Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Home PC almost at a standstill

Started by Omideyi , Apr 23 2008 12:26 PM

  • This topic is locked This topic is locked
13 replies to this topic

#1 Omideyi

Omideyi

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 23 April 2008 - 12:26 PM

Hiya,

the PC I use at home is literally crawling, and I'm not really sure what is causing it. I've scanned with Avast, Hitman Pro, Registry Mechanic, and almost anything else I can think of, but nothing really seems to work. I've also deleted a lot of stuff from the HD, which now leaves me with around 13GB (out of 75GB). if someone could please have a look at the log, and tell me, if possible, what to remove, I'd be extremely grateful

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:17, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\knlwrap.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\Brownie\brstswnd.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {1FB685DB-84E4-D5FB-743F-4B525AD8A549} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PuXpTwks.exe /TWEAK
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] muamgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [OEM32 Tools] sres32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] muamgrd.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MrsO-Barrister\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...acom/wtinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.blueyond...tivePreQual.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17....ex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: afqdfeig - afqdfeig.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12205 bytes

    Advertisements

Register to Remove

#2 Omideyi

Omideyi

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 24 April 2008 - 02:41 AM

bump

#3 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 24 April 2008 - 02:56 AM

Hi! Welcome to the forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back in your next reply.


If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

There is a tutorial on the basic use of Combofix here:
http://www.bleepingc...to-use-combofix


Please download Combofix from Bleeping Computer.

If you can't download it from there, please try these 2 alternative sites:

Forospyware
Geeks to Go

  • Save it to your Desktop.
  • Disconnect from the Internet.
  • Click on this LINK to disable
  • Click Start>Run copy/paste or type "%userprofile%\desktop\combofix.exe" /killall into the Run box and click OK.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



In your next reply post:
Uninstall List
Report.txt
ComboFix.txt
New HijackThis log taken after the above scan has run
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#4 Omideyi

Omideyi

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 24 April 2008 - 08:34 AM

first of all, many thanks for your help. I've followed your instructions, and these are the logs as follows

Uninstall List

µTorrent
3D Canvas
3D Canvas
Ad-Aware SE Personal
Adobe Acrobat Reader 3.01
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.9
Adobe Shockwave Player
Anti-Spyware
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
Avance AC'97 Audio
avast! Antivirus
Awave Studio v10.1
BBC iPlayer Download Manager
Belkin SOHO Networking Utilities
BLACKSTONE'S CRIMINAL PRACTICE 2000
BlueSoleil
Bluesoleil3.2.2.8 Release 070421
Brother HL-2030
BUM
Canon CanoScan Toolbox 4.1
CanoScan LiDE20,30 Manual
Civil Procedure Forms
Collab
Combined Community Codec Pack 2008-01-24
DEMO Play It - Notes - v1.0.1
Diskeeper 2007 Pro Premier
DocuCom PDF Driver
Employment Tribunal Service Claim Forms
Employment Tribunal Service Claim Forms (C:\Program Files\ETS Claim\)
Eyewitness Encyclopedia of Science 2.0
FalconSweep
FlashGet 1.9.6.1073
Game Maker 7.0
getPlus®_ocx
GIF to AVI SWF Converter
HijackThis 2.0.2
Hitman Pro
HotDocs 2005 PDF Advantage Standard Edition
HotDocs 2005 Player Edition SP2
Hotfix for Windows Internet Explorer 7 (KB947864)
InCD (Ahead Software)
InterVideo WinDVD Platinum
iTunes
J2SE Runtime Environment 5.0 Update 1
Jordans Family Court Practice
LimeWire 4.8.1
Logitech Gaming Software 5.02
Macrogaming SweetIM 2.1
Magic Video Batch Converter 3.5
MaterialWorlds
MD Simple Burner 2.0.03
MediaMonkey 2.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync 3.7
Microsoft Data Access Components KB870669
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
MOBILedit! 2.2
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nokia Connectivity Cable Driver
Nokia NSeries Application Installer
Nokia NSeries Content Copier
Nokia NSeries System Utilities
Nokia PC Suite
Nokia PC Suite
Nokia Software Launcher
Nokia Software Updater
OpenMG Limited Patch 3.4-04-17-06-01
PC Connectivity Solution
PhoneTools
Project64 1.6
PS3 Video 9 2.25
PS3 Video Converter 3
QuickTime
RealPlayer
Registry Mechanic 7.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Publisher 2007 (KB936646)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Shockwave
Sony USB Driver
SopCast 3.0.0
Spy Sweeper
Spybot - Search & Destroy 1.4
Spyware Doctor 5.0
SpywareBlaster v3.5.1
TotalCAD 2D/3D v1.0
TVAnts 1.0
TVersity Codec Pack 1.1
TVersity Media Server 0.9.11.4 beta
TVUPlayer 2.3.3.2
Typing Tutor 7
Update for Office 2007 (KB932080)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Office 2007 (KB934393)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
Update for Word 2007 (KB934173)
VideoLAN VLC media player 0.8.6c
WIDCOMM Bluetooth Software
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR archiver
ZoneAlarm Pro


Report.txt

SDFix: Version 1.174
Run by MrsO-Barrister on 24/04/2008 at 10:15

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
C:\Documents and Settings\MrsO-Barrister\Favorites\Online Security Guide.lnk - Deleted
C:\WINDOWS\system32\TFTP336 - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 10:43:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00081bc0471c]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:44,f9,62,00,ab,8f,d6,28,0d,cb,dc,88,ce,7a,5b,c0,4c,ee,d7,70,9b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,53,d2,4d,cf,f8,d7,64,98,0f,9d,6a,a7,65,64,88,33,d5,..
"khjeh"=hex:f9,84,47,54,11,76,d8,ed,15,e9,34,08,8e,5c,31,1b,e8,0a,c2,a4,e0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:07,61,6f,69,d7,e3,cf,e1,fc,91,06,80,fe,bf,78,a6,cd,61,39,fb,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00081bc0471c]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:44,f9,62,00,ab,8f,d6,28,0d,cb,dc,88,ce,7a,5b,c0,4c,ee,d7,70,9b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,53,d2,4d,cf,f8,d7,64,98,0f,9d,6a,a7,65,64,88,33,d5,..
"khjeh"=hex:f9,84,47,54,11,76,d8,ed,15,e9,34,08,8e,5c,31,1b,e8,0a,c2,a4,e0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:07,61,6f,69,d7,e3,cf,e1,fc,91,06,80,fe,bf,78,a6,cd,61,39,fb,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:44,f9,62,00,ab,8f,d6,28,0d,cb,dc,88,ce,7a,5b,c0,4c,ee,d7,70,9b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,53,d2,4d,cf,f8,d7,64,98,0f,9d,6a,a7,65,64,88,33,d5,..
"khjeh"=hex:f9,84,47,54,11,76,d8,ed,15,e9,34,08,8e,5c,31,1b,e8,0a,c2,a4,e0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ce,61,50,3a,f0,b5,0d,cc,85,ca,79,42,c8,74,b5,be,23,9e,44,48,66,..

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\search[8].: P 9451 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\search[1].: 31505 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\search[1].: P 24490 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\search[2].: 15396 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\search[2].: P 14648 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\search[3].: P 15522 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\search[5].: P 22379 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\search[7].: P 25767 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\search[9].: P 26250 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\web[1].: P 30170 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\web[2].: P 30170 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\web[3].: P 36139 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\search[6].: P 25766 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\search[4].: P 2428 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\liisa[1].: P 585 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\Swastika[1].: P 26453 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\I9SBMXU5\main[1].: P 4988 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\SB1ZIYRP\rolldeep[1].: P 7538 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\SB1ZIYRP\rolldeep[2].: P 7538 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\SB1ZIYRP\artist[1].: P 22539 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\1F7FTHGE\google[1].: P 3735 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\1F7FTHGE\search[5].: P 25094 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\1F7FTHGE\send[1].: P 5407 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\1F7FTHGE\google.co[1].: P 3099 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\1F7FTHGE\search[1].: P 21203 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\1F7FTHGE\search[3].: P 5534 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\1F7FTHGE\search[2].: P 24998 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\1F7FTHGE\search[4].: P 18424 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\4TIJKLYN\liisa[1].: P 653 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\K34OEXPA\search[1].: P 17297 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\K59DJLOM\search[1].: P 14574 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\K59DJLOM\alltheweb[1].: P 6930 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\OD2FSL2N\search[1].: P 22233 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\OHWXI349\Jorgito_Vargas[1].: P 21547 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\OHWXI349\showid-1905[1].: P 66454 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\OHWXI349\showid-1905[2].: P 66459 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\OHWXI349\showid-1905[3].: P 66459 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\OHWXI349\showid-1905[4].: P 209167 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\OHWXI349\showid-1905[5].: P 209252 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\OHWXI349\showid-1905[6].: P 209212 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\OHWXI349\Tom_Hern[1].: P 15535 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\OHWXI349\images[1].: P 21460 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\OXMR0HY3\images[1].: 8592 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\RR1735SS\games.yahoo[1].: P 56482 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\RR1735SS\search[1].: P 20129 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\RR1735SS\2dplay[1].: P 109728 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\SHAF09EV\uk.my.msn[1].: P 58772 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\SHAF09EV\search[1].: P 20642 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\SHAF09EV\games.yahoo[1].: P 56053 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\SHAF09EV\games.yahoo[2].: P 56293 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\VXQAL2ZZ\world.altavista[1].: P 16120 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\VXQAL2ZZ\search[4].: P 22609 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\VXQAL2ZZ\search[1].: P 19124 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\VXQAL2ZZ\search[3].: P 22695 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\VXQAL2ZZ\search[2].: P 18194 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\WIZV1HZ5\ShowFolder[1].: 60596 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\WVD3AE3T\liisa[1].: P 585 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\WVD3AE3T\liisa[2].: P 585 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\WVD3AE3T\liisa[3].: P 585 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\WVD3AE3T\liisa[4].: P 585 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\WVD3AE3T\search[1].: 15595 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\WXQVOXIJ\login2[1].: P 36929 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\C5U7CLYJ\search[1].: P 21267 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\C5U7CLYJ\search[2].: P 24641 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\C5U7CLYJ\search[3].: P 19064 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\C5U7CLYJ\imgres[1].: P 779 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CDQ3456V\login2[1].: P 37467 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CDQ3456V\images[1].: P 22560 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CDQ3456V\liisa[1].: P 624 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CDQ3456V\liisa[2].: P 624 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CDQ3456V\liisa[3].: P 624 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CDQ3456V\liisa[4].: P 624 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CDQ3456V\search[1].: P 15529 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CDQ3456V\search[2].: P 31946 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CDQ3456V\glennmcmillanonline[1].:P 20962 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CTGB8RGV\search[2].: P 29461 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CTGB8RGV\search[4].: P 28457 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CTGB8RGV\search[5].: P 18386 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CTGB8RGV\search[6].: P 15736 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CTGB8RGV\search[1].: P 18328 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\CTGB8RGV\search[3].: P 31965 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\DYZJVDFZ\ShowFolder[1].: 68935 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\GP6ZSPMF\search[3].: P 25191 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\GP6ZSPMF\images[1].: P 22167 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\GP6ZSPMF\search[2].: P 24045 bytes hidden from API
C:\Documents and Settings\MrsO-Barrister\Local Settings\Temporary Internet Files\Content.IE5\GP6ZSPMF\search[1].: P 25313 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 176


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\MrsO-Barrister\\Desktop\\Oreofe Omideyi\\slo\\Applications\\WinMX\\WinMX.exe"="C:\\Documents and Settings\\MrsO-Barrister\\Desktop\\Oreofe Omideyi\\slo\\Applications\\WinMX\\WinMX.exe:*:Disabled:WinMX Application"
"C:\\Documents and Settings\\All Users\\Documents\\Oreofe Omideyi\\slo\\Applications\\WinMX\\WinMX.exe"="C:\\Documents and Settings\\All Users\\Documents\\Oreofe Omideyi\\slo\\Applications\\WinMX\\WinMX.exe:*:Disabled:WinMX Application"
"C:\\WINDOWS\\system32\\sres32.exe"="C:\\WINDOWS\\system32\\sres32.exe:*:Disabled:sres32"
"C:\\Program Files\\IMSI\\TCWD70\\Program\\Tcd70.exe"="C:\\Program Files\\IMSI\\TCWD70\\Program\\Tcd70.exe:*:Disabled:TurboCAD™ for Windows Application"
"C:\\Documents and Settings\\MrsO-Barrister\\Desktop\\Oreofe Omideyi\\slo\\WinMX\\WinMX.exe"="C:\\Documents and Settings\\MrsO-Barrister\\Desktop\\Oreofe Omideyi\\slo\\WinMX\\WinMX.exe:*:Disabled:WinMX Application"
"C:\\winread.exe"="C:\\winread.exe:*:Disabled:winread"
"C:\\Documents and Settings\\All Users\\Documents\\Oreofe Omideyi\\slo\\Applications\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\All Users\\Documents\\Oreofe Omideyi\\slo\\Applications\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"C:\\Documents and Settings\\All Users\\Documents\\My Videos\\Nang\\slo\\Applications\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\All Users\\Documents\\My Videos\\Nang\\slo\\Applications\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Documents and Settings\\All Users\\Documents\\My Videos\\Nang\\slo\\Stuff\\pes4.exe"="C:\\Documents and Settings\\All Users\\Documents\\My Videos\\Nang\\slo\\Stuff\\pes4.exe:*:Disabled:pes4"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Documents\\My Videos\\Nang\\Ares\\Ares.exe"="C:\\Documents and Settings\\All Users\\Documents\\My Videos\\Nang\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Documents and Settings\\All Users\\Documents\\Sports Interactive\\PES5.exe"="C:\\Documents and Settings\\All Users\\Documents\\Sports Interactive\\PES5.exe:*:Enabled:pes5.exe"
"C:\\Program Files\\UltraVNC\\winvnc.exe"="C:\\Program Files\\UltraVNC\\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Documents and Settings\\All Users\\Documents\\PESFan Editor 6\\utorrent.exe"="C:\\Documents and Settings\\All Users\\Documents\\PESFan Editor 6\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPMate\\ppamnet.exe"="C:\\Program Files\\PPMate\\ppamnet.exe:*:Enabled:PPMate"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Disabled:Football Manager 2008"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 23 Aug 2007 19,466 ..SH. --- "C:\WINDOWS\system32\afqdfeig.dllbox"
Thu 26 Feb 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 13 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!


ComboFix.txt

ComboFix 08-04-22.5 - MrsO-Barrister 2008-04-24 11:28:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.203 [GMT 1:00]
Running from: C:\Documents and Settings\MrsO-Barrister\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\WINDOWS\Downloaded Program Files\egdhtml.inf
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\afqdfeig.dllbox
C:\WINDOWS\system32\byxvwww.dll
C:\WINDOWS\system32\fccyxuu.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-24 10:10 . 2008-04-24 10:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-24 10:02 . 2008-04-24 10:02 <DIR> d-------- C:\SDFix
2008-04-20 14:50 . 2008-04-20 14:50 <DIR> d-------- C:\logs3
2008-04-18 03:45 . 2008-04-20 16:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 03:45 . 2008-04-18 03:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 14:26 . 2008-04-16 14:26 <DIR> d-------- C:\Program Files\Logitech
2008-04-16 14:26 . 2008-04-16 14:26 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-04-16 13:49 . 2001-08-17 14:02 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys
2008-04-16 13:49 . 2001-08-17 14:02 8,576 --a--c--- C:\WINDOWS\system32\dllcache\hidgame.sys
2008-04-16 13:41 . 2008-04-16 13:41 <DIR> d-------- C:\Program Files\Rockstar Games
2008-04-15 12:29 . 2004-08-30 14:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-15 12:29 . 2004-12-10 10:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2008-04-15 12:29 . 2007-04-12 15:01 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL
2008-04-15 10:56 . 2008-04-23 19:13 <DIR> d-------- C:\Program Files\EA SPORTS
2008-04-12 09:11 . 2008-04-12 02:33 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-12 09:11 . 2008-04-12 09:11 2,547 --a------ C:\WINDOWS\unins000.dat
2008-04-12 01:58 . 2008-04-12 01:58 262,144 --a------ C:\ntuser.dat.rmbak
2008-04-12 01:58 . 2008-04-12 02:04 8,192 --a------ C:\ntuser.dat
2008-04-10 13:50 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-10 13:50 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-09 10:26 . 2008-04-09 12:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 10:43 196 ----a-w C:\WINDOWS\system32\drivers\ALCICH.DAT
2008-04-23 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 18:12 --------- d-----w C:\Program Files\Ashampoo
2008-04-23 16:55 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-23 16:50 --------- d-----w C:\Program Files\Motvik
2008-04-21 21:04 --------- d-----w C:\Program Files\FlashGet
2008-04-19 01:07 87,552 ----a-w C:\WINDOWS\Internet Logs\xDB292.tmp
2008-04-19 01:07 2,633,728 ----a-w C:\WINDOWS\Internet Logs\xDB293.tmp
2008-04-18 16:23 3,007,488 ----a-w C:\WINDOWS\Internet Logs\xDB27D.tmp
2008-04-18 16:23 2,628,096 ----a-w C:\WINDOWS\Internet Logs\xDB27E.tmp
2008-04-15 18:50 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-04-15 18:50 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-04-15 09:32 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-15 08:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-04-14 09:59 --------- d-----w C:\Program Files\MSN Messenger
2008-04-14 07:46 --------- d-----w C:\Program Files\Hitman Pro
2008-04-12 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-12 08:35 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-12 08:24 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-12 01:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-10 14:53 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-04-09 20:37 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-04-09 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 01:02 179,200 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-03-29 18:20 40,448 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-03-29 13:51 83,456 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-03-24 23:10 2,596,940 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-23 13:18 274,505 ----a-w C:\WINDOWS\GIF to AVI SWF Converter Uninstaller.exe
2008-03-23 13:18 --------- d-----w C:\Program Files\GIF to AVI SWF Converter
2008-03-23 01:57 60,416 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-03-23 01:57 2,324,992 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-19 00:25 59,904 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-03-17 01:31 75,264 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-03-15 17:08 --------- d-----w C:\Program Files\SopCast
2008-03-14 13:04 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-03-14 02:49 46,592 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-03-13 01:09 43,008 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-03-12 23:23 397,312 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-03-09 19:31 --------- d-----w C:\Program Files\UltraVNC
2008-03-09 10:59 46,592 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-08 12:04 95,232 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-05 16:18 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-05 02:50 73,216 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-02 22:18 --------- d-----w C:\Program Files\Awave Studio
2008-03-02 12:44 61,440 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 18:49 306,688 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-25 13:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-25 09:54 70,144 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-24 09:46 62,976 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-21 16:36 284,672 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-21 14:36 530 ---ha-w C:\os062307.bin
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 00:06 2,004,992 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-10 23:41 873,984 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-08 02:13 75,264 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-08 02:13 1,901,568 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-06 20:12 1,454,080 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-08-23 09:16 79,840 -c--a-w C:\Documents and Settings\MrsO-Barrister\Application Data\GDIPFONTCACHEV1.DAT
2005-09-13 23:32 41 -c--a-w C:\Documents and Settings\MrsO-Barrister\getfile.dat
2004-09-21 22:34 153 -c--a-w C:\Documents and Settings\MrsO-Barrister\shdocli.dat
2004-09-21 15:28 153 -c--a-w C:\Documents and Settings\MrsO-Barrister\wiasnext.dat
2004-09-20 20:28 154 -c--a-w C:\Documents and Settings\MrsO-Barrister\iuctta.dat
2004-09-20 15:39 154 -c--a-w C:\Documents and Settings\MrsO-Barrister\nvwrwit.dat
2004-09-19 16:00 154 -c--a-w C:\Documents and Settings\MrsO-Barrister\newdlvba.dat
2004-08-11 22:57 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\ddemq.dat
2004-08-11 18:45 65 -c--a-w C:\Documents and Settings\MrsO-Barrister\wiavidoo.dat
2004-08-11 08:40 66 -c--a-w C:\Documents and Settings\MrsO-Barrister\rasmawxe.dat
2004-08-10 20:36 67 -c--a-w C:\Documents and Settings\MrsO-Barrister\sceclp.dat
2004-08-09 22:33 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\mdt2fw9d.dat
2004-08-09 20:16 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\imagr5lr.dat
2004-08-09 09:12 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\diacofrm.dat
2004-08-08 19:01 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\nvwrida.dat
2004-06-22 23:07 12,297,384 ----a-w C:\Program Files\QuickTimeFullInstaller.exe
2004-03-13 23:01 429,216 ----a-w C:\Program Files\Adobe Reader.exe
2003-11-24 19:07 19,894,499 -c--a-w C:\Documents and Settings\MrsO-Barrister\winDVDPlatinum.exe
2003-11-01 23:39 0 -c--a-w C:\Program Files\error.log
2003-11-01 23:36 47,777 -c--a-w C:\Program Files\INSTALL.LOG
2003-09-15 14:53 7,716,864 ----a-w C:\Program Files\Sibelius.exe
2003-09-15 14:49 86,016 ----a-w C:\Program Files\GDIPlusWrapper.dll
2003-09-03 20:37 1,694,551 ----a-w C:\Program Files\Ad-aware for PC Cleanups.exe
2002-07-26 17:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2002-01-24 10:22 686 -c--a-w C:\Program Files\Sibelius.exe.manifest
.

------- Sigcheck -------

2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-04-15 19:50 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-04-15 19:50 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\oaklen]
@={6626BDCD-F620-BA9E-31E1-6D4C214ACBDD}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 16:42 75392]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 00:38 968696]
"RegistryMechanic"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-22 15:56 180269]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 15:44 3100672]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 11:38 88584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afqdfeig]
afqdfeig.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.cvid"= :iccvid.dll
"VIDC.I420"= :i420vfw.dll
"vidc.iv31"= :ir32_32.dll
"vidc.iv32"= :ir32_32.dll
"vidc.iv41"= :ir41_32.ax
"VIDC.IYUV"= :iyuv_32.dll
"vidc.mrle"= :msrle32.dll
"vidc.msvc"= :msvidc32.dll
"VIDC.UYVY"= :msyuv.dll
"VIDC.YUY2"= :msyuv.dll
"VIDC.YVU9"= :tsbyuv.dll
"VIDC.YVYU"= :msyuv.dll
"vidc.M263"= :msh263.drv
"vidc.M261"= :msh261.drv
"VIDC.MPG4"= :mpg4c32.dll
"VIDC.MP42"= :mpg4c32.dll
"VIDC.WMV3"= :wmv9vcm.dll
"vidc.pivc"= :pivideo.dll
"msacm.vorbis"= :vorbis.acm
"vidc.yv12"= :yv12vfw.dll
"msacm.siren"= :sirenacm.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-11-17 12:53 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 06:42 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM32 Tools]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SureCleanProfessional]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2007-12-24 15:03 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-22 15:56 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winvnc"=3 (0x3)
"vsmon"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"usnjsvc"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"iPod Service"=3 (0x3)
"FWS"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\UltraVNC\\winvnc.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\PESFan Editor 6\\utorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 17:07]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14:56]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 08:01]
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 15:54]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 14:28]
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-07-26 06:33]
S4 muamgrd;Windows Update Service;C:\WINDOWS\System32\muamgrd.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 02:15:02 C:\WINDOWS\Tasks\FalconSweepDailyScan.job"
- C:\Program Files\FalconSweep\falcon.exe
"2007-08-14 11:42:05 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - user.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-24 08:00:02 C:\WINDOWS\Tasks\{1E28247D-93D9-408E-A528-D633E68F0923}_MAIN_COMPUTER_user.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
"2008-04-23 15:00:00 C:\WINDOWS\Tasks\{2092D156-E375-4157-A104-77B3C778417B}_MAIN_COMPUTER_user.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
"2008-04-18 15:00:00 C:\WINDOWS\Tasks\{E2E8CBD4-2875-4815-85F0-C969B4535C0E}_MAIN_COMPUTER_user.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 11:47:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 90

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2008-04-24 12:02:53 - machine was rebooted [MrsO-Barrister]
ComboFix-quarantined-files.txt 2008-04-24 11:02:42

Pre-Run: 13,495,250,944 bytes free
Post-Run: 16,378,249,216 bytes free

291 --- E O F --- 2008-04-11 18:26:16


New HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:22:22, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...acom/wtinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.blueyond...tivePreQual.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17....ex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: afqdfeig - afqdfeig.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10245 bytes


i the Report.txt, I've had to put a space between the ".." and "P", because the forum code was converting them into smilies

many thanks again

#5 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 24 April 2008 - 08:55 AM

Hi

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

  • At the next prompt, click 'Yes' to run the full ComboFix scan.

    Posted Image

  • When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#6 Omideyi

Omideyi

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 24 April 2008 - 09:19 AM

ComboFix.txt

ComboFix 08-04-22.5 - MrsO-Barrister 2008-04-24 16:05:42.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.223 [GMT 1:00]
Running from: C:\Documents and Settings\MrsO-Barrister\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\MrsO-Barrister\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-24 10:10 . 2008-04-24 10:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-24 10:02 . 2008-04-24 10:02 <DIR> d-------- C:\SDFix
2008-04-20 14:50 . 2008-04-20 14:50 <DIR> d-------- C:\logs3
2008-04-18 03:45 . 2008-04-20 16:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 03:45 . 2008-04-18 03:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 14:26 . 2008-04-16 14:26 <DIR> d-------- C:\Program Files\Logitech
2008-04-16 14:26 . 2008-04-16 14:26 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-04-16 13:49 . 2001-08-17 14:02 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys
2008-04-16 13:49 . 2001-08-17 14:02 8,576 --a--c--- C:\WINDOWS\system32\dllcache\hidgame.sys
2008-04-16 13:41 . 2008-04-16 13:41 <DIR> d-------- C:\Program Files\Rockstar Games
2008-04-15 12:29 . 2004-08-30 14:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-15 12:29 . 2004-12-10 10:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2008-04-15 12:29 . 2007-04-12 15:01 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL
2008-04-15 10:56 . 2008-04-23 19:13 <DIR> d-------- C:\Program Files\EA SPORTS
2008-04-12 09:11 . 2008-04-12 02:33 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-12 09:11 . 2008-04-12 09:11 2,547 --a------ C:\WINDOWS\unins000.dat
2008-04-12 01:58 . 2008-04-12 01:58 262,144 --a------ C:\ntuser.dat.rmbak
2008-04-12 01:58 . 2008-04-12 02:04 8,192 --a------ C:\ntuser.dat
2008-04-10 13:50 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-10 13:50 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-09 10:26 . 2008-04-09 12:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 10:43 196 ----a-w C:\WINDOWS\system32\drivers\ALCICH.DAT
2008-04-23 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 18:12 --------- d-----w C:\Program Files\Ashampoo
2008-04-23 16:55 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-23 16:50 --------- d-----w C:\Program Files\Motvik
2008-04-21 21:04 --------- d-----w C:\Program Files\FlashGet
2008-04-19 01:07 87,552 ----a-w C:\WINDOWS\Internet Logs\xDB292.tmp
2008-04-19 01:07 2,633,728 ----a-w C:\WINDOWS\Internet Logs\xDB293.tmp
2008-04-18 16:23 3,007,488 ----a-w C:\WINDOWS\Internet Logs\xDB27D.tmp
2008-04-18 16:23 2,628,096 ----a-w C:\WINDOWS\Internet Logs\xDB27E.tmp
2008-04-15 18:50 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-04-15 18:50 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-04-15 09:32 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-15 08:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-04-14 09:59 --------- d-----w C:\Program Files\MSN Messenger
2008-04-14 07:46 --------- d-----w C:\Program Files\Hitman Pro
2008-04-12 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-12 08:35 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-12 08:24 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-12 01:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-10 14:53 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-04-09 20:37 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-04-09 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 01:02 179,200 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-03-29 18:20 40,448 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-03-29 13:51 83,456 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-03-24 23:10 2,596,940 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-23 13:18 274,505 ----a-w C:\WINDOWS\GIF to AVI SWF Converter Uninstaller.exe
2008-03-23 13:18 --------- d-----w C:\Program Files\GIF to AVI SWF Converter
2008-03-23 01:57 60,416 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-03-23 01:57 2,324,992 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-19 00:25 59,904 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-03-17 01:31 75,264 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-03-15 17:08 --------- d-----w C:\Program Files\SopCast
2008-03-14 13:04 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-03-14 02:49 46,592 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-03-13 01:09 43,008 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-03-12 23:23 397,312 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-03-09 19:31 --------- d-----w C:\Program Files\UltraVNC
2008-03-09 10:59 46,592 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-08 12:04 95,232 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-05 16:18 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-05 02:50 73,216 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-02 22:18 --------- d-----w C:\Program Files\Awave Studio
2008-03-02 12:44 61,440 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 18:49 306,688 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-25 13:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-25 09:54 70,144 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-24 09:46 62,976 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-21 16:36 284,672 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-21 14:36 530 ---ha-w C:\os062307.bin
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 00:06 2,004,992 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-10 23:41 873,984 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-08 02:13 75,264 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-08 02:13 1,901,568 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-06 20:12 1,454,080 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-08-23 09:16 79,840 -c--a-w C:\Documents and Settings\MrsO-Barrister\Application Data\GDIPFONTCACHEV1.DAT
2005-09-13 23:32 41 -c--a-w C:\Documents and Settings\MrsO-Barrister\getfile.dat
2004-09-21 22:34 153 -c--a-w C:\Documents and Settings\MrsO-Barrister\shdocli.dat
2004-09-21 15:28 153 -c--a-w C:\Documents and Settings\MrsO-Barrister\wiasnext.dat
2004-09-20 20:28 154 -c--a-w C:\Documents and Settings\MrsO-Barrister\iuctta.dat
2004-09-20 15:39 154 -c--a-w C:\Documents and Settings\MrsO-Barrister\nvwrwit.dat
2004-09-19 16:00 154 -c--a-w C:\Documents and Settings\MrsO-Barrister\newdlvba.dat
2004-08-11 22:57 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\ddemq.dat
2004-08-11 18:45 65 -c--a-w C:\Documents and Settings\MrsO-Barrister\wiavidoo.dat
2004-08-11 08:40 66 -c--a-w C:\Documents and Settings\MrsO-Barrister\rasmawxe.dat
2004-08-10 20:36 67 -c--a-w C:\Documents and Settings\MrsO-Barrister\sceclp.dat
2004-08-09 22:33 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\mdt2fw9d.dat
2004-08-09 20:16 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\imagr5lr.dat
2004-08-09 09:12 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\diacofrm.dat
2004-08-08 19:01 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\nvwrida.dat
2004-06-22 23:07 12,297,384 ----a-w C:\Program Files\QuickTimeFullInstaller.exe
2004-03-13 23:01 429,216 ----a-w C:\Program Files\Adobe Reader.exe
2003-11-24 19:07 19,894,499 -c--a-w C:\Documents and Settings\MrsO-Barrister\winDVDPlatinum.exe
2003-11-01 23:39 0 -c--a-w C:\Program Files\error.log
2003-11-01 23:36 47,777 -c--a-w C:\Program Files\INSTALL.LOG
2003-09-15 14:53 7,716,864 ----a-w C:\Program Files\Sibelius.exe
2003-09-15 14:49 86,016 ----a-w C:\Program Files\GDIPlusWrapper.dll
2003-09-03 20:37 1,694,551 ----a-w C:\Program Files\Ad-aware for PC Cleanups.exe
2002-07-26 17:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2002-01-24 10:22 686 -c--a-w C:\Program Files\Sibelius.exe.manifest
.

------- Sigcheck -------

2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-04-15 19:50 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-04-15 19:50 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\oaklen]
@={6626BDCD-F620-BA9E-31E1-6D4C214ACBDD}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 16:42 75392]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 00:38 968696]
"RegistryMechanic"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-22 15:56 180269]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 15:44 3100672]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 11:38 88584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afqdfeig]
afqdfeig.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.cvid"= :iccvid.dll
"VIDC.I420"= :i420vfw.dll
"vidc.iv31"= :ir32_32.dll
"vidc.iv32"= :ir32_32.dll
"vidc.iv41"= :ir41_32.ax
"VIDC.IYUV"= :iyuv_32.dll
"vidc.mrle"= :msrle32.dll
"vidc.msvc"= :msvidc32.dll
"VIDC.UYVY"= :msyuv.dll
"VIDC.YUY2"= :msyuv.dll
"VIDC.YVU9"= :tsbyuv.dll
"VIDC.YVYU"= :msyuv.dll
"vidc.M263"= :msh263.drv
"vidc.M261"= :msh261.drv
"VIDC.MPG4"= :mpg4c32.dll
"VIDC.MP42"= :mpg4c32.dll
"VIDC.WMV3"= :wmv9vcm.dll
"vidc.pivc"= :pivideo.dll
"msacm.vorbis"= :vorbis.acm
"vidc.yv12"= :yv12vfw.dll
"msacm.siren"= :sirenacm.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-11-17 12:53 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 06:42 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM32 Tools]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SureCleanProfessional]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2007-12-24 15:03 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-22 15:56 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winvnc"=3 (0x3)
"vsmon"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"usnjsvc"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"iPod Service"=3 (0x3)
"FWS"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\UltraVNC\\winvnc.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\PESFan Editor 6\\utorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 17:07]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14:56]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 08:01]
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 15:54]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 14:28]
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-07-26 06:33]
S4 muamgrd;Windows Update Service;C:\WINDOWS\System32\muamgrd.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 02:15:02 C:\WINDOWS\Tasks\FalconSweepDailyScan.job"
- C:\Program Files\FalconSweep\falcon.exe
"2007-08-14 11:42:05 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - user.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-24 08:00:02 C:\WINDOWS\Tasks\{1E28247D-93D9-408E-A528-D633E68F0923}_MAIN_COMPUTER_user.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
"2008-04-24 15:00:01 C:\WINDOWS\Tasks\{2092D156-E375-4157-A104-77B3C778417B}_MAIN_COMPUTER_user.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
"2008-04-18 15:00:00 C:\WINDOWS\Tasks\{E2E8CBD4-2875-4815-85F0-C969B4535C0E}_MAIN_COMPUTER_user.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 16:10:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-24 16:13:42
ComboFix-quarantined-files.txt 2008-04-24 15:13:14
ComboFix2.txt 2008-04-24 11:02:55

Pre-Run: 16,422,760,448 bytes free
Post-Run: 16,396,034,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /FASTDETECT /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

269 --- E O F --- 2008-04-11 18:26:16


HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:49, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Brownie\brstswnd.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...acom/wtinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.blueyond...tivePreQual.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17....ex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: afqdfeig - afqdfeig.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10102 bytes


#7 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 25 April 2008 - 01:51 AM

Hi
Step 1:
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

*Note* If you do not have Firefox or Opera, those options will be greyed out.



Step 2:
Remember to disconnect from the Internet before carrying out the next instruction, and to save the following script before you do.You must
also manually disable your anti-virus and anti-spyware programs. See the link below for instructions on doing this.
http://www.bleepingc...opic114351.html

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text with your mouse and pressing Ctrl+C 

KillAll::
 
Folder::
C:\SDFix

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\oaklen]
@=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afqdfeig]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM32 Tools]

Driver::
Windows Update Service

Go to the Notepad window and click Edit > Paste
Then click File > Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

Step 3:
Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:

      + Extended(If available otherwise Standard)
    • Scan Options:

      + Scan Archives
      + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

With the exception of Internet Explorer, which is needed for the Kaspersky Scan, keep ALL programs closed until the scan is complete. This includes your anti-virus. Once you have installed the Scanner, and the updated definitions, you can disconnect from the Internet.Re-enable the anti-virus before reconnecting to the Internet.


Step 4:
In your next reply post:
ComboFix.txt
Kaspersky report
New HijackThis log taken after the above scan has run

Edited by Scotty, 25 April 2008 - 01:52 AM.

You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#8 Omideyi

Omideyi

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 27 April 2008 - 12:39 PM

ComboFix:

ComboFix 08-04-22.5 - MrsO-Barrister 2008-04-26 21:25:06.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.242 [GMT 1:00]
Running from: C:\Documents and Settings\MrsO-Barrister\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\MrsO-Barrister\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\SDFix
C:\SDFix\SDFix\apps\assosfix.reg
C:\SDFix\SDFix\apps\cliptext.exe
C:\SDFix\SDFix\apps\download.exe
C:\SDFix\SDFix\apps\dummy.sys
C:\SDFix\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\SDFix\apps\ERDNT.E_E
C:\SDFix\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\SDFix\apps\ERUNT.EXE
C:\SDFix\SDFix\apps\ERUNT.LOC
C:\SDFix\SDFix\apps\fix.reg
C:\SDFix\SDFix\apps\FixBH.reg
C:\SDFix\SDFix\apps\FixComponents.reg
C:\SDFix\SDFix\apps\FIXCU.reg
C:\SDFix\SDFix\apps\FIXLM.reg
C:\SDFix\SDFix\apps\FixPath.exe
C:\SDFix\SDFix\apps\FixRedir.reg
C:\SDFix\SDFix\apps\FixSchedule.reg
C:\SDFix\SDFix\apps\FixWebCheck.reg
C:\SDFix\SDFix\apps\fixXP.reg
C:\SDFix\SDFix\apps\FixXPsp2.reg
C:\SDFix\SDFix\apps\grep.exe
C:\SDFix\SDFix\apps\HPFix.reg
C:\SDFix\SDFix\apps\HPFix2.reg
C:\SDFix\SDFix\apps\HPFix3.reg
C:\SDFix\SDFix\apps\HPFix4.reg
C:\SDFix\SDFix\apps\HPFix5.reg
C:\SDFix\SDFix\apps\HPFix6.reg
C:\SDFix\SDFix\apps\HPFix7.reg
C:\SDFix\SDFix\apps\isadmin.exe
C:\SDFix\SDFix\apps\leg2.txt
C:\SDFix\SDFix\apps\legacy.txt
C:\SDFix\SDFix\apps\legacybk.txt
C:\SDFix\SDFix\apps\locate.com
C:\SDFix\SDFix\apps\LS.exe
C:\SDFix\SDFix\apps\MD5File.exe
C:\SDFix\SDFix\apps\MyGcpvFix.reg
C:\SDFix\SDFix\apps\MyGkFix2.reg
C:\SDFix\SDFix\apps\Process.exe
C:\SDFix\SDFix\apps\procs.exe
C:\SDFix\SDFix\apps\psservice.exe
C:\SDFix\SDFix\apps\Rem.txt
C:\SDFix\SDFix\apps\Rem2.txt
C:\SDFix\SDFix\apps\Replace\regedit.exe
C:\SDFix\SDFix\apps\Replace\W2K.exe
C:\SDFix\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\SDFix\apps\Replace\XP.exe
C:\SDFix\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\SDFix\apps\Replace\xp\null.sys
C:\SDFix\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\SDFix\apps\RestartIt!.exe
C:\SDFix\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\SDFix\apps\sc.exe
C:\SDFix\SDFix\apps\sed.exe
C:\SDFix\SDFix\apps\SF.exe
C:\SDFix\SDFix\apps\shutdown.exe
C:\SDFix\SDFix\apps\srv2.txt
C:\SDFix\SDFix\apps\srv2bk.txt
C:\SDFix\SDFix\apps\svc.txt
C:\SDFix\SDFix\apps\svcbk.txt
C:\SDFix\SDFix\apps\swreg.exe
C:\SDFix\SDFix\apps\swsc.exe
C:\SDFix\SDFix\apps\unzip.exe
C:\SDFix\SDFix\apps\vfind.exe
C:\SDFix\SDFix\apps\WINMSG.EXE
C:\SDFix\SDFix\apps\winsec.reg
C:\SDFix\SDFix\apps\zip.exe
C:\SDFix\SDFix\backups\backupreg.zip
C:\SDFix\SDFix\backups\backups.zip
C:\SDFix\SDFix\backups\catchme.log
C:\SDFix\SDFix\catchme.exe
C:\SDFix\SDFix\dummy.sys
C:\SDFix\SDFix\Report.txt
C:\SDFix\SDFix\RunThis.bat
C:\SDFix\SDFix\SDFIX_ReadMe_Online.url

.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-24 10:10 . 2008-04-24 10:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-20 14:50 . 2008-04-20 14:50 <DIR> d-------- C:\logs3
2008-04-18 03:45 . 2008-04-20 16:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 03:45 . 2008-04-18 03:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 14:26 . 2008-04-16 14:26 <DIR> d-------- C:\Program Files\Logitech
2008-04-16 14:26 . 2008-04-16 14:26 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-04-16 13:49 . 2001-08-17 14:02 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys
2008-04-16 13:49 . 2001-08-17 14:02 8,576 --a--c--- C:\WINDOWS\system32\dllcache\hidgame.sys
2008-04-16 13:41 . 2008-04-16 13:41 <DIR> d-------- C:\Program Files\Rockstar Games
2008-04-15 12:29 . 2004-08-30 14:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-15 12:29 . 2004-12-10 10:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2008-04-15 12:29 . 2007-04-12 15:01 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL
2008-04-15 10:56 . 2008-04-23 19:13 <DIR> d-------- C:\Program Files\EA SPORTS
2008-04-12 09:11 . 2008-04-12 02:33 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-12 09:11 . 2008-04-12 09:11 2,547 --a------ C:\WINDOWS\unins000.dat
2008-04-12 01:58 . 2008-04-12 01:58 262,144 --a------ C:\ntuser.dat.rmbak
2008-04-12 01:58 . 2008-04-12 02:04 8,192 --a------ C:\ntuser.dat
2008-04-10 13:50 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-10 13:50 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-09 10:26 . 2008-04-09 12:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 20:30 196 ----a-w C:\WINDOWS\system32\drivers\ALCICH.DAT
2008-04-26 20:22 --------- d-----w C:\Program Files\FlashGet
2008-04-23 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 18:12 --------- d-----w C:\Program Files\Ashampoo
2008-04-23 16:55 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-23 16:50 --------- d-----w C:\Program Files\Motvik
2008-04-19 01:07 87,552 ----a-w C:\WINDOWS\Internet Logs\xDB292.tmp
2008-04-19 01:07 2,633,728 ----a-w C:\WINDOWS\Internet Logs\xDB293.tmp
2008-04-18 16:23 3,007,488 ----a-w C:\WINDOWS\Internet Logs\xDB27D.tmp
2008-04-18 16:23 2,628,096 ----a-w C:\WINDOWS\Internet Logs\xDB27E.tmp
2008-04-15 18:50 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-04-15 18:50 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-04-15 09:32 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-15 08:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-04-14 09:59 --------- d-----w C:\Program Files\MSN Messenger
2008-04-14 07:46 --------- d-----w C:\Program Files\Hitman Pro
2008-04-12 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-12 08:35 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-12 08:24 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-12 01:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-10 14:53 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-04-09 20:37 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-04-09 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 01:02 179,200 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-03-29 18:20 40,448 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-03-29 13:51 83,456 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-03-24 23:10 2,596,940 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-23 13:18 274,505 ----a-w C:\WINDOWS\GIF to AVI SWF Converter Uninstaller.exe
2008-03-23 13:18 --------- d-----w C:\Program Files\GIF to AVI SWF Converter
2008-03-23 01:57 60,416 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-03-23 01:57 2,324,992 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-19 00:25 59,904 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-03-17 01:31 75,264 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-03-15 17:08 --------- d-----w C:\Program Files\SopCast
2008-03-14 13:04 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-03-14 02:49 46,592 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-03-13 01:09 43,008 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-03-12 23:23 397,312 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-03-09 19:31 --------- d-----w C:\Program Files\UltraVNC
2008-03-09 10:59 46,592 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-08 12:04 95,232 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-05 16:18 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-05 02:50 73,216 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-02 22:18 --------- d-----w C:\Program Files\Awave Studio
2008-03-02 12:44 61,440 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 18:49 306,688 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-25 09:54 70,144 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-24 09:46 62,976 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-21 16:36 284,672 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-21 14:36 530 ---ha-w C:\os062307.bin
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 00:06 2,004,992 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-10 23:41 873,984 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-08 02:13 75,264 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-08 02:13 1,901,568 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-06 20:12 1,454,080 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-08-23 09:16 79,840 -c--a-w C:\Documents and Settings\MrsO-Barrister\Application Data\GDIPFONTCACHEV1.DAT
2005-09-13 23:32 41 -c--a-w C:\Documents and Settings\MrsO-Barrister\getfile.dat
2004-09-21 22:34 153 -c--a-w C:\Documents and Settings\MrsO-Barrister\shdocli.dat
2004-09-21 15:28 153 -c--a-w C:\Documents and Settings\MrsO-Barrister\wiasnext.dat
2004-09-20 20:28 154 -c--a-w C:\Documents and Settings\MrsO-Barrister\iuctta.dat
2004-09-20 15:39 154 -c--a-w C:\Documents and Settings\MrsO-Barrister\nvwrwit.dat
2004-09-19 16:00 154 -c--a-w C:\Documents and Settings\MrsO-Barrister\newdlvba.dat
2004-08-11 22:57 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\ddemq.dat
2004-08-11 18:45 65 -c--a-w C:\Documents and Settings\MrsO-Barrister\wiavidoo.dat
2004-08-11 08:40 66 -c--a-w C:\Documents and Settings\MrsO-Barrister\rasmawxe.dat
2004-08-10 20:36 67 -c--a-w C:\Documents and Settings\MrsO-Barrister\sceclp.dat
2004-08-09 22:33 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\mdt2fw9d.dat
2004-08-09 20:16 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\imagr5lr.dat
2004-08-09 09:12 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\diacofrm.dat
2004-08-08 19:01 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\nvwrida.dat
2004-06-22 23:07 12,297,384 ----a-w C:\Program Files\QuickTimeFullInstaller.exe
2004-03-13 23:01 429,216 ----a-w C:\Program Files\Adobe Reader.exe
2003-11-24 19:07 19,894,499 -c--a-w C:\Documents and Settings\MrsO-Barrister\winDVDPlatinum.exe
2003-11-01 23:39 0 -c--a-w C:\Program Files\error.log
2003-11-01 23:36 47,777 -c--a-w C:\Program Files\INSTALL.LOG
2003-09-15 14:53 7,716,864 ----a-w C:\Program Files\Sibelius.exe
2003-09-15 14:49 86,016 ----a-w C:\Program Files\GDIPlusWrapper.dll
2003-09-03 20:37 1,694,551 ----a-w C:\Program Files\Ad-aware for PC Cleanups.exe
2002-07-26 17:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2002-01-24 10:22 686 -c--a-w C:\Program Files\Sibelius.exe.manifest
.

------- Sigcheck -------

2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-04-15 19:50 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-04-15 19:50 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-04-24_12.02.12.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 10:43:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-26 20:31:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-19 20:16:23 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-04-25 15:27:41 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-04-26 20:31:54 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6b0.dat
+ 2008-04-26 20:32:25 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 16:42 75392]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 00:38 968696]
"RegistryMechanic"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-22 15:56 180269]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 15:44 3100672]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 11:38 88584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.cvid"= :iccvid.dll
"VIDC.I420"= :i420vfw.dll
"vidc.iv31"= :ir32_32.dll
"vidc.iv32"= :ir32_32.dll
"vidc.iv41"= :ir41_32.ax
"VIDC.IYUV"= :iyuv_32.dll
"vidc.mrle"= :msrle32.dll
"vidc.msvc"= :msvidc32.dll
"VIDC.UYVY"= :msyuv.dll
"VIDC.YUY2"= :msyuv.dll
"VIDC.YVU9"= :tsbyuv.dll
"VIDC.YVYU"= :msyuv.dll
"vidc.M263"= :msh263.drv
"vidc.M261"= :msh261.drv
"VIDC.MPG4"= :mpg4c32.dll
"VIDC.MP42"= :mpg4c32.dll
"VIDC.WMV3"= :wmv9vcm.dll
"vidc.pivc"= :pivideo.dll
"msacm.vorbis"= :vorbis.acm
"vidc.yv12"= :yv12vfw.dll
"msacm.siren"= :sirenacm.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-11-17 12:53 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 06:42 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SureCleanProfessional]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2007-12-24 15:03 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-22 15:56 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winvnc"=3 (0x3)
"vsmon"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"usnjsvc"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"iPod Service"=3 (0x3)
"FWS"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\UltraVNC\\winvnc.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\PESFan Editor 6\\utorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 17:07]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14:56]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 08:01]
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 15:54]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 14:28]
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-07-26 06:33]
S4 muamgrd;Windows Update Service;C:\WINDOWS\System32\muamgrd.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 02:15:02 C:\WINDOWS\Tasks\FalconSweepDailyScan.job"
- C:\Program Files\FalconSweep\falcon.exe
"2007-08-14 11:42:05 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - user.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-24 08:00:02 C:\WINDOWS\Tasks\{1E28247D-93D9-408E-A528-D633E68F0923}_MAIN_COMPUTER_user.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
"2008-04-24 15:00:01 C:\WINDOWS\Tasks\{2092D156-E375-4157-A104-77B3C778417B}_MAIN_COMPUTER_user.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
"2008-04-18 15:00:00 C:\WINDOWS\Tasks\{E2E8CBD4-2875-4815-85F0-C969B4535C0E}_MAIN_COMPUTER_user.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 21:38:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 90

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2008-04-26 21:52:21 - machine was rebooted [MrsO-Barrister]
ComboFix-quarantined-files.txt 2008-04-26 20:52:12
ComboFix2.txt 2008-04-24 15:13:44
ComboFix3.txt 2008-04-24 11:02:55

Pre-Run: 16,238,190,592 bytes free
Post-Run: 16,231,641,088 bytes free

359 --- E O F --- 2008-04-11 18:26:16


Kaspersky:

Sunday, April 27, 2008 1:25:32 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/04/2008
Kaspersky Anti-Virus database records: 726789
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 88639
Number of viruses found 12
Number of infected objects 19
Number of suspicious objects 0
Duration of the scan process 02:44:51


and these are the infected files

C:\Documents and Settings\All Users\Documents\PESFan Editor 6\Option_File_V1.2_PES6_Pc_by_www.feex.net\WebfettiSetup2.2.60.11-2.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\Documents and Settings\All Users\Documents\PESFan Editor 6\Option_File_V1.2_PES6_Pc_by_www.feex.net\WebfettiSetup2.2.60.11-2.exe CAB: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\58FA772B.dll Infected: Backdoor.Win32.Afcore.aw skipped
C:\Program Files\Norton AntiVirus\Quarantine\59600CBC.dll Infected: not-a-virus:AdWare.Win32.Dotcom.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7156656A.dll Infected: not-a-virus:AdWare.Win32.Dotcom.a skipped
C:\Program Files\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byxvwww.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fccyxuu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{3CF800C9-C546-4C36-B50B-112B92CAF200}\RP897\A0746105.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{3CF800C9-C546-4C36-B50B-112B92CAF200}\RP897\A0746124.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{3CF800C9-C546-4C36-B50B-112B92CAF200}\RP897\A0746138.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{3CF800C9-C546-4C36-B50B-112B92CAF200}\RP897\A0746139.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{3CF800C9-C546-4C36-B50B-112B92CAF200}\RP897\A0746173.exe Infected: Trojan-Downloader.Win32.Agent.kht skipped
C:\System Volume Information\_restore{3CF800C9-C546-4C36-B50B-112B92CAF200}\RP897\A0746174.dll Infected: Trojan-Downloader.Win32.Agent.hkl skipped
C:\System Volume Information\_restore{3CF800C9-C546-4C36-B50B-112B92CAF200}\RP898\A0746397.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{3CF800C9-C546-4C36-B50B-112B92CAF200}\RP898\A0746398.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{3CF800C9-C546-4C36-B50B-112B92CAF200}\RP918\A0749195.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{3CF800C9-C546-4C36-B50B-112B92CAF200}\RP918\A0749196.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped


HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:42, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...acom/wtinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.blueyond...tivePreQual.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17....ex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10220 bytes


#9 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 27 April 2008 - 06:28 PM

Hi

Did you knowingly install UltraVNC?

Remember to disconnect from the Internet before carrying out the next instruction, and to save the following script before you do.


Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text with your mouse and pressing Ctrl+C 

KillAll::
 
File::
C:\Documents and Settings\All Users\Documents\PESFan Editor 6\Option_File_V1.2_PES6_Pc_by_www.feex.net\WebfettiSetup2.2.60.11-2.exe

Folder::
C:\Program Files\Norton AntiVirus

Go to the Notepad window and click Edit > Paste
Then click File > Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe


Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...acom/wtinst.cab


WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked exit HijackThis and reboot.


In your next reply post:
ComboFix.txt
New HijackThis log taken after the above scan has run
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#10 Omideyi

Omideyi

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 28 April 2008 - 01:02 AM

yes I installed Ultra VNC myself

ComboFix:

ComboFix 08-04-22.5 - MrsO-Barrister 2008-04-28 1:36:25.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254 [GMT 1:00]
Running from: C:\Documents and Settings\MrsO-Barrister\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\MrsO-Barrister\Desktop\CFScript.txt

FILE ::
C:\Documents and Settings\All Users\Documents\PESFan Editor 6\Option_File_V1.2_PES6_Pc_by_www.feex.net\WebfettiSetup2.2.60.11-2.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Documents\PESFan Editor 6\Option_File_V1.2_PES6_Pc_by_www.feex.net\WebfettiSetup2.2.60.11-2.exe
C:\Program Files\Norton AntiVirus
C:\Program Files\Norton AntiVirus\AVApp.log
C:\Program Files\Norton AntiVirus\AVError.log
C:\Program Files\Norton AntiVirus\AVVirus.log
C:\Program Files\Norton AntiVirus\CfgWiz.dat
C:\Program Files\Norton AntiVirus\COUNTRY.DAT
C:\Program Files\Norton AntiVirus\defloc.dat
C:\Program Files\Norton AntiVirus\end_user.txt
C:\Program Files\Norton AntiVirus\exclude.dat
C:\Program Files\Norton AntiVirus\exclude.def
C:\Program Files\Norton AntiVirus\EXCLUDEL.DAT
C:\Program Files\Norton AntiVirus\excludel.def
C:\Program Files\Norton AntiVirus\IWP\Ales.xml
C:\Program Files\Norton AntiVirus\IWP\ALEUpdate-3401467C0.log
C:\Program Files\Norton AntiVirus\IWP\ALEUpdate-4101467C0.log
C:\Program Files\Norton AntiVirus\IWP\ALEUpdate-7641467C0.log
C:\Program Files\Norton AntiVirus\IWP\ALEUpdate-aec1467C0.log
C:\Program Files\Norton AntiVirus\IWP\ALEUpdate-b701467C0.log
C:\Program Files\Norton AntiVirus\IWP\ALEUpdate-f581467C0.log
C:\Program Files\Norton AntiVirus\IWP\ALEUpdate-f941467C0.log
C:\Program Files\Norton AntiVirus\IWP\DefRules.dat
C:\Program Files\Norton AntiVirus\IWP\IDSDefs\CATALOG.DAT
C:\Program Files\Norton AntiVirus\IWP\IDSDefs\Metadata.dat
C:\Program Files\Norton AntiVirus\IWP\IDSDefs\v.grd
C:\Program Files\Norton AntiVirus\IWP\IDSDefs\v.sig
C:\Program Files\Norton AntiVirus\IWP\IDSDefs\VIRSCAN1.DAT
C:\Program Files\Norton AntiVirus\IWP\IDSDefs\zdone.dat
C:\Program Files\Norton AntiVirus\navopts.dat
C:\Program Files\Norton AntiVirus\navopts.def
C:\Program Files\Norton AntiVirus\navsess.tpl
C:\Program Files\Norton AntiVirus\navsess.txt
C:\Program Files\Norton AntiVirus\QuarOpts.dat
C:\Program Files\Norton AntiVirus\README.TXT
C:\Program Files\Norton AntiVirus\savrt.dat
C:\Program Files\Norton AntiVirus\savrt.def
C:\Program Files\Norton AntiVirus\scancfg.dat
C:\Program Files\Norton AntiVirus\SRTLEXCL.DAT
C:\Program Files\Norton AntiVirus\srtlexcl.def
C:\Program Files\Norton AntiVirus\srtsexcl.dat
C:\Program Files\Norton AntiVirus\srtsexcl.def
C:\Program Files\Norton AntiVirus\THREXCL.DAT
C:\Program Files\Norton AntiVirus\threxcl.def
C:\Program Files\Norton AntiVirus\THRLEXCL.DAT
C:\Program Files\Norton AntiVirus\thrlexcl.def
C:\Program Files\Norton AntiVirus\VERSION.DAT

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-26 21:58 . 2008-04-26 21:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-26 21:58 . 2008-04-26 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-24 10:10 . 2008-04-24 10:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-20 14:50 . 2008-04-20 14:50 <DIR> d-------- C:\logs3
2008-04-18 03:45 . 2008-04-20 16:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 03:45 . 2008-04-18 03:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 14:26 . 2008-04-16 14:26 <DIR> d-------- C:\Program Files\Logitech
2008-04-16 14:26 . 2008-04-16 14:26 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-04-16 13:49 . 2001-08-17 14:02 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys
2008-04-16 13:49 . 2001-08-17 14:02 8,576 --a--c--- C:\WINDOWS\system32\dllcache\hidgame.sys
2008-04-16 13:41 . 2008-04-16 13:41 <DIR> d-------- C:\Program Files\Rockstar Games
2008-04-15 12:29 . 2004-08-30 14:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-15 12:29 . 2004-12-10 10:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2008-04-15 12:29 . 2007-04-12 15:01 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL
2008-04-15 10:56 . 2008-04-23 19:13 <DIR> d-------- C:\Program Files\EA SPORTS
2008-04-12 09:11 . 2008-04-12 02:33 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-12 09:11 . 2008-04-12 09:11 2,547 --a------ C:\WINDOWS\unins000.dat
2008-04-12 01:58 . 2008-04-12 01:58 262,144 --a------ C:\ntuser.dat.rmbak
2008-04-12 01:58 . 2008-04-12 02:04 8,192 --a------ C:\ntuser.dat
2008-04-10 13:50 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-10 13:50 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-09 10:26 . 2008-04-09 12:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 00:45 3,694,492 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-28 00:43 196 ----a-w C:\WINDOWS\system32\drivers\ALCICH.DAT
2008-04-26 20:22 --------- d-----w C:\Program Files\FlashGet
2008-04-23 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 18:12 --------- d-----w C:\Program Files\Ashampoo
2008-04-23 16:55 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-23 16:50 --------- d-----w C:\Program Files\Motvik
2008-04-19 01:07 87,552 ----a-w C:\WINDOWS\Internet Logs\xDB292.tmp
2008-04-19 01:07 2,633,728 ----a-w C:\WINDOWS\Internet Logs\xDB293.tmp
2008-04-18 16:23 3,007,488 ----a-w C:\WINDOWS\Internet Logs\xDB27D.tmp
2008-04-18 16:23 2,628,096 ----a-w C:\WINDOWS\Internet Logs\xDB27E.tmp
2008-04-15 18:50 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-04-15 18:50 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-04-15 09:32 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-15 08:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-04-14 09:59 --------- d-----w C:\Program Files\MSN Messenger
2008-04-14 07:46 --------- d-----w C:\Program Files\Hitman Pro
2008-04-12 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-12 08:35 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-12 08:24 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-12 01:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-10 14:53 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-04-09 20:37 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-04-09 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 01:02 179,200 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-03-29 18:20 40,448 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-03-29 13:51 83,456 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-03-23 13:18 274,505 ----a-w C:\WINDOWS\GIF to AVI SWF Converter Uninstaller.exe
2008-03-23 13:18 --------- d-----w C:\Program Files\GIF to AVI SWF Converter
2008-03-23 01:57 60,416 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-03-23 01:57 2,324,992 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-03-19 00:25 59,904 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-03-17 01:31 75,264 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-03-15 17:08 --------- d-----w C:\Program Files\SopCast
2008-03-14 13:04 44,032 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-03-14 02:49 46,592 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-03-13 01:09 43,008 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-03-12 23:23 397,312 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-03-09 19:31 --------- d-----w C:\Program Files\UltraVNC
2008-03-09 10:59 46,592 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-08 12:04 95,232 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-05 02:50 73,216 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-02 22:18 --------- d-----w C:\Program Files\Awave Studio
2008-03-02 12:44 61,440 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-28 18:49 306,688 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-25 09:54 70,144 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-24 09:46 62,976 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-21 16:36 284,672 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-21 14:36 530 ---ha-w C:\os062307.bin
2008-02-20 00:06 2,004,992 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-10 23:41 873,984 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-08 02:13 75,264 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-08 02:13 1,901,568 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-06 20:12 1,454,080 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-08-23 09:16 79,840 -c--a-w C:\Documents and Settings\MrsO-Barrister\Application Data\GDIPFONTCACHEV1.DAT
2005-09-13 23:32 41 -c--a-w C:\Documents and Settings\MrsO-Barrister\getfile.dat
2004-09-21 22:34 153 -c--a-w C:\Documents and Settings\MrsO-Barrister\shdocli.dat
2004-09-21 15:28 153 -c--a-w C:\Documents and Settings\MrsO-Barrister\wiasnext.dat
2004-09-20 20:28 154 -c--a-w C:\Documents and Settings\MrsO-Barrister\iuctta.dat
2004-09-20 15:39 154 -c--a-w C:\Documents and Settings\MrsO-Barrister\nvwrwit.dat
2004-09-19 16:00 154 -c--a-w C:\Documents and Settings\MrsO-Barrister\newdlvba.dat
2004-08-11 22:57 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\ddemq.dat
2004-08-11 18:45 65 -c--a-w C:\Documents and Settings\MrsO-Barrister\wiavidoo.dat
2004-08-11 08:40 66 -c--a-w C:\Documents and Settings\MrsO-Barrister\rasmawxe.dat
2004-08-10 20:36 67 -c--a-w C:\Documents and Settings\MrsO-Barrister\sceclp.dat
2004-08-09 22:33 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\mdt2fw9d.dat
2004-08-09 20:16 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\imagr5lr.dat
2004-08-09 09:12 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\diacofrm.dat
2004-08-08 19:01 68 -c--a-w C:\Documents and Settings\MrsO-Barrister\nvwrida.dat
2004-06-22 23:07 12,297,384 ----a-w C:\Program Files\QuickTimeFullInstaller.exe
2004-03-13 23:01 429,216 ----a-w C:\Program Files\Adobe Reader.exe
2003-11-24 19:07 19,894,499 -c--a-w C:\Documents and Settings\MrsO-Barrister\winDVDPlatinum.exe
2003-11-01 23:39 0 -c--a-w C:\Program Files\error.log
2003-11-01 23:36 47,777 -c--a-w C:\Program Files\INSTALL.LOG
2003-09-15 14:53 7,716,864 ----a-w C:\Program Files\Sibelius.exe
2003-09-15 14:49 86,016 ----a-w C:\Program Files\GDIPlusWrapper.dll
2003-09-03 20:37 1,694,551 ----a-w C:\Program Files\Ad-aware for PC Cleanups.exe
2002-07-26 17:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2002-01-24 10:22 686 -c--a-w C:\Program Files\Sibelius.exe.manifest
.

------- Sigcheck -------

2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-04-15 19:50 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-04-15 19:50 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-04-24_12.02.12.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 10:43:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-28 00:44:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-04-19 20:16:23 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-04-25 15:27:41 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-04-28 00:44:21 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5dc.dat
+ 2008-04-28 00:44:25 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_6fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 16:42 75392]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 00:38 968696]
"RegistryMechanic"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-22 15:56 180269]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 15:44 3100672]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 11:38 88584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.cvid"= :iccvid.dll
"VIDC.I420"= :i420vfw.dll
"vidc.iv31"= :ir32_32.dll
"vidc.iv32"= :ir32_32.dll
"vidc.iv41"= :ir41_32.ax
"VIDC.IYUV"= :iyuv_32.dll
"vidc.mrle"= :msrle32.dll
"vidc.msvc"= :msvidc32.dll
"VIDC.UYVY"= :msyuv.dll
"VIDC.YUY2"= :msyuv.dll
"VIDC.YVU9"= :tsbyuv.dll
"VIDC.YVYU"= :msyuv.dll
"vidc.M263"= :msh263.drv
"vidc.M261"= :msh261.drv
"VIDC.MPG4"= :mpg4c32.dll
"VIDC.MP42"= :mpg4c32.dll
"VIDC.WMV3"= :wmv9vcm.dll
"vidc.pivc"= :pivideo.dll
"msacm.vorbis"= :vorbis.acm
"vidc.yv12"= :yv12vfw.dll
"msacm.siren"= :sirenacm.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-11-17 12:53 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 06:42 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SureCleanProfessional]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2007-12-24 15:03 103712 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-22 15:56 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winvnc"=3 (0x3)
"vsmon"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"usnjsvc"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"iPod Service"=3 (0x3)
"FWS"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\UltraVNC\\winvnc.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\PESFan Editor 6\\utorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 17:07]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14:56]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 08:01]
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 15:54]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 14:28]
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-07-26 06:33]
S4 muamgrd;Windows Update Service;C:\WINDOWS\System32\muamgrd.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 02:15:02 C:\WINDOWS\Tasks\FalconSweepDailyScan.job"
- C:\Program Files\FalconSweep\falcon.exe
"2007-08-14 11:42:05 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - user.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-24 08:00:02 C:\WINDOWS\Tasks\{1E28247D-93D9-408E-A528-D633E68F0923}_MAIN_COMPUTER_user.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
"2008-04-24 15:00:01 C:\WINDOWS\Tasks\{2092D156-E375-4157-A104-77B3C778417B}_MAIN_COMPUTER_user.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
"2008-04-18 15:00:00 C:\WINDOWS\Tasks\{E2E8CBD4-2875-4815-85F0-C969B4535C0E}_MAIN_COMPUTER_user.job"
- C:\WINDOWS\system32\mobsync.exeG /Schedule=
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 01:47:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 90

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Completion time: 2008-04-28 2:03:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-28 01:03:32
ComboFix2.txt 2008-04-26 20:52:22
ComboFix3.txt 2008-04-24 15:13:44
ComboFix4.txt 2008-04-24 11:02:55

Pre-Run: 15,970,164,736 bytes free
Post-Run: 15,951,888,384 bytes free

331 --- E O F --- 2008-04-11 18:26:16


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:56:48, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.blueyond...tivePreQual.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17....ex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9721 bytes


#11 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 28 April 2008 - 04:08 AM

Hi


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

    Posted Image


Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here with a new HijackThis log, and tell me how the computer is behaving now.

You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#12 Omideyi

Omideyi

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 28 April 2008 - 11:47 AM

Malwarebytes:

Malwarebytes' Anti-Malware 1.11
Database version: 692

Scan type: Full Scan (C:\|)
Objects scanned: 116001
Time elapsed: 2 hour(s), 51 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 115
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{5f1abcdb-a875-46c1-8345-b72a4567e486} (Adware.ISTBar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:31, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Brownie\brstswnd.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by130fd.bay13...es/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.blueyond...tivePreQual.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17....ex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9590 bytes


#13 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 28 April 2008 - 12:13 PM

Hi

Congratulations, you appear to be malware free. :woot:

Malwarebytes Anti-Malware is a good program to keep. If you wish to keep it, use it to do a quick scan once a week and keep it updated.
Remember, only the paid for version offers real-time protection

Here is another couple of free programs I recommend.

Winpatrol
Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.

Spyware Blaster
SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

You can download SpywareBlaster from Javacool.

If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.


Hosts File
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here is a good Hosts file:

MVPS Hosts File

A tutorial about Hosts File can be found at Malware Removal.


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

Here is some great information from experts in this field that will help you stay clean and safe online.
http://forum.malware...wtopic.php?t=14

Follow this list and your potential for being infected again will reduce dramatically.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#14 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 06 May 2008 - 02:29 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·