\WINDOWS\system32\owgwhptn.dll.vir Win32/Adware.Virtumonde application 27485B9DF921C54FC59C4E1A046FDD81
C:\qoobox\Quarantine\C\WINDOWS\system32\tmpqmksq.dll.vir Win32/Adware.Virtumonde application 27485B9DF921C54FC59C4E1A046FDD81

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:49 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\fuzzybunny.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WordPerfect Office 1215] "C:\Program Files\WordPerfect Office 12\Programs\Registration.exe" /title="WordPerfect Office 12" /date=121107 serial=WS12WTX-9999998-UYR
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11092 bytes

#9 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 02 December 2007 - 08:16 PM

Hi manolo bleu,

ESET has found some leftovers we need to clean, and it has also flagged a program called decert3(.exe) - do you know anything about this program?

Please upload a file for scanning:
Open http://virusscan.jotti.org/
Copy/paste this file and path into the white box at the top:

C:\Program Files\Nunlock\Decert3\decert3.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Note: If Jotti is busy, you can use VirusTotal instead.

Apart from the above and a little tidying up, things look pretty good - how is your machine running now?

ASAP & UNITE Member

#10 manolo bleu

New Member

New Member
7 posts

Posted 02 December 2007 - 09:50 PM

That's funny. Decert was a file I used on my old nextel i95. I'll scanthe file anyway but it is deffinatly a file I can live without. Other than that my comp feels like new.

#11 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 02 December 2007 - 10:10 PM

Hi manolo bleu,

I'm not sure it's actually malware, that's why I wanted you to upload it for checking - however if the program is not necessary then no need to upload - just delete it:
Please open My Documents, from there open the 930 folder and delete the program file decert3.exe
Then delete ComboFix.exe, startupreg.txt, runme.bat and bunny.exe (VirtumundoBeGone) from your Desktop

Then use Windows Explorer (right-click Start, select Explore) to find and delete the following folders:

C:\!KillBox
C:\qoobox

and the following file:

C:\Program Files\Nunlock\Decert3\decert3.exe

Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Press OK and Yes to confirm

Re-enable Spy Sweeper

Open Spysweeper and click on Options > Program Options and check Load at Windows Startup
On the left click Shields and then check everything there
Check Home Page Shield
Check Automatically restore default without notification
Exit the program

Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

------------------------------------------------------------------------

If all that went well I think your machine is clean of malware

here are some tips to help you keep it that way:

Operating system vulnerabilities can easily be exploited by malware so please ensure your operating system is automatically kept up to date by using Windows Update:
Go to Start->Control Panel->Automatic Updates
Select Automatic and select a suitable schedule

You have good protection software installed however please ensure it is kept up to date. Check that your antivirus and antispyware programs are set to automatically update themselves daily, and that your firewall is the latest version.

Spywareblaster is a free program which prevents the download and installation of Internet Explorer ActiveX based malware by immunizing your system against it. You can download Spywareblaster from here and a tutorial to help you get started is available here.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins orActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malware...pic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.

ASAP & UNITE Member

#12 manolo bleu

New Member

New Member
7 posts

Posted 03 December 2007 - 05:47 PM

Everything is perfect and I am eternally gratefull of your time and efforts. I am going to follow that link to those classes on my next day off and hope to be joining the team so that I can help others as you have helped me. Manolo

#13 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 03 December 2007 - 07:42 PM

You're most welcome

There are a lot of victims out there and not enough trained helpers so we all would like to see you on the team. Hopefully I'll see you around the classroom!

ASAP & UNITE Member

#14 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 06 December 2007 - 09:36 PM

Double post

Edited by silver, 06 December 2007 - 09:36 PM.

ASAP & UNITE Member

#15 silver

Malware Expert Emeritus

Authentic Member
2,994 posts

Posted 06 December 2007 - 09:36 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

ASAP & UNITE Member

Body Background

skin color theme