WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Closed] BASELINE

Started by obsessed , Nov 29 2007 01:03 AM

This topic is locked

11 replies to this topic

#1 obsessed

New Member

New Member
5 posts

Posted 29 November 2007 - 01:03 AM

my computer is infected with some sort of virus, i have internetspeed moniter when i access google, also when i search on google and click a link, it re-directs me to "pop up style" websites, my computer is VERY slow, java seems to kick off easy. Takes a long time to load, Internet speed moniter has alot of pop ups, Windows say that my virtual memory is full, not possible i dont have many things on here. Please help me im a newbie so im clueless on what to do!

Logfile of HijackThis v1.99.1
Scan saved at 1:59:01 AM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\CdaC14BA.exe
C:\WINDOWS\mmall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\The Weather Channel FW\Desktop

Weather\DesktopWeather.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\QdrPack\QdrPack9.exe
C:\Program Files\QdrModule\QdrModule9.exe
C:\WINDOWS\mmall.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\RegSweep\RegSweep.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\mmc2.bin
C:\Program Files\AIM6\anotify.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.jdmuniver...rums/usercp.php
F3 - REG:win.ini: run=C:\WINDOWS\mmall.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-

2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {86B87FE6-8EE2-4BCE-BEDB-483A9F2D42AE} -

C:\WINDOWS\system32\dmstyl.dll
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}

- C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-

CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2}

- C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-

905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-

8EC26069D6F4} - C:\Program

Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1

\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1

\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program

Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba

Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and

Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA

Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1

\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] C:\Program

Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [RealTray] C:\Program

Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OASClnt] C:\Program

Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RegSweep] C:\Program Files\RegSweep\RegSweep.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [Metamail Inc] C:\WINDOWS\CdaC14BA.exe
O4 - HKLM\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program

Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!

\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel

FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program

Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe"
O4 - HKCU\..\Run: [QdrModule9] "C:\Program

Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d

locale=en-US ee://aol/imApp
O4 - Startup: LimeWire On Startup.lnk = C:\Program

Files\LimeWire\LimeWire.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-

2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-

4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-

0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-

B5C9-0050045C3C96} - C:\Program Files\Yahoo!

\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF:

START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

Installer Class) -

http://acs.pandasoft...free/asinst.cab
O20 - AppInit_DLLs: dplaysvr.dll
O21 - SSODL: sMXWGVukbX - {606A9EA5-CAC0-340F-EE61-6D5A79CB5224} -

C:\WINDOWS\system32\mzf.dll
O21 - SSODL: E404Helper - {c70357af-15fb-4214-9435-3beca9a19647} -

e404d.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner -

C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32

\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION -

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co.,

Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -

c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -

McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Swupdtmr - Unknown owner -

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. -

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

C:\Program Files\Viewpoint\Common\ViewpointService.exe

Edited by obsessed, 29 November 2007 - 11:51 PM.

Advertisements

Register to Remove

#2 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 30 November 2007 - 10:47 AM

Hi! Welcome to the WTT forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.

You have word wrap turned on, this is making your logs difficult to read
Run notepad
Goto Format and untick Word Wrap

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

You too could train to help others- Join the Classroom

#3 obsessed

New Member

New Member
5 posts

Posted 01 December 2007 - 01:35 AM

thank you so much for helping me out i think i got whatcha need.... i think i undid the word wrap thing too Adobe Flash Player ActiveX Adobe Reader 7.0 AIM 6 Atheros Client Utility Atheros Wireless LAN MiniPCI card Driver ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver CD/DVD Drive Acoustic Silencer Cda Product Service - shared component DesignWorkshop Lite Digimax Master DVD-RAM Driver Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB888111 Hijackthis 1.99.1 HijackThis 1.99.1 Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows Media Format SDK (KB910998) Hotfix for Windows XP (KB893357) Hotfix for Windows XP (KB894871) Hotfix for Windows XP (KB895200) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB935448) Internet Speed Monitor InterVideo WinDVD for TOSHIBA J2SE Runtime Environment 5.0 Update 4 Java™ 6 Update 2 Java™ 6 Update 3 LimeWire 4.10.9 Macromedia Flash Player 8 McAfee SecurityCenter McAfee VirusScan Metamail (Toshiba Registration Utility) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs MySpaceIM Office 2003 Trial Assistant Panda ActiveScan QuickTime RealPlayer Basic REALTEK Gigabit and Fast Ethernet NIC Driver Realtek High Definition Audio Driver RegCure 1.3.0.2 RegistrySmart RegSweep Samsung USB Driver Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB943460) Sonic DLA Sonic RecordNow! Synaptics Pointing Device Driver The Weather Channel Desktop TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Controls TOSHIBA Hotkey Utility TOSHIBA PC Diagnostic Tool TOSHIBA Power Saver TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA TouchPad ON/Off Utility TOSHIBA Utilities TOSHIBA Virtual Sound TOSHIBA Zooming Utility Touch and Launch Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Viewpoint Media Player Weather Services Windows Defender Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB884018 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893056 Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger

#4 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 01 December 2007 - 10:11 AM

Hi

WeatherBug is a system tray icon that offers weather information and includes built-in ads. WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com). There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is â€˜spywareâ€™, and by the definition used here, it is not, as it does not leak information back to its controlling servers. However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster. This makes it â€˜unsolicitedâ€™, and since it is installed to raise money for its creators through the built-in ads it is certainly â€˜commercialâ€™. So it does meet the definition for â€˜parasiteâ€™: unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately. WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.

I recommend that you uninstall WeatherBugand choose one of these alternatives:
Weather Pulse
Weather Watcher
or
Get mozilla Firefox and then get FORECASTFOX!!!
or check the weather at these websites:
Weather Street: US Weather
Intellicast
To uninstall WeatherBug:

Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight WeatherBug, click Remove.
Close the Add or Remove Programs and the Control Panel windows.

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto‑updating for the Viewpoint Manager ‑‑ the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight Viewpoint Media Player, click Remove.

Delete the older versions of Java.
Please follow these steps to remove older version Java components.

Close any programmes you may have running, ESPECIALLY your web browser
Click Start > Control Panel.
Click Add/Remove Programs.
Check this item J2SE Runtime Environment 5.0 Update 4.
Click the Remove or Change/Remove button.
Repeat for this version Java™ 6 Update 2.
Reboot your computer once the Java components are removed.

Do not remove Java™ 6 Update 3, that is the latest version

Download and Save ComboFix

Download this file from below:

Here
Save it to your Desktop.
Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
Click Start>Run copy/paste or type "%userprofile%\desktop\combofix.exe" /killall into the Run box and click OK.
When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.

Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task-Manager use the Processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply post:
ComboFix.txt
New HijackThis log taken after the above scan has run

You too could train to help others- Join the Classroom

#5 obsessed

New Member

New Member
5 posts

Posted 02 December 2007 - 01:56 AM

okay, i think i got it all, here is the combo fix....

ComboFix 07-12-02.5 - Jarrod 2007-12-01 2:33:24.1 - NTFSx86
Running from: C:\Documents and Settings\Jarrod\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\D.tmp
C:\Documents and Settings\Jarrod\Application Data\install_en[1].exe
C:\Documents and Settings\Jarrod\Application Data\macromedia\Flash Player\#SharedObjects\GZEXBUGL\www.broadcaster.com
C:\Documents and Settings\Jarrod\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Jarrod\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Jarrod\Local Settings\Application Data.\n.ini
C:\Documents and Settings\Jarrod\Local Settings\Application Data\n.ini
C:\Documents and Settings\Jarrod\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Jarrod\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Jarrod\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Santanna\Application Data\macromedia\Flash Player\#SharedObjects\Y9A9FJ72\www.broadcaster.com
C:\Documents and Settings\Santanna\Application Data\macromedia\Flash Player\#SharedObjects\Y9A9FJ72\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Santanna\Application Data\macromedia\Flash Player\#SharedObjects\Y9A9FJ72\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Santanna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Santanna\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\E.tmp
C:\F.tmp
C:\Program Files\ComPlus Applications\mevoxuj83122.dll
C:\Program Files\ISM
C:\Program Files\ISM\archupd.exe
C:\Program Files\ISM\BndDrive6.dll
C:\Program Files\ISM\BndDrive7.dll
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\ISM2
C:\Program Files\ISM2\cringupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\License_Manager
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule9.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack10.exe
C:\Program Files\QdrPack\QdrPack9.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\QdrPack\zhydupd.exe
C:\Program Files\sstem3~1
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\temp\tn3
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\a1
C:\WINDOWS\system32\a1\dnslook11.exe
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\dmstyl.dll
C:\WINDOWS\system32\drivers\najwequn.dat
C:\WINDOWS\system32\g2
C:\WINDOWS\system32\g2\bemwdll3.exe
C:\WINDOWS\system32\i2
C:\WINDOWS\system32\i2\mper83122.exe
C:\WINDOWS\system32\n8
C:\WINDOWS\system32\n8\ensts2dll.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rMa13yy
C:\WINDOWS\system32\rMa13yy\rMa13yy2218.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DRIVER
-------\LEGACY_VFIRQRPI
-------\vfirqrpi

((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-01 02:31 . 2007-12-01 02:31 3,103 --a------ C:\WINDOWS\428-3-645TX.jpg
2007-12-01 02:21 . 2007-12-01 02:21 2,969 --a------ C:\WINDOWS\424-nre4rc.jpg
2007-12-01 02:21 . 2007-12-01 02:21 2,747 --a------ C:\WINDOWS\427-Jpwzsz.jpg
2007-12-01 02:21 . 2007-12-01 02:21 2,555 --a------ C:\WINDOWS\423-wKH8.jpg
2007-12-01 02:21 . 2007-12-01 02:21 2,508 --a------ C:\WINDOWS\425-2pVc6.jpg
2007-12-01 02:21 . 2007-12-01 02:21 2,180 --a------ C:\WINDOWS\426-BuL.jpg
2007-12-01 02:20 . 2007-12-01 02:20 3,184 --a------ C:\WINDOWS\419-B-pV68A.jpg
2007-12-01 02:20 . 2007-12-01 02:20 3,035 --a------ C:\WINDOWS\422-rTyK8.jpg
2007-12-01 02:20 . 2007-12-01 02:20 2,996 --a------ C:\WINDOWS\420-u4VT3p.jpg
2007-12-01 02:20 . 2007-12-01 02:20 2,156 --a------ C:\WINDOWS\421-4pLsL.jpg
2007-12-01 02:19 . 2007-12-01 02:19 3,420 --a------ C:\WINDOWS\417-6FwF88.jpg
2007-12-01 02:19 . 2007-12-01 02:19 3,420 --a------ C:\WINDOWS\416-dXdw4n.jpg
2007-12-01 02:19 . 2007-12-01 02:19 2,317 --a------ C:\WINDOWS\418-2pz7.jpg
2007-12-01 02:18 . 2007-12-01 02:18 3,457 --a------ C:\WINDOWS\415-68MHw.jpg
2007-12-01 02:18 . 2007-12-01 02:18 3,456 --a------ C:\WINDOWS\413-K3F7-GwA.jpg
2007-12-01 02:18 . 2007-12-01 02:18 2,955 --a------ C:\WINDOWS\414-sdzMy2.jpg
2007-12-01 02:18 . 2007-12-01 02:18 2,278 --a------ C:\WINDOWS\412-yLnzc.jpg
2007-12-01 02:17 . 2007-12-01 02:17 3,185 --a------ C:\WINDOWS\408-JJLuJ7.jpg
2007-12-01 02:17 . 2007-12-01 02:17 3,173 --a------ C:\WINDOWS\409-Xn-c4cX.jpg
2007-12-01 02:17 . 2007-12-01 02:17 2,840 --a------ C:\WINDOWS\407-3eGwc.jpg
2007-12-01 02:17 . 2007-12-01 02:17 2,656 --a------ C:\WINDOWS\405-3rzcG.jpg
2007-12-01 02:17 . 2007-12-01 02:17 2,559 --a------ C:\WINDOWS\406-y-7cV.jpg
2007-12-01 02:17 . 2007-12-01 02:17 2,440 --a------ C:\WINDOWS\410-8e6u4.jpg
2007-12-01 02:17 . 2007-12-01 02:17 2,266 --a------ C:\WINDOWS\411-X64H.jpg
2007-12-01 02:16 . 2007-12-01 02:16 3,253 --a------ C:\WINDOWS\399-GH7LpK.jpg
2007-12-01 02:16 . 2007-12-01 02:16 3,049 --a------ C:\WINDOWS\398-HT3r7d.jpg
2007-12-01 02:16 . 2007-12-01 02:16 2,933 --a------ C:\WINDOWS\396-n4dyK.jpg
2007-12-01 02:16 . 2007-12-01 02:16 2,908 --a------ C:\WINDOWS\403-nrepnu6.jpg
2007-12-01 02:16 . 2007-12-01 02:16 2,835 --a------ C:\WINDOWS\395-BBc-yX.jpg
2007-12-01 02:16 . 2007-12-01 02:16 2,668 --a------ C:\WINDOWS\401-T7r7AF.jpg
2007-12-01 02:16 . 2007-12-01 02:16 2,582 --a------ C:\WINDOWS\397-XJsA2.jpg
2007-12-01 02:16 . 2007-12-01 02:16 2,481 --a------ C:\WINDOWS\400-3yw7.jpg
2007-12-01 02:16 . 2007-12-01 02:16 2,246 --a------ C:\WINDOWS\404-Xc7.jpg
2007-12-01 02:16 . 2007-12-01 02:16 2,050 --a------ C:\WINDOWS\402-F7dz.jpg
2007-12-01 02:15 . 2007-12-01 02:15 3,610 --a------ C:\WINDOWS\393-TwAw8G.jpg
2007-12-01 02:15 . 2007-12-01 02:15 3,166 --a------ C:\WINDOWS\389-4MV3d5.jpg
2007-12-01 02:15 . 2007-12-01 02:15 3,138 --a------ C:\WINDOWS\392-cVrwKG.jpg
2007-12-01 02:15 . 2007-12-01 02:15 2,668 --a------ C:\WINDOWS\394-d6sd-p.jpg
2007-12-01 02:15 . 2007-12-01 02:15 2,289 --a------ C:\WINDOWS\390-64F2.jpg
2007-12-01 02:15 . 2007-12-01 02:15 2,287 --a------ C:\WINDOWS\391-p4cz4.jpg
2007-12-01 02:14 . 2007-12-01 02:14 3,558 --a------ C:\WINDOWS\380-dLyBrp6.jpg
2007-12-01 02:14 . 2007-12-01 02:14 3,244 --a------ C:\WINDOWS\387-7MuwHs.jpg
2007-12-01 02:14 . 2007-12-01 02:14 3,215 --a------ C:\WINDOWS\386-VrT8BL.jpg
2007-12-01 02:14 . 2007-12-01 02:14 2,751 --a------ C:\WINDOWS\388-88rrsz.jpg
2007-12-01 02:14 . 2007-12-01 02:14 2,471 --a------ C:\WINDOWS\383-s-75zw.jpg
2007-12-01 02:14 . 2007-12-01 02:14 2,412 --a------ C:\WINDOWS\381-7drd.jpg
2007-12-01 02:14 . 2007-12-01 02:14 2,212 --a------ C:\WINDOWS\382-3pT7.jpg
2007-12-01 02:14 . 2007-12-01 02:14 2,180 --a------ C:\WINDOWS\385-cBcM.jpg
2007-12-01 02:14 . 2007-12-01 02:14 1,757 --a------ C:\WINDOWS\384-4737.jpg
2007-12-01 02:12 . 2007-12-01 02:12 3,430 --a------ C:\WINDOWS\362-pM3r6n.jpg
2007-12-01 02:12 . 2007-12-01 02:12 3,201 --a------ C:\WINDOWS\365-V3GJes.jpg
2007-12-01 02:12 . 2007-12-01 02:12 3,026 --a------ C:\WINDOWS\364-F75Gu.jpg
2007-12-01 02:12 . 2007-12-01 02:12 2,882 --a------ C:\WINDOWS\367-cpB7p7.jpg
2007-12-01 02:12 . 2007-12-01 02:12 2,867 --a------ C:\WINDOWS\363-GepMr.jpg
2007-12-01 02:12 . 2007-12-01 02:12 2,706 --a------ C:\WINDOWS\358-uJ4rre7.jpg
2007-12-01 02:12 . 2007-12-01 02:12 2,656 --a------ C:\WINDOWS\360-uuFr.jpg
2007-12-01 02:12 . 2007-12-01 02:12 2,566 --a------ C:\WINDOWS\357-32Bc.jpg
2007-12-01 02:12 . 2007-12-01 02:12 2,463 --a------ C:\WINDOWS\359-3uA6w.jpg
2007-12-01 02:12 . 2007-12-01 02:12 2,458 --a------ C:\WINDOWS\366-cw----uA.jpg
2007-12-01 02:12 . 2007-12-01 02:12 2,325 --a------ C:\WINDOWS\361-Hu4B4.jpg
2007-12-01 02:11 . 2007-12-01 02:11 3,182 --a------ C:\WINDOWS\349-Gw67B-G.jpg
2007-12-01 02:11 . 2007-12-01 02:11 3,111 --a------ C:\WINDOWS\348-5Xedd.jpg
2007-12-01 02:11 . 2007-12-01 02:11 2,726 --a------ C:\WINDOWS\353-Gec4.jpg
2007-12-01 02:11 . 2007-12-01 02:11 2,695 --a------ C:\WINDOWS\351-BV2yw.jpg
2007-12-01 02:11 . 2007-12-01 02:11 2,535 --a------ C:\WINDOWS\352-ep4V7.jpg
2007-12-01 02:11 . 2007-12-01 02:11 2,358 --a------ C:\WINDOWS\355-d7M.jpg
2007-12-01 02:11 . 2007-12-01 02:11 2,217 --a------ C:\WINDOWS\354-wd37.jpg
2007-12-01 02:11 . 2007-12-01 02:11 2,037 --a------ C:\WINDOWS\350-dBw-d.jpg
2007-12-01 02:11 . 2007-12-01 02:11 1,960 --a------ C:\WINDOWS\356-zrA.jpg
2007-12-01 02:10 . 2007-12-01 02:10 3,490 --a------ C:\WINDOWS\343-dp5--7Tw.jpg
2007-12-01 02:10 . 2007-12-01 02:10 3,442 --a------ C:\WINDOWS\347-nT2r6.jpg
2007-12-01 02:10 . 2007-12-01 02:10 3,202 --a------ C:\WINDOWS\338-dBHH.jpg
2007-12-01 02:10 . 2007-12-01 02:10 3,123 --a------ C:\WINDOWS\341-pB4MB.jpg
2007-12-01 02:10 . 2007-12-01 02:10 3,118 --a------ C:\WINDOWS\346-FL36ny.jpg
2007-12-01 02:10 . 2007-12-01 02:10 2,675 --a------ C:\WINDOWS\344-84Hy7.jpg
2007-12-01 02:10 . 2007-12-01 02:10 2,664 --a------ C:\WINDOWS\345-5z73wL.jpg
2007-12-01 02:10 . 2007-12-01 02:10 2,489 --a------ C:\WINDOWS\340-drs3K.jpg
2007-12-01 02:10 . 2007-12-01 02:10 2,365 --a------ C:\WINDOWS\342-wM4K.jpg
2007-12-01 02:10 . 2007-12-01 02:10 1,917 --a------ C:\WINDOWS\339-uTc4.jpg
2007-12-01 02:09 . 2007-12-01 02:09 3,543 --a------ C:\WINDOWS\335-45w8ds.jpg
2007-12-01 02:09 . 2007-12-01 02:09 3,276 --a------ C:\WINDOWS\334-4py3Xy.jpg
2007-12-01 02:09 . 2007-12-01 02:09 2,844 --a------ C:\WINDOWS\337-eTurnF.jpg
2007-12-01 02:09 . 2007-12-01 02:09 2,679 --a------ C:\WINDOWS\331-5Bw8J.jpg
2007-12-01 02:09 . 2007-12-01 02:09 2,633 --a------ C:\WINDOWS\332-44srB6.jpg
2007-12-01 02:09 . 2007-12-01 02:09 2,500 --a------ C:\WINDOWS\330-VKc6.jpg
2007-12-01 02:09 . 2007-12-01 02:09 2,462 --a------ C:\WINDOWS\333-nn7K2r.jpg
2007-12-01 02:09 . 2007-12-01 02:09 2,130 --a------ C:\WINDOWS\336-we52.jpg
2007-12-01 02:09 . 2007-12-01 02:09 1,799 --a------ C:\WINDOWS\329-2srr.jpg
2007-12-01 02:08 . 2007-12-01 02:08 3,229 --a------ C:\WINDOWS\322-BB64c.jpg
2007-12-01 02:08 . 2007-12-01 02:08 3,157 --a------ C:\WINDOWS\326-6HBr2y.jpg
2007-12-01 02:08 . 2007-12-01 02:08 2,845 --a------ C:\WINDOWS\325-edH88.jpg
2007-12-01 02:08 . 2007-12-01 02:08 2,675 --a------ C:\WINDOWS\327-5A77u.jpg
2007-12-01 02:08 . 2007-12-01 02:08 2,644 --a------ C:\WINDOWS\324-sJJs7r.jpg
2007-12-01 02:08 . 2007-12-01 02:08 2,116 --a------ C:\WINDOWS\321-TXA8.jpg
2007-12-01 02:08 . 2007-12-01 02:08 2,032 --a------ C:\WINDOWS\323-zcVs.jpg
2007-12-01 02:08 . 2007-12-01 02:08 2,013 --a------ C:\WINDOWS\328-Lz7--sd.jpg
2007-12-01 02:07 . 2007-12-01 02:07 3,322 --a------ C:\WINDOWS\312-zKVVez.jpg
2007-12-01 02:07 . 2007-12-01 02:07 3,269 --a------ C:\WINDOWS\316-u7s--yn.jpg
2007-12-01 02:07 . 2007-12-01 02:07 2,766 --a------ C:\WINDOWS\318-AzTK.jpg
2007-12-01 02:07 . 2007-12-01 02:07 2,699 --a------ C:\WINDOWS\320-en8nT.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 09:17 --------- d-----w C:\Program Files\RegSweep
2007-12-01 09:12 --------- d-----w C:\Program Files\Java
2007-12-01 09:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-01 09:06 --------- d-----w C:\Program Files\MySpace
2007-12-01 09:01 --------- d-----w C:\Program Files\The Weather Channel FW
2007-11-27 21:04 --------- d-----w C:\Program Files\LimeWire
2007-11-25 10:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-25 10:50 --------- d-----w C:\Program Files\Common Files\AOL
2007-09-06 09:14 2,416 ----a-w C:\Documents and Settings\Administrator\GetPaths.vbs
2007-03-31 08:16 1,708 ----a-w C:\Documents and Settings\Jarrod\Application Data\wklnhst.dat
2006-07-12 19:40 162 ----a-w C:\Documents and Settings\Jerry\Application Data\wklnhst.dat
2005-08-03 00:46 187,904 --sha-r C:\WINDOWS\SmFycm9k\asappsrv.dll
2005-08-03 00:58 293,888 --sha-r C:\WINDOWS\SmFycm9k\command.exe
2005-07-30 00:24 472 --sha-r C:\WINDOWS\SmFycm9k\mAIVwA64.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEADB2EC-7AEA-4374-A769-5A78817A6107}]
2007-11-29 19:38 523264 --a------ C:\WINDOWS\system32\tdlRMS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}]
2007-04-02 07:42 684032 --a------ C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}"= C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll [2007-04-02 07:42 684032]

[HKEY_CLASSES_ROOT\clsid\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}]
[HKEY_CLASSES_ROOT\ShopAtHome.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}]
[HKEY_CLASSES_ROOT\ShopAtHome.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}"= C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll [2007-04-02 07:42 684032]

[HKEY_CLASSES_ROOT\clsid\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}]
[HKEY_CLASSES_ROOT\ShopAtHome.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}]
[HKEY_CLASSES_ROOT\ShopAtHome.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 00:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 00:40]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 12:49]
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" []
"Microsoft all"="C:\WINDOWS\mmall.exe" [2007-11-21 00:47]
"QdrPack10"="C:\Program Files\QdrPack\QdrPack10.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 11:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 11:14 C:\WINDOWS\RTHDCPL.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 15:28]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 15:26]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 13:07]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 10:24]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-05-19 07:57]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 06:29 C:\WINDOWS\agrsmmsg.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 05:10]
"TPSMain"="TPSMain.exe" [2005-05-31 21:00 C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 10:52]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 16:13]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 17:37]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-11-04 20:10]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-04 20:10]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" []
"Metamail Inc"="C:\WINDOWS\CdaC14BA.exe" [2007-11-17 00:21]
"Microsoft all"="C:\WINDOWS\mmall.exe" [2007-11-21 00:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\Jarrod\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-02-16 13:55:37]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-11-04 19:20:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"sMXWGVukbX"= {606A9EA5-CAC0-340F-EE61-6D5A79CB5224} - C:\WINDOWS\system32\mzf.dll [2006-11-17 00:21 14848]
"E404Helper"= {c70357af-15fb-4214-9435-3beca9a19647} - e404d.dll [ ]

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 08:31:23 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.Jarrod.Runs RegistrySmart to optimize your registry.
"2007-12-01 08:31:02 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 02:43:24
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\tdlserv]
"ImagePath"="\??\globalroot\systemroot\system32\drivers\tdlserv.sys"
.
Completion time: 2007-12-02 2:46:14
.
--- E O F ---

()()()()()()()())()()()()()()()()()()()()()()()()(here is the hijackthis))()()()()()()()()()()()()()()(
Logfile of HijackThis v1.99.1
Scan saved at 11:52:38 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\CdaC14BA.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\mmall.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\mmgr.exe
C:\WINDOWS\mmregalka.exe
C:\WINDOWS\mmc2.bin
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jdmuniver...rums/usercp.php
F3 - REG:win.ini: run=C:\WINDOWS\mmall.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CEADB2EC-7AEA-4374-A769-5A78817A6107} - C:\WINDOWS\system32\tdlRMS.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [Metamail Inc] C:\WINDOWS\CdaC14BA.exe
O4 - HKLM\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [Microsoft all] C:\WINDOWS\mmall.exe
O4 - HKCU\..\Run: [QdrPack10] "C:\Program Files\QdrPack\QdrPack10.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O21 - SSODL: sMXWGVukbX - {606A9EA5-CAC0-340F-EE61-6D5A79CB5224} - C:\WINDOWS\system32\mzf.dll
O21 - SSODL: E404Helper - {c70357af-15fb-4214-9435-3beca9a19647} - e404d.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

#6 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 02 December 2007 - 04:41 PM

Hi Im just wondering if you know anything about these pictures in the Windows folder? example. C:\WINDOWS\428-3-645TX.jpg

You too could train to help others- Join the Classroom

#7 obsessed

New Member

New Member
5 posts

Posted 02 December 2007 - 11:51 PM

wow, captchas...i have no clue how that got there, i havent saved any. What does that mean? When i search google, then click on a link it directs me to annother page, i think internet speed monitor.

#8 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 03 December 2007 - 05:29 PM

Hi

Let's try deleting them all.

Remember to disconnect from the Internet and disable your anti-virus before carrying out the next instruction, and to reenable the anti-virus before reconnecting to the Internet

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text with your mouse and pressing Ctrl+C

File::
C:\WINDOWS\428-3-645TX.jpg
C:\WINDOWS\424-nre4rc.jpg
C:\WINDOWS\427-Jpwzsz.jpg
C:\WINDOWS\423-wKH8.jpg
C:\WINDOWS\425-2pVc6.jpg
C:\WINDOWS\426-BuL.jpg
C:\WINDOWS\419-B-pV68A.jpg
C:\WINDOWS\422-rTyK8.jpg
C:\WINDOWS\420-u4VT3p.jpg
C:\WINDOWS\421-4pLsL.jpg
C:\WINDOWS\417-6FwF88.jpg
C:\WINDOWS\416-dXdw4n.jpg
C:\WINDOWS\418-2pz7.jpg
C:\WINDOWS\415-68MHw.jpg
C:\WINDOWS\413-K3F7-GwA.jpg
C:\WINDOWS\414-sdzMy2.jpg
C:\WINDOWS\412-yLnzc.jpg
C:\WINDOWS\408-JJLuJ7.jpg
C:\WINDOWS\409-Xn-c4cX.jpg
C:\WINDOWS\407-3eGwc.jpg
C:\WINDOWS\405-3rzcG.jpg
C:\WINDOWS\406-y-7cV.jpg
C:\WINDOWS\410-8e6u4.jpg
C:\WINDOWS\411-X64H.jpg
C:\WINDOWS\399-GH7LpK.jpg
C:\WINDOWS\398-HT3r7d.jpg
C:\WINDOWS\396-n4dyK.jpg
C:\WINDOWS\403-nrepnu6.jpg
C:\WINDOWS\395-BBc-yX.jpg
C:\WINDOWS\401-T7r7AF.jpg
C:\WINDOWS\397-XJsA2.jpg
C:\WINDOWS\400-3yw7.jpg
C:\WINDOWS\404-Xc7.jpg
C:\WINDOWS\402-F7dz.jpg
C:\WINDOWS\393-TwAw8G.jpg
C:\WINDOWS\389-4MV3d5.jpg
C:\WINDOWS\392-cVrwKG.jpg
C:\WINDOWS\394-d6sd-p.jpg
C:\WINDOWS\390-64F2.jpg
C:\WINDOWS\391-p4cz4.jpg
C:\WINDOWS\380-dLyBrp6.jpg
C:\WINDOWS\387-7MuwHs.jpg
C:\WINDOWS\386-VrT8BL.jpg
C:\WINDOWS\388-88rrsz.jpg
C:\WINDOWS\383-s-75zw.jpg
C:\WINDOWS\381-7drd.jpg
C:\WINDOWS\382-3pT7.jpg
C:\WINDOWS\385-cBcM.jpg
C:\WINDOWS\384-4737.jpg
C:\WINDOWS\362-pM3r6n.jpg
C:\WINDOWS\365-V3GJes.jpg
C:\WINDOWS\364-F75Gu.jpg
C:\WINDOWS\367-cpB7p7.jpg
C:\WINDOWS\363-GepMr.jpg
C:\WINDOWS\358-uJ4rre7.jpg
C:\WINDOWS\360-uuFr.jpg
C:\WINDOWS\357-32Bc.jpg
C:\WINDOWS\359-3uA6w.jpg
C:\WINDOWS\366-cw----uA.jpg
C:\WINDOWS\361-Hu4B4.jpg
C:\WINDOWS\349-Gw67B-G.jpg
C:\WINDOWS\348-5Xedd.jpg
C:\WINDOWS\353-Gec4.jpg
C:\WINDOWS\351-BV2yw.jpg
C:\WINDOWS\352-ep4V7.jpg
C:\WINDOWS\355-d7M.jpg
C:\WINDOWS\354-wd37.jpg
C:\WINDOWS\350-dBw-d.jpg
C:\WINDOWS\356-zrA.jpg
C:\WINDOWS\343-dp5--7Tw.jpg
C:\WINDOWS\347-nT2r6.jpg
C:\WINDOWS\338-dBHH.jpg
C:\WINDOWS\341-pB4MB.jpg
C:\WINDOWS\346-FL36ny.jpg
C:\WINDOWS\344-84Hy7.jpg
C:\WINDOWS\345-5z73wL.jpg
C:\WINDOWS\340-drs3K.jpg
C:\WINDOWS\342-wM4K.jpg
C:\WINDOWS\339-uTc4.jpg
C:\WINDOWS\335-45w8ds.jpg
C:\WINDOWS\334-4py3Xy.jpg
C:\WINDOWS\337-eTurnF.jpg
C:\WINDOWS\331-5Bw8J.jpg
C:\WINDOWS\332-44srB6.jpg
C:\WINDOWS\330-VKc6.jpg
C:\WINDOWS\333-nn7K2r.jpg
C:\WINDOWS\336-we52.jpg
C:\WINDOWS\329-2srr.jpg
C:\WINDOWS\322-BB64c.jpg
C:\WINDOWS\326-6HBr2y.jpg
C:\WINDOWS\325-edH88.jpg
C:\WINDOWS\327-5A77u.jpg
C:\WINDOWS\324-sJJs7r.jpg
C:\WINDOWS\321-TXA8.jpg
C:\WINDOWS\323-zcVs.jpg
C:\WINDOWS\328-Lz7--sd.jpg
C:\WINDOWS\312-zKVVez.jpg
C:\WINDOWS\316-u7s--yn.jpg
C:\WINDOWS\318-AzTK.jpg
C:\WINDOWS\320-en8nT.jpg 
C:\WINDOWS\mmall.exe
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\CdaC14BA.exe
C:\WINDOWS\system32\mzf.dll

Folder::
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\WINDOWS\SmFycm9k
C:\Program Files\SelectRebates

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEADB2EC-7AEA-4374-A769-5A78817A6107}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}"=-
[-HKEY_CLASSES_ROOT\clsid\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}]
[-HKEY_CLASSES_ROOT\ShopAtHome.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}]
[-HKEY_CLASSES_ROOT\ShopAtHome.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}"=-
[-HKEY_CLASSES_ROOT\clsid\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}]
[-HKEY_CLASSES_ROOT\ShopAtHome.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}]
[-HKEY_CLASSES_ROOT\ShopAtHome.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QdrModule9"=-
"Microsoft all"=-
"QdrPack10"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmona"=-
"Metamail Inc"=-
"Microsoft all"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"sMXWGVukbX"=-
"E404Helper"= -
[-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\tdlserv]

Driver::
tdlserv

Go to the Notepad window and click Edit > Paste
Then click File > Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task-Manager use the Processes tab (press ctrl alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back in your next reply.

In your next reply post:
Report.txt
ComboFix.txt
New HJT log taken after the above scan has run

You too could train to help others- Join the Classroom

#9 obsessed

New Member

New Member
5 posts

Posted 05 December 2007 - 10:31 AM

report :

SDFix: Version 1.117

Run by Jarrod on Wed 12/05/2007 at 08:05 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\Jarrod\Desktop\Unused Desktop Shortcuts\Error Cleaner.url - Deleted
C:\Documents and Settings\Jarrod\Desktop\Unused Desktop Shortcuts\Privacy Protector.url - Deleted
C:\WINDOWS\system32\CatRoot\TMP91.tmp - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 08:14:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\x3688\x34c\x3688\x34c\1"
"DeviceDesc"="\x3688\x34c\x3688\x34c\1"
"ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"
"MFG"="\x574"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"c:\chipset and display.temp\sbdrv\smbus\smbusati.inf"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 7 Aug 2006 30,720 ...HR --- "C:\WINDOWS\CdaC13BA.EXE"
Mon 7 Aug 2006 112,128 ...HR --- "C:\WINDOWS\CdaC14BA.DLL"
Sun 24 Dec 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Finished!

cfscript:

ComboFix 07-12-02.5 - Jarrod 2007-12-04 22:14:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.79 [GMT -8:00]
Running from: C:\Documents and Settings\Jarrod\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jarrod\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\312-zKVVez.jpg
C:\WINDOWS\316-u7s--yn.jpg
C:\WINDOWS\318-AzTK.jpg
C:\WINDOWS\320-en8nT.jpg
C:\WINDOWS\321-TXA8.jpg
C:\WINDOWS\322-BB64c.jpg
C:\WINDOWS\323-zcVs.jpg
C:\WINDOWS\324-sJJs7r.jpg
C:\WINDOWS\325-edH88.jpg
C:\WINDOWS\326-6HBr2y.jpg
C:\WINDOWS\327-5A77u.jpg
C:\WINDOWS\328-Lz7--sd.jpg
C:\WINDOWS\329-2srr.jpg
C:\WINDOWS\330-VKc6.jpg
C:\WINDOWS\331-5Bw8J.jpg
C:\WINDOWS\332-44srB6.jpg
C:\WINDOWS\333-nn7K2r.jpg
C:\WINDOWS\334-4py3Xy.jpg
C:\WINDOWS\335-45w8ds.jpg
C:\WINDOWS\336-we52.jpg
C:\WINDOWS\337-eTurnF.jpg
C:\WINDOWS\338-dBHH.jpg
C:\WINDOWS\339-uTc4.jpg
C:\WINDOWS\340-drs3K.jpg
C:\WINDOWS\341-pB4MB.jpg
C:\WINDOWS\342-wM4K.jpg
C:\WINDOWS\343-dp5--7Tw.jpg
C:\WINDOWS\344-84Hy7.jpg
C:\WINDOWS\345-5z73wL.jpg
C:\WINDOWS\346-FL36ny.jpg
C:\WINDOWS\347-nT2r6.jpg
C:\WINDOWS\348-5Xedd.jpg
C:\WINDOWS\349-Gw67B-G.jpg
C:\WINDOWS\350-dBw-d.jpg
C:\WINDOWS\351-BV2yw.jpg
C:\WINDOWS\352-ep4V7.jpg
C:\WINDOWS\353-Gec4.jpg
C:\WINDOWS\354-wd37.jpg
C:\WINDOWS\355-d7M.jpg
C:\WINDOWS\356-zrA.jpg
C:\WINDOWS\357-32Bc.jpg
C:\WINDOWS\358-uJ4rre7.jpg
C:\WINDOWS\359-3uA6w.jpg
C:\WINDOWS\360-uuFr.jpg
C:\WINDOWS\361-Hu4B4.jpg
C:\WINDOWS\362-pM3r6n.jpg
C:\WINDOWS\363-GepMr.jpg
C:\WINDOWS\364-F75Gu.jpg
C:\WINDOWS\365-V3GJes.jpg
C:\WINDOWS\366-cw----uA.jpg
C:\WINDOWS\367-cpB7p7.jpg
C:\WINDOWS\380-dLyBrp6.jpg
C:\WINDOWS\381-7drd.jpg
C:\WINDOWS\382-3pT7.jpg
C:\WINDOWS\383-s-75zw.jpg
C:\WINDOWS\384-4737.jpg
C:\WINDOWS\385-cBcM.jpg
C:\WINDOWS\386-VrT8BL.jpg
C:\WINDOWS\387-7MuwHs.jpg
C:\WINDOWS\388-88rrsz.jpg
C:\WINDOWS\389-4MV3d5.jpg
C:\WINDOWS\390-64F2.jpg
C:\WINDOWS\391-p4cz4.jpg
C:\WINDOWS\392-cVrwKG.jpg
C:\WINDOWS\393-TwAw8G.jpg
C:\WINDOWS\394-d6sd-p.jpg
C:\WINDOWS\395-BBc-yX.jpg
C:\WINDOWS\396-n4dyK.jpg
C:\WINDOWS\397-XJsA2.jpg
C:\WINDOWS\398-HT3r7d.jpg
C:\WINDOWS\399-GH7LpK.jpg
C:\WINDOWS\400-3yw7.jpg
C:\WINDOWS\401-T7r7AF.jpg
C:\WINDOWS\402-F7dz.jpg
C:\WINDOWS\403-nrepnu6.jpg
C:\WINDOWS\404-Xc7.jpg
C:\WINDOWS\405-3rzcG.jpg
C:\WINDOWS\406-y-7cV.jpg
C:\WINDOWS\407-3eGwc.jpg
C:\WINDOWS\408-JJLuJ7.jpg
C:\WINDOWS\409-Xn-c4cX.jpg
C:\WINDOWS\410-8e6u4.jpg
C:\WINDOWS\411-X64H.jpg
C:\WINDOWS\412-yLnzc.jpg
C:\WINDOWS\413-K3F7-GwA.jpg
C:\WINDOWS\414-sdzMy2.jpg
C:\WINDOWS\415-68MHw.jpg
C:\WINDOWS\416-dXdw4n.jpg
C:\WINDOWS\417-6FwF88.jpg
C:\WINDOWS\418-2pz7.jpg
C:\WINDOWS\419-B-pV68A.jpg
C:\WINDOWS\420-u4VT3p.jpg
C:\WINDOWS\421-4pLsL.jpg
C:\WINDOWS\422-rTyK8.jpg
C:\WINDOWS\423-wKH8.jpg
C:\WINDOWS\424-nre4rc.jpg
C:\WINDOWS\425-2pVc6.jpg
C:\WINDOWS\426-BuL.jpg
C:\WINDOWS\427-Jpwzsz.jpg
C:\WINDOWS\428-3-645TX.jpg
C:\WINDOWS\CdaC14BA.exe
C:\WINDOWS\mmall.exe
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\mzf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\SelectRebates
C:\Program Files\SelectRebates\FFToolbar\chrome.manifest
C:\Program Files\SelectRebates\FFToolbar\chrome\content\options.js
C:\Program Files\SelectRebates\FFToolbar\chrome\content\options.xul
C:\Program Files\SelectRebates\FFToolbar\chrome\content\sahtoolbar.js
C:\Program Files\SelectRebates\FFToolbar\chrome\content\sahtoolbar.xul
C:\Program Files\SelectRebates\FFToolbar\chrome\locale\en-US\contents.rdf
C:\Program Files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.dtd
C:\Program Files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.properties
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\3rdParty.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\add-folderplus.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\add-plussign.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\alert-blue.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\alert-red.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\bluebar.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\dollarsign.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\FindWords.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\gripper.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\icon-magnifying.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\invite.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\invite2.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\my-blue.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\my-gray.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\my-green.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\my-red.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\Options.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\S.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\SAH-logotext.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\SAH-mainlogo-v1.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\SAH-mainlogo-v2.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\sahtoolbar.css
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\Search.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\shoppingcart.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\singleperson.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\star.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\thumb2.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\Thumbs.db
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\toolbar-images-ALL.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\Toolbar_HelpAndFeedback.png
C:\Program Files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
C:\Program Files\SelectRebates\FFToolbar\fftoolbar.reg
C:\Program Files\SelectRebates\FFToolbar\install.rdf
C:\Program Files\SelectRebates\SahImages\bg-gradient.gif
C:\Program Files\SelectRebates\SahImages\button-close.gif
C:\Program Files\SelectRebates\SahImages\sah-logopop.gif
C:\Program Files\SelectRebates\SelectAlerts.dat
C:\Program Files\SelectRebates\SelectRebates.ini
C:\Program Files\SelectRebates\SelectRebatesA.dat
C:\Program Files\SelectRebates\SelectRebatesApi.exe
C:\Program Files\SelectRebates\SelectRebatesApi.ini
C:\Program Files\SelectRebates\SelectRebatesB.dat
C:\Program Files\SelectRebates\SelectRebatesBT.dat
C:\Program Files\SelectRebates\SelectRebatesUninstall.ini
C:\Program Files\SelectRebates\Toolbar\Add.bmp
C:\Program Files\SelectRebates\Toolbar\AdvancedOptions.html
C:\Program Files\SelectRebates\Toolbar\basis.xml
C:\Program Files\SelectRebates\Toolbar\Blank.bmp
C:\Program Files\SelectRebates\Toolbar\button-CloseWindow.gif
C:\Program Files\SelectRebates\Toolbar\i_clipboard.bmp
C:\Program Files\SelectRebates\Toolbar\i_help.bmp
C:\Program Files\SelectRebates\Toolbar\i_magnifying.bmp
C:\Program Files\SelectRebates\Toolbar\icons.bmp
C:\Program Files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
C:\Program Files\SelectRebates\Toolbar\Invite.bmp
C:\Program Files\SelectRebates\Toolbar\logo.bmp
C:\Program Files\SelectRebates\Toolbar\logo_24.bmp
C:\Program Files\SelectRebates\Toolbar\MyNew.bmp
C:\Program Files\SelectRebates\Toolbar\MyNone.bmp
C:\Program Files\SelectRebates\Toolbar\MyPage.bmp
C:\Program Files\SelectRebates\Toolbar\Rate.bmp
C:\Program Files\SelectRebates\Toolbar\RightControls.dym
C:\Program Files\SelectRebates\Toolbar\sah_logo_bars.gif
C:\Program Files\SelectRebates\Toolbar\Scissors.bmp
C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
C:\WINDOWS\312-zKVVez.jpg
C:\WINDOWS\316-u7s--yn.jpg
C:\WINDOWS\318-AzTK.jpg
C:\WINDOWS\320-en8nT.jpg
C:\WINDOWS\321-TXA8.jpg
C:\WINDOWS\322-BB64c.jpg
C:\WINDOWS\323-zcVs.jpg
C:\WINDOWS\324-sJJs7r.jpg
C:\WINDOWS\325-edH88.jpg
C:\WINDOWS\326-6HBr2y.jpg
C:\WINDOWS\327-5A77u.jpg
C:\WINDOWS\328-Lz7--sd.jpg
C:\WINDOWS\329-2srr.jpg
C:\WINDOWS\330-VKc6.jpg
C:\WINDOWS\331-5Bw8J.jpg
C:\WINDOWS\332-44srB6.jpg
C:\WINDOWS\333-nn7K2r.jpg
C:\WINDOWS\334-4py3Xy.jpg
C:\WINDOWS\335-45w8ds.jpg
C:\WINDOWS\336-we52.jpg
C:\WINDOWS\337-eTurnF.jpg
C:\WINDOWS\338-dBHH.jpg
C:\WINDOWS\339-uTc4.jpg
C:\WINDOWS\340-drs3K.jpg
C:\WINDOWS\341-pB4MB.jpg
C:\WINDOWS\342-wM4K.jpg
C:\WINDOWS\343-dp5--7Tw.jpg
C:\WINDOWS\344-84Hy7.jpg
C:\WINDOWS\345-5z73wL.jpg
C:\WINDOWS\346-FL36ny.jpg
C:\WINDOWS\347-nT2r6.jpg
C:\WINDOWS\348-5Xedd.jpg
C:\WINDOWS\349-Gw67B-G.jpg
C:\WINDOWS\350-dBw-d.jpg
C:\WINDOWS\351-BV2yw.jpg
C:\WINDOWS\352-ep4V7.jpg
C:\WINDOWS\353-Gec4.jpg
C:\WINDOWS\354-wd37.jpg
C:\WINDOWS\355-d7M.jpg
C:\WINDOWS\356-zrA.jpg
C:\WINDOWS\357-32Bc.jpg
C:\WINDOWS\358-uJ4rre7.jpg
C:\WINDOWS\359-3uA6w.jpg
C:\WINDOWS\360-uuFr.jpg
C:\WINDOWS\361-Hu4B4.jpg
C:\WINDOWS\362-pM3r6n.jpg
C:\WINDOWS\363-GepMr.jpg
C:\WINDOWS\364-F75Gu.jpg
C:\WINDOWS\365-V3GJes.jpg
C:\WINDOWS\366-cw----uA.jpg
C:\WINDOWS\367-cpB7p7.jpg
C:\WINDOWS\380-dLyBrp6.jpg
C:\WINDOWS\381-7drd.jpg
C:\WINDOWS\382-3pT7.jpg
C:\WINDOWS\383-s-75zw.jpg
C:\WINDOWS\384-4737.jpg
C:\WINDOWS\385-cBcM.jpg
C:\WINDOWS\386-VrT8BL.jpg
C:\WINDOWS\387-7MuwHs.jpg
C:\WINDOWS\388-88rrsz.jpg
C:\WINDOWS\389-4MV3d5.jpg
C:\WINDOWS\390-64F2.jpg
C:\WINDOWS\391-p4cz4.jpg
C:\WINDOWS\392-cVrwKG.jpg
C:\WINDOWS\393-TwAw8G.jpg
C:\WINDOWS\394-d6sd-p.jpg
C:\WINDOWS\395-BBc-yX.jpg
C:\WINDOWS\396-n4dyK.jpg
C:\WINDOWS\397-XJsA2.jpg
C:\WINDOWS\398-HT3r7d.jpg
C:\WINDOWS\399-GH7LpK.jpg
C:\WINDOWS\400-3yw7.jpg
C:\WINDOWS\401-T7r7AF.jpg
C:\WINDOWS\402-F7dz.jpg
C:\WINDOWS\403-nrepnu6.jpg
C:\WINDOWS\404-Xc7.jpg
C:\WINDOWS\405-3rzcG.jpg
C:\WINDOWS\406-y-7cV.jpg
C:\WINDOWS\407-3eGwc.jpg
C:\WINDOWS\408-JJLuJ7.jpg
C:\WINDOWS\409-Xn-c4cX.jpg
C:\WINDOWS\410-8e6u4.jpg
C:\WINDOWS\411-X64H.jpg
C:\WINDOWS\412-yLnzc.jpg
C:\WINDOWS\413-K3F7-GwA.jpg
C:\WINDOWS\414-sdzMy2.jpg
C:\WINDOWS\415-68MHw.jpg
C:\WINDOWS\416-dXdw4n.jpg
C:\WINDOWS\417-6FwF88.jpg
C:\WINDOWS\418-2pz7.jpg
C:\WINDOWS\419-B-pV68A.jpg
C:\WINDOWS\420-u4VT3p.jpg
C:\WINDOWS\421-4pLsL.jpg
C:\WINDOWS\422-rTyK8.jpg
C:\WINDOWS\423-wKH8.jpg
C:\WINDOWS\424-nre4rc.jpg
C:\WINDOWS\425-2pVc6.jpg
C:\WINDOWS\426-BuL.jpg
C:\WINDOWS\427-Jpwzsz.jpg
C:\WINDOWS\428-3-645TX.jpg
C:\WINDOWS\CdaC14BA.exe
C:\WINDOWS\mmall.exe
C:\WINDOWS\SmFycm9k
C:\WINDOWS\SmFycm9k\asappsrv.dll
C:\WINDOWS\SmFycm9k\command.exe
C:\WINDOWS\SmFycm9k\mAIVwA64.vbs
C:\WINDOWS\system32\mzf.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_TDLSERV

((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.

2007-12-04 09:19 . 2007-12-04 09:19 533,504 --a------ C:\WINDOWS\mmoc.bin
2007-12-04 09:19 . 2007-12-04 09:19 533,504 --a------ C:\WINDOWS\mm_tmpoc.bin
2007-12-04 09:18 . 2007-12-04 21:51 40,960 --a------ C:\WINDOWS\mm_tmphr.exe
2007-12-03 23:41 . 2007-12-03 23:41 2,309 --a------ C:\WINDOWS\46-zV7w.jpg
2007-12-03 23:41 . 2007-12-03 23:41 1,932 --a------ C:\WINDOWS\45-s7z8.jpg
2007-12-03 23:40 . 2007-12-03 23:40 3,840 --a------ C:\WINDOWS\39-2dnGpJ.jpg
2007-12-03 23:40 . 2007-12-03 23:40 3,325 --a------ C:\WINDOWS\38-44GBsw.jpg
2007-12-03 23:40 . 2007-12-03 23:40 2,932 --a------ C:\WINDOWS\37-yTu7sG.jpg
2007-12-03 23:40 . 2007-12-03 23:40 2,873 --a------ C:\WINDOWS\43-Bdr8HV.jpg
2007-12-03 23:40 . 2007-12-03 23:40 2,765 --a------ C:\WINDOWS\40-dKcKc.jpg
2007-12-03 23:40 . 2007-12-03 23:40 2,739 --a------ C:\WINDOWS\41-85AFK.jpg
2007-12-03 23:40 . 2007-12-03 23:40 2,556 --a------ C:\WINDOWS\44-s5sAd.jpg
2007-12-03 23:40 . 2007-12-03 23:40 1,940 --a------ C:\WINDOWS\42-T7Fu.jpg
2007-12-03 23:39 . 2007-12-03 23:39 3,288 --a------ C:\WINDOWS\34-2GpA4.jpg
2007-12-03 23:39 . 2007-12-03 23:39 3,273 --a------ C:\WINDOWS\31-AcprVpw.jpg
2007-12-03 23:39 . 2007-12-03 23:39 3,146 --a------ C:\WINDOWS\32-36TBd.jpg
2007-12-03 23:39 . 2007-12-03 23:39 3,050 --a------ C:\WINDOWS\35-MJ5er.jpg
2007-12-03 23:39 . 2007-12-03 23:39 2,760 --a------ C:\WINDOWS\30-7K7sr4.jpg
2007-12-03 23:39 . 2007-12-03 23:39 2,703 --a------ C:\WINDOWS\36-42H.jpg
2007-12-03 23:39 . 2007-12-03 23:39 2,060 --a------ C:\WINDOWS\33-ArLn.jpg
2007-12-03 23:38 . 2007-12-03 23:38 3,735 --a------ C:\WINDOWS\27-BpsrBu.jpg
2007-12-03 23:38 . 2007-12-03 23:38 3,446 --a------ C:\WINDOWS\24-24FrGwc.jpg
2007-12-03 23:38 . 2007-12-03 23:38 3,409 --a------ C:\WINDOWS\22-Bn8n4ry.jpg
2007-12-03 23:38 . 2007-12-03 23:38 3,151 --a------ C:\WINDOWS\25-8TKFy.jpg
2007-12-03 23:38 . 2007-12-03 23:38 2,922 --a------ C:\WINDOWS\21-u--VJenK.jpg
2007-12-03 23:38 . 2007-12-03 23:38 2,696 --a------ C:\WINDOWS\28-6Vedr.jpg
2007-12-03 23:38 . 2007-12-03 23:38 2,518 --a------ C:\WINDOWS\26-T7-r.jpg
2007-12-03 23:38 . 2007-12-03 23:38 2,489 --a------ C:\WINDOWS\29-F7Jdp.jpg
2007-12-03 23:38 . 2007-12-03 23:38 2,401 --a------ C:\WINDOWS\23-psGG.jpg
2007-12-03 23:37 . 2007-12-03 23:37 3,450 --a------ C:\WINDOWS\16-wnsM8c.jpg
2007-12-03 23:37 . 2007-12-03 23:37 3,311 --a------ C:\WINDOWS\14-B6cr7w.jpg
2007-12-03 23:37 . 2007-12-03 23:37 3,303 --a------ C:\WINDOWS\18-MG463V.jpg
2007-12-03 23:37 . 2007-12-03 23:37 3,013 --a------ C:\WINDOWS\19-rHrsu.jpg
2007-12-03 23:37 . 2007-12-03 23:37 2,794 --a------ C:\WINDOWS\15-THVK.jpg
2007-12-03 23:37 . 2007-12-03 23:37 2,640 --a------ C:\WINDOWS\17-F8sdG.jpg
2007-12-03 23:37 . 2007-12-03 23:37 2,329 --a------ C:\WINDOWS\20--ApK.jpg
2007-12-03 23:36 . 2007-12-03 23:36 3,332 --a------ C:\WINDOWS\6-JnpB2.jpg
2007-12-03 23:36 . 2007-12-03 23:36 3,072 --a------ C:\WINDOWS\9-urJ7r4.jpg
2007-12-03 23:36 . 2007-12-03 23:36 2,900 --a------ C:\WINDOWS\12-H3nJ7w.jpg
2007-12-03 23:36 . 2007-12-03 23:36 2,883 --a------ C:\WINDOWS\8-cMH8r.jpg
2007-12-03 23:36 . 2007-12-03 23:36 2,681 --a------ C:\WINDOWS\11-82Jr27.jpg
2007-12-03 23:36 . 2007-12-03 23:36 2,417 --a------ C:\WINDOWS\10-uJHr7.jpg
2007-12-03 23:36 . 2007-12-03 23:36 2,188 --a------ C:\WINDOWS\13-M8r-.jpg
2007-12-03 23:36 . 2007-12-03 23:36 1,862 --a------ C:\WINDOWS\7-43L3.jpg
2007-12-03 23:35 . 2007-12-03 23:35 3,399 --a------ C:\WINDOWS\2-cTMGVu.jpg
2007-12-03 23:35 . 2007-12-03 23:35 3,296 --a------ C:\WINDOWS\3-HTyF36.jpg
2007-12-03 23:35 . 2007-12-03 23:35 3,214 --a------ C:\WINDOWS\5-wr8-JyJ.jpg
2007-12-03 23:35 . 2007-12-03 23:35 3,027 --a------ C:\WINDOWS\1-u64w6.jpg
2007-12-03 23:35 . 2007-12-03 23:35 2,750 --a------ C:\WINDOWS\4-6rsuBy.jpg
2007-12-03 23:33 . 2007-12-03 23:33 3,393 --a------ C:\WINDOWS\379-rMVBcL.jpg
2007-12-03 23:33 . 2007-12-03 23:33 2,214 --a------ C:\WINDOWS\382-78V-.jpg
2007-12-03 23:33 . 2007-12-03 23:33 2,152 --a------ C:\WINDOWS\380-JM6X.jpg
2007-12-03 23:33 . 2007-12-03 23:33 1,904 --a------ C:\WINDOWS\381-uBcr.jpg
2007-12-03 23:33 . 2007-12-03 23:33 1,895 --a------ C:\WINDOWS\383-yrJX.jpg
2007-12-03 23:32 . 2007-12-03 23:32 3,427 --a------ C:\WINDOWS\374-567H2.jpg
2007-12-03 23:32 . 2007-12-03 23:32 2,902 --a------ C:\WINDOWS\377-XMd7B.jpg
2007-12-03 23:32 . 2007-12-03 23:32 2,656 --a------ C:\WINDOWS\372-d7dpX.jpg
2007-12-03 23:32 . 2007-12-03 23:32 2,644 --a------ C:\WINDOWS\373-7cVysL.jpg
2007-12-03 23:32 . 2007-12-03 23:32 2,592 --a------ C:\WINDOWS\378-86dJe.jpg
2007-12-03 23:32 . 2007-12-03 23:32 2,523 --a------ C:\WINDOWS\371-JB4L.jpg
2007-12-03 23:32 . 2007-12-03 23:32 2,188 --a------ C:\WINDOWS\375-84ue.jpg
2007-12-03 23:32 . 2007-12-03 23:32 2,141 --a------ C:\WINDOWS\376-pLp.jpg
2007-12-03 23:31 . 2007-12-03 23:31 3,540 --a------ C:\WINDOWS\370-yMH-r86.jpg
2007-12-03 23:31 . 2007-12-03 23:31 2,435 --a------ C:\WINDOWS\368-6LVMy.jpg
2007-12-03 23:31 . 2007-12-03 23:31 2,085 --a------ C:\WINDOWS\366-Be83.jpg
2007-12-03 23:31 . 2007-12-03 23:31 2,047 --a------ C:\WINDOWS\367-25V.jpg
2007-12-03 23:31 . 2007-12-03 23:31 1,893 --a------ C:\WINDOWS\369-KAe7.jpg
2007-12-03 23:29 . 2007-12-03 23:29 3,758 --a------ C:\WINDOWS\351-3rH56B.jpg
2007-12-03 23:29 . 2007-12-03 23:29 3,145 --a------ C:\WINDOWS\354-r5Jsez.jpg
2007-12-03 23:29 . 2007-12-03 23:29 3,076 --a------ C:\WINDOWS\353-4A-By7.jpg
2007-12-03 23:29 . 2007-12-03 23:29 3,020 --a------ C:\WINDOWS\352-JTVzL5.jpg
2007-12-03 23:29 . 2007-12-03 23:29 2,299 --a------ C:\WINDOWS\350-8X45.jpg
2007-12-03 23:28 . 2007-12-03 23:28 3,293 --a------ C:\WINDOWS\344-AH-dTyH.jpg
2007-12-03 23:28 . 2007-12-03 23:28 3,273 --a------ C:\WINDOWS\347-BV5pFA.jpg
2007-12-03 23:28 . 2007-12-03 23:28 2,688 --a------ C:\WINDOWS\349-5VyM.jpg
2007-12-03 23:28 . 2007-12-03 23:28 2,541 --a------ C:\WINDOWS\343-2uuVF.jpg
2007-12-03 23:28 . 2007-12-03 23:28 2,455 --a------ C:\WINDOWS\342-rX-r8.jpg
2007-12-03 23:28 . 2007-12-03 23:28 2,394 --a------ C:\WINDOWS\346-nK3cG.jpg
2007-12-03 23:28 . 2007-12-03 23:28 2,292 --a------ C:\WINDOWS\348-L5rT.jpg
2007-12-03 23:28 . 2007-12-03 23:28 1,789 --a------ C:\WINDOWS\345-L4en.jpg
2007-12-03 23:27 . 2007-12-03 23:27 3,654 --a------ C:\WINDOWS\336-JH7VnB.jpg
2007-12-03 23:27 . 2007-12-03 23:27 3,289 --a------ C:\WINDOWS\334-XBpAps.jpg
2007-12-03 23:27 . 2007-12-03 23:27 3,206 --a------ C:\WINDOWS\335-ceHFy4.jpg
2007-12-03 23:27 . 2007-12-03 23:27 2,503 --a------ C:\WINDOWS\338-B8uVrc.jpg
2007-12-03 23:27 . 2007-12-03 23:27 2,360 --a------ C:\WINDOWS\333-TBn3J.jpg
2007-12-03 23:27 . 2007-12-03 23:27 2,337 --a------ C:\WINDOWS\341-dydJF.jpg
2007-12-03 23:27 . 2007-12-03 23:27 2,271 --a------ C:\WINDOWS\339-p-u-43.jpg
2007-12-03 23:27 . 2007-12-03 23:27 2,226 --a------ C:\WINDOWS\340-wnee.jpg
2007-12-03 23:27 . 2007-12-03 23:27 2,139 --a------ C:\WINDOWS\337-587M.jpg
2007-12-03 23:26 . 2007-12-03 23:26 3,249 --a------ C:\WINDOWS\330-6JrwG.jpg
2007-12-03 23:26 . 2007-12-03 23:26 3,132 --a------ C:\WINDOWS\332-328MK.jpg
2007-12-03 23:26 . 2007-12-03 23:26 2,553 --a------ C:\WINDOWS\327-5drs7.jpg
2007-12-03 23:26 . 2007-12-03 23:26 2,516 --a------ C:\WINDOWS\328-w-s43.jpg
2007-12-03 23:26 . 2007-12-03 23:26 2,439 --a------ C:\WINDOWS\329-cVL-r.jpg
2007-12-03 23:26 . 2007-12-03 23:26 2,344 --a------ C:\WINDOWS\326-J-4-L4n.jpg
2007-12-03 23:26 . 2007-12-03 23:26 1,954 --a------ C:\WINDOWS\331-H-Ju.jpg
2007-12-03 23:24 . 2007-12-03 23:24 2,944 --a------ C:\WINDOWS\321-4d68K.jpg
2007-12-03 23:24 . 2007-12-03 23:24 2,928 --a------ C:\WINDOWS\320-XJ8rH2.jpg
2007-12-03 23:24 . 2007-12-03 23:24 2,734 --a------ C:\WINDOWS\324-eA46d.jpg
2007-12-03 23:24 . 2007-12-03 23:24 2,275 --a------ C:\WINDOWS\316-82TK.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 10:42 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-02 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-01 09:17 --------- d-----w C:\Program Files\RegSweep
2007-12-01 09:12 --------- d-----w C:\Program Files\Java
2007-12-01 09:06 --------- d-----w C:\Program Files\MySpace
2007-12-01 09:01 --------- d-----w C:\Program Files\The Weather Channel FW
2007-11-27 21:04 --------- d-----w C:\Program Files\LimeWire
2007-11-16 08:29 3,638 ----a-w C:\info.exe
2007-09-06 09:14 2,416 ----a-w C:\Documents and Settings\Administrator\GetPaths.vbs
2007-03-31 08:16 1,708 ----a-w C:\Documents and Settings\Jarrod\Application Data\wklnhst.dat
2006-07-12 19:40 162 ----a-w C:\Documents and Settings\Jerry\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-02_ 2.44.57.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-01 10:20:48 36,352 ----a-w C:\WINDOWS\mm_tmpgr.exe
+ 2007-12-04 20:59:33 36,352 ----a-w C:\WINDOWS\mm_tmpgr.exe
- 2007-12-01 10:21:19 41,472 ----a-w C:\WINDOWS\mm_tmpregalka.exe
+ 2007-12-04 07:32:56 41,472 ----a-w C:\WINDOWS\mm_tmpregalka.exe
- 2007-12-01 10:21:18 36,352 ----a-w C:\WINDOWS\mmgr.exe
+ 2007-12-04 21:00:04 36,352 ----a-w C:\WINDOWS\mmgr.exe
+ 2007-12-05 04:51:09 40,960 ----a-w C:\WINDOWS\mmhr.exe
- 2007-12-01 10:21:51 41,472 ----a-w C:\WINDOWS\mmregalka.exe
+ 2007-12-04 07:33:26 41,472 ----a-w C:\WINDOWS\mmregalka.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 00:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 00:40]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 12:49]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 11:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 11:14 C:\WINDOWS\RTHDCPL.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 15:28]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 15:26]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 13:07]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 10:24]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-05-19 07:57]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 06:29 C:\WINDOWS\agrsmmsg.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 05:10]
"TPSMain"="TPSMain.exe" [2005-05-31 21:00 C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 10:52]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 16:13]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 17:37]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-11-04 20:10]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-04 20:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\Jarrod\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-02-16 13:55:37]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-11-04 19:20:51]

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys

*Newly Created Service* - TDLSERV
.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 08:31:23 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.Jarrod.Runs RegistrySmart to optimize your registry.
"2007-12-01 08:31:02 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 22:18:42
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-04 22:21:04 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-02 02:46
.
--- E O F ---

hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 8:31:02 AM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jdmuniver...rums/usercp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

#10 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 05 December 2007 - 03:40 PM

Hello

How many is there? :huh:

Im interested to see if they are bad and how bad.

To enable the viewing of Hidden files follow these steps:

Close all programs so that you are at your desktop.
Double-click on the My Computer icon (or click Start, then select My Computer)
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.

Go to http://www.virustota.../en/indexf.html
Copy the following line into the white textbox:
C:\WINDOWS\345-L4en.jpg
Click Send.
Please post the results of this scan to this thread.

Do the same for any of the other .jpg files. And these
C:\WINDOWS\mmoc.bin
C:\WINDOWS\mm_tmphr.exe

You too could train to help others- Join the Classroom

#11 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 11 December 2007 - 10:46 AM

Hi Still needing help here?

You too could train to help others- Join the Classroom

#12 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 18 December 2007 - 09:38 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

You too could train to help others- Join the Classroom

Body Background

skin color theme