Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Fell Prey To Good Ole Virus Protect Pro


  • Please log in to reply
5 replies to this topic

#1 stupidus3r

stupidus3r

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 21 July 2007 - 09:20 PM

I fell prey to virus protect pro and the little shield on the desktop that cycles between an X and a question mark is driving me crazy. and the repeated malware/adware/spyware system alerts. i managed to get rid of the browser hijack and alot of other malware etc. with adaware and spybot i'm at a loss as to what to do next.im posting my hjt logfile as follows.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:46 PM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Ocucom\PreCast\tmon.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\Jason Harrison\Desktop\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\SYSTEM\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Train Your Brain] C:\Program Files\Train Your Brain\TrainYourBrain.exe -minimized
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PreCast Monitor.lnk = C:\Program Files\Ocucom\PreCast\tmon.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1774cbcd76ecaf...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178180034906
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {78D80081-F388-11D3-9161-00105A07EA40} (LEAD MCMP/MJPEG Decoder) - http://www.leadtools.com/cabs/LCODCCMPE.CAB
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://www.legendofares.com/download/mgusamanagerv1001.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin...7207/MILive.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.comcast.net/online2/heavy...aploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: convalescently - {cea2e5cd-e849-427b-80f0-59298caef1c4} - C:\WINDOWS\SYSTEM32\CQSFK.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 16067 bytes

thanks in advance.

Edited by stupidus3r, 21 July 2007 - 09:23 PM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 22 July 2007 - 10:13 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum stupidus3r :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


-----------------------------------------------------

Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option 1 Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy and paste the content of that report into your next reply.

*IMPORTANT*
Do NOT run any other options until you are asked to do so!

Also post a fresh Hijackthis log.
Posted Image
Posted Image

#3 stupidus3r

stupidus3r
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 23 July 2007 - 05:51 PM

here ya go all 3

"Jason Harrison" - 2007-07-23 18:20:24 - ComboFix 07-07-24 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\1.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\1055937.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\1383602.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\236039.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\2451.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\2883904.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\2884308.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\2894190.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\2896152.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\324915.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\392312.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\566217.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\573421.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\596022.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\698191.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\761071.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\819382.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\880604.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\933136.sdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\domains.txt
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\hstat\335c.dat
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\13546
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\13615
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\13617
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\13939
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\1491
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\1509
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\184591
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\18721
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\21017
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\21895
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\22254
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\24337
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\246310
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\251949
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\26736
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\28049
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\28185
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\288733
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\29115
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\29642
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\32276
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\32812
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\33420
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\34250
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\34952
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\35047
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\352
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\35804
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\359772
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\36079
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\41347
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\41999
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\42376
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\42425
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\43638
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\43979
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\45157
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\45833
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\465259
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\46777
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\50056
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\51666
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\526389
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\54189
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\5508
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\578150
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\579123
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\58804
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\58946
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\59844
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\60425
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\61779
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\6292
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\6304
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\63770
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\63930
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\63989
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\64678
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\64944
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\65019
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\6565
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\65719
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\6635
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\66855
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\6704
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\67226
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\67491
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\6915
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\69929
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\72072
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\73922
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\74576
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\7482
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\7652
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\78237
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\79596
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\80567
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\80576
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\80670
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\82723
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\8290
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\86379
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\87385
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\87995
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\89075
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\8941
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\90040
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\90195
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\90311
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\90833
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\91224
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\92893
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\93568
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\93899
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\94125
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\94789
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\95645
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\95849
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\96961
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\97656
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\TooltipXML\9974
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\dynamic\ustat\335c.dat
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\ads.cdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\btntrans.idx
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\btntrans1.dat
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\business_promo.htm
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\buttondir.txt
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\components.cdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\default.cdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_greencard.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_new.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\icons2.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\keywords.idx
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\keywords1.dat
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\layout.cdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\progress.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\sales_buttons.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\t2_bg.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\theweb.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\top7.cdf
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\1\tsd_bg.res
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\country.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\default.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
C:\DOCUME~1\MELIND~1\APPLIC~1\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
C:\WINDOWS\DOWNLO~1.\Temp
C:\WINDOWS\rundll32.exe


((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))


2007-07-23 18:19 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-22 20:25 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-07-22 06:05 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-07-22 06:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-07-22 06:04 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-07-22 06:04 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-07-22 06:04 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-07-22 06:04 6,725,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-22 06:04 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-07-22 06:03 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-07-22 06:02 <DIR> d-------- C:\WINDOWS\system32\Zonelabs
2007-07-22 06:02 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-07-22 02:09 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-22 01:43 4,848 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-22 00:11 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-21 23:28 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-07-21 22:53 <DIR> d-------- C:\!KillBox
2007-07-21 21:43 <DIR> d-------- C:\DOCUME~1\JASONH~1\.housecall6.6
2007-07-21 19:07 67,024 --a------ C:\WINDOWS\system32\CloseAll.exe
2007-07-21 19:07 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-07-21 19:07 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-21 19:07 1,044,480 --a------ C:\WINDOWS\system32\VchReg.dll
2007-07-21 19:07 <DIR> d-------- C:\Program Files\SpywareDetector
2007-07-21 18:46 <DIR> d-------- C:\DOCUME~1\JASONH~1\APPLIC~1\STOPzilla!
2007-07-21 18:42 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-21 15:50 <DIR> d-------- C:\Program Files\STOPzilla!
2007-07-21 15:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-07-21 15:37 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-07-21 15:36 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-07-21 15:36 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-07-21 15:36 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-07-21 07:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-21 07:59 <DIR> d-------- C:\DOCUME~1\JASONH~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-21 07:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-21 07:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-21 03:02 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-20 23:49 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-19 08:41 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-19 08:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-19 08:24 <DIR> d-------- C:\DOCUME~1\JASONH~1\APPLIC~1\Terrapin
2007-07-19 08:24 <DIR> d-------- C:\DOCUME~1\JASONH~1\APPLIC~1\PreCast
2007-07-17 05:48 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-07-16 19:48 <DIR> d-------- C:\Program Files\Raven
2007-07-16 19:47 <DIR> d-------- C:\TempEliteForceSetup
2007-07-15 23:06 <DIR> d-------- C:\DOCUME~1\JASONH~2\APPLIC~1\Logitech
2007-07-14 07:29 <DIR> d-------- C:\DOCUME~1\MELIND~1\APPLIC~1\Logitech
2007-07-13 14:26 <DIR> d-------- C:\DOCUME~1\JASONH~1\APPLIC~1\Logitech
2007-07-13 14:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
2007-07-13 14:25 79,376 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-07-13 14:25 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-07-13 14:25 63,248 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2007-07-13 14:25 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-07-13 14:25 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-07-13 14:25 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-07-13 14:25 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-07-13 14:25 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-07-13 14:25 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-13 14:25 <DIR> d-------- C:\DOCUME~1\JASONH~1\APPLIC~1\InstallShield
2007-07-13 14:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-07-12 22:48 <DIR> d-------- C:\DOCUME~1\JASONH~1\APPLIC~1\vlc
2007-07-10 16:28 <DIR> d-------- C:\DOCUME~1\JASONH~1\APPLIC~1\Skype
2007-07-04 22:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-07-01 03:27 <DIR> d-------- C:\WINDOWS\system32\Logs
2007-07-01 03:27 <DIR> d-------- C:\DOCUME~1\JASONH~1\APPLIC~1\tunebite
2007-07-01 03:26 <DIR> d-------- C:\Program Files\Tunebite
2007-07-01 03:20 <DIR> d-------- C:\Converted
2007-07-01 03:19 513,152 --a------ C:\WINDOWS\system32\drivers\SndTDriverV32.sys
2007-06-29 18:25 <DIR> d-------- C:\Program Files\blender-2.44-windows
2007-06-28 01:08 56,832 --------- C:\WINDOWS\system32\mwace.dll
2007-06-28 01:08 238,080 --------- C:\WINDOWS\system32\mwgfx24.dll
2007-06-28 01:08 183,296 --------- C:\WINDOWS\system32\mwgfx.dll
2007-06-28 01:08 104,448 --------- C:\WINDOWS\system32\mwdds.dll
2007-06-28 01:08 <DIR> d-------- C:\Graphics
2007-06-26 19:58 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2007-06-26 19:58 46,592 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2007-06-26 19:58 39,552 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2007-06-26 19:58 37,248 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2007-06-26 19:58 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2007-06-26 19:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SRS Labs
2007-06-26 04:42 <DIR> d-------- C:\Program Files\MTV Networks
2007-06-26 03:22 <DIR> d-------- C:\Program Files\Any Image
2007-06-26 02:42 <DIR> d-------- C:\Program Files\Image Eye
2007-06-24 10:29 286,720 --a------ C:\WINDOWS\system32\cnvshell.dll
2007-06-24 10:29 <DIR> d-------- C:\Program Files\ImageConverter Plus
2007-06-24 10:21 <DIR> d-------- C:\Program Files\DDS Converter 2
2007-06-24 10:15 <DIR> d-------- C:\Program Files\Presets
2007-06-24 10:15 <DIR> d-------- C:\Program Files\Plug-Ins
2007-06-24 10:13 <DIR> d-------- C:\DOCUME~1\JASONH~1\.thumbnails
2007-06-24 10:13 <DIR> d-------- C:\DOCUME~1\JASONH~1\.gimp-2.2
2007-06-23 04:30 90,112 --a------ C:\WINDOWS\system32\custmon2k.dll
2007-06-23 04:30 53,248 --a------ C:\WINDOWS\system32\uninstpw.exe
2007-06-23 04:29 24,576 --a------ C:\WINDOWS\system32\custsave.exe
2007-06-23 04:29 <DIR> d-------- C:\Program Files\PDF Writer
2007-06-23 04:29 <DIR> d-------- C:\Program Files\gs
2007-06-23 04:27 <DIR> d-------- C:\Program Files\Planetwide Games


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-23 13:30:50 18,116 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-07-23 00:25:55 -------- d-----w C:\Program Files\Skype
2007-07-22 10:13:22 -------- d-----w C:\Program Files\McAfee.com
2007-07-22 09:23:18 -------- d-----w C:\Program Files\Winamp
2007-07-22 09:22:41 -------- d-----w C:\Program Files\WinAce
2007-07-22 09:09:35 -------- d-----w C:\Program Files\Messenger
2007-07-22 09:07:49 -------- d-----w C:\Program Files\Lexmark X1100 Series
2007-07-22 09:04:09 -------- d-----w C:\Program Files\iTunes
2007-07-22 09:02:55 -------- d-----w C:\Program Files\Google
2007-07-22 05:15:27 -------- d-----w C:\DOCUME~1\JASONH~1\APPLIC~1\Azureus
2007-07-22 03:28:15 -------- d-----w C:\Program Files\Common Files\Download Manager
2007-07-20 22:13:49 -------- d-----w C:\Program Files\Common Files\Logitech
2007-07-19 12:43:25 -------- d-----w C:\Program Files\QuickTime
2007-07-17 09:36:49 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-07-17 02:53:52 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-16 23:47:02 -------- d-----w C:\DOCUME~1\JASONH~1\APPLIC~1\IGN_DLM
2007-07-14 09:28:35 -------- d-----w C:\DOCUME~1\JASONH~1\APPLIC~1\Real
2007-07-13 18:25:17 -------- d-----w C:\Program Files\Logitech
2007-07-05 02:34:52 -------- d-----w C:\Program Files\Azureus
2007-06-28 11:06:56 -------- d-----w C:\DOCUME~1\JASONH~1\APPLIC~1\gtk-2.0
2007-06-24 14:15:33 -------- d-----w C:\Program Files\NVIDIA Corporation
2007-06-23 00:57:21 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-06-19 15:25:47 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-19 15:17:28 -------- d-----w C:\Program Files\Illusion
2007-06-19 12:25:19 -------- d-----w C:\Program Files\Origin Systems
2007-06-19 09:17:52 -------- d-----w C:\Program Files\America's Army
2007-06-19 09:16:00 -------- d-----w C:\Program Files\Comcast Play Games
2007-06-19 09:15:57 -------- d-----w C:\Program Files\Common Files\Oberon Media
2007-06-16 20:29:29 -------- d-----w C:\Program Files\GlideWrapper
2007-06-16 20:25:26 -------- d-----w C:\DOCUME~1\JASONH~1\APPLIC~1\Winamp
2007-06-16 15:53:19 -------- d-----w C:\DOCUME~1\JASONH~1\APPLIC~1\TrainYourBrain
2007-06-13 05:05:05 215,552 ----a-w C:\WINDOWS\system32\osk.exe
2007-06-09 12:01:45 -------- d-----w C:\Program Files\Infogrames
2007-06-08 22:37:05 -------- d-----w C:\DOCUME~1\JASONH~1\APPLIC~1\DiVision Studios XAvenger
2007-06-04 04:13:27 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-31 18:47:50 -------- d-----w C:\Program Files\Quick Screen Capture
2007-05-31 18:05:42 -------- d-----w C:\DOCUME~1\JASONH~1\APPLIC~1\FastStone
2007-05-26 04:50:57 -------- d-----w C:\Program Files\3D MP3 Sound Recorder G2
2007-05-26 04:28:21 -------- d-----w C:\Program Files\Zeallsoft
2007-05-26 04:23:54 -------- d-----w C:\Program Files\MagicSofts
2007-05-26 02:14:29 -------- d-----w C:\Program Files\eBay
2007-05-23 04:52:47 -------- d-----w C:\Program Files\Transparent
2007-05-20 05:57:55 80 --sh--r C:\WINDOWS\system32\D3260F09C2.dll
2007-05-20 04:56:47 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-05-20 04:56:47 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 23:34:37 1,024 ----a-w C:\WINDOWS\system32\Image2PDF.dat
2007-05-11 17:54:15 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-11 04:37:15 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-11 04:37:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-04-25 21:02:04 262,240 ----a-w C:\WINDOWS\system32\MILiveDownload3.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:24 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2005-09-11 11:10:27 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-05-13 21:12:00 217,073 -csha-r C:\WINDOWS\meta4.exe
2005-10-24 15:13:58 66,560 -csha-r C:\WINDOWS\MOTA113.exe
2005-10-14 01:27:00 422,400 -csha-r C:\WINDOWS\x2.64.exe
2005-10-07 23:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 16:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 19:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 02:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 04:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 14:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 17:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 04:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 10:18]
"SmartGuardian"="C:\Program Files\ITE\Smart Guardian\ITESmart.exe" [2003-09-30 21:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 06:36]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 13:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-11 05:52]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 05:50 C:\WINDOWS\LOGI_MWX.EXE]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-01 11:01]
"LoadPowerProfile"="powrprof.dll" [2004-08-04 08:00 C:\WINDOWS\system32\powrprof.dll]
"@"="" []
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2005-01-18 12:32]
"Train Your Brain"="C:\Program Files\Train Your Brain\TrainYourBrain.exe" [2007-02-11 21:04]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-05-04 17:39]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 18:22]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-21 03:06]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-22 05:57]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 04:04]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-03-01 20:38]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-13 13:47]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 17:57]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 18:29]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=mstask.exe
"winmodem"=WINMODEM.101\wmexe.exe
"TrueVector"=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-04-13 13:47:17]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-08-11 03:22:40]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-01 20:38:41]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-13 14:25:32]
PreCast Monitor.lnk - C:\Program Files\Ocucom\PreCast\tmon.exe [2007-05-09 14:25:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys
R1 FsVga;FsVga;C:\WINDOWS\system32\DRIVERS\fsvga.sys
R1 mnmdd;mnmdd;C:\WINDOWS\system32\drivers\mnmdd.sys
R1 NetworkX;NetworkX;C:\WINDOWS\system32\ckldrv.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R1 stltrack;stltrack;C:\WINDOWS\system32\drivers\stltrack.sys
R1 vcdrom;Virtual CD-ROM Device Driver;\??\C:\Documents and Settings\Jason Harrison\Desktop\VCdRom.sys
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;C:\WINDOWS\system32\drivers\ws2ifsl.sys
R2 GenPort;GenPort;C:\WINDOWS\system32\drivers\GenPort.sys
R2 lanmanserver;Server;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 LanmanWorkstation;Workstation;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 MapMem;MapMem;C:\WINDOWS\system32\drivers\MapMem.sys
R2 NTRemap;NTRemap;C:\WINDOWS\system32\drivers\NTRemap.sys
R2 winmgmt;Windows Management Instrumentation;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 X4HSX32;X4HSX32;\??\C:\Program Files\Comcast Games on Demand\X4HSX32.Sys
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
R3 iteio;iteio;\??\C:\WINDOWS\system32\drivers\iteio.sys
R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
R3 LMouKE;SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.sys
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 nvnforce;Service for NVIDIA® nForce™ Audio;C:\WINDOWS\system32\drivers\nvapu.sys
R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;C:\WINDOWS\system32\drivers\wdmaud.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S2 InCDsrvR;InCD Helper (read only);C:\Program Files\Ahead\InCD\InCDsrv.exe -r
S2 stltrk2k;STLTR2K;C:\WINDOWS\system32\Drivers\stltrk2k.sys
S3 Bridge;MAC Bridge;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\EagleNT.sys
S3 epcfw2k;SCM Parallel Port CF Driver;C:\WINDOWS\system32\DRIVERS\epcfw2k.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 irsir;Microsoft Serial Infrared Driver;C:\WINDOWS\system32\DRIVERS\irsir.sys
S3 mnmsrvc;NetMeeting Remote Desktop Sharing;C:\WINDOWS\system32\mnmsrvc.exe
S3 ndiscm;Motorola USB Cable Modem Windows Driver;C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys
S3 XTrapD12;XTrapD12;\??\C:\Program Files\Legend Of Ares\\XTrap\XTrapD12.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\shellout.exe START.html

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
AutoRun\command- X:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10858c4f-cebd-11d9-b1ae-806d6172696f}]
AutoRun\command- D:\SETUP.EXE /UPDATE


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AppletsPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\FontsPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MmoptRegisterPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MotownAvivideoPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MotownMmsysPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MotownMPlayPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MotownRecPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsAolPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsAttPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsCompuservePerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 C:\WINDOWS\INF\ols.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsMsnPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsProdigyPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUserOldLinks
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Base
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Calc_Inis
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_CDPlayer_Inis
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_CVT_Inis
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Dialer_Inis
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_ICW_Inis
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_LinkBar_URLs
C:\WINDOWS\COMMAND\sulfnbk.exe /L

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Msinfo
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Msinfo2
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_MSWordPad_Inis
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Paint_Inis
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_RNA_Inis
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Vol
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_winapps_Links
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_winbase_Links
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Wingames_Inis
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\appletpp.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\SetupcPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Shell2PerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ShellPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\TapiPerUser
rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msimn.inf,User.Install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
C:\WINDOWS\SYSTEM\ie4uinit.exe
C:\WINDOWS\SYSTEM\IE4UINIT.EXE

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4395}
rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

Contents of the 'Scheduled Tasks' folder
2007-07-19 12:42:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-13 06:00:02 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (JCOMPUTER-Melinda Harrison).job
2007-07-23 22:02:21 C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 18:33:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\x00a80\x00ed0;S]
"Order"=hex:08,00,00,00,02,00,00,00,f8,00,00,00,01,00,00,00,02,00,00,00,6e,..

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-23 18:35:47
C:\ComboFix-quarantined-files.txt ... 2007-07-23 18:35

--- E O F ---

SmitFraudFix v2.206

Scan done at 18:45:20.51, Mon 07/23/2007
Run from C:\Documents and Settings\Jason Harrison\Desktop\Installs\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Zonelabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Ocucom\PreCast\tmon.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Jason Harrison


C:\Documents and Settings\Jason Harrison\Application Data


Start Menu


C:\DOCUME~1\JASONH~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


Rustock



DNS

Description: ADMtek AN983 based ethernet adapter - Packet Scheduler Miniport
DNS Server Search Order: 68.87.71.226
DNS Server Search Order: 68.87.73.242

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D17C1D26-E3AF-49C9-B8DF-240C7E306ED3}: DhcpNameServer=68.87.71.226 68.87.73.242
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D17C1D26-E3AF-49C9-B8DF-240C7E306ED3}: DhcpNameServer=68.87.71.226 68.87.73.242
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D17C1D26-E3AF-49C9-B8DF-240C7E306ED3}: DhcpNameServer=68.87.71.226 68.87.73.242
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242


Scanning for wininet.dll infection


End


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:00 PM, on 7/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Zonelabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Ocucom\PreCast\tmon.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Jason Harrison\Desktop\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [Train Your Brain] C:\Program Files\Train Your Brain\TrainYourBrain.exe -minimized
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-602162358-1957994488-682003330-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Melinda Harrison')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PreCast Monitor.lnk = C:\Program Files\Ocucom\PreCast\tmon.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1774cbcd76ecaf...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178180034906
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {78D80081-F388-11D3-9161-00105A07EA40} (LEAD MCMP/MJPEG Decoder) - http://www.leadtools.com/cabs/LCODCCMPE.CAB
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://www.legendofares.com/download/mgusamanagerv1001.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin...7207/MILive.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.comcast.net/online2/heavy...aploader_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\Zonelabs\vsmon.exe

--
End of file - 14563 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 24 July 2007 - 04:34 AM

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Also post a new Hijackthis log.
Let me know how your pc is running now.
Posted Image
Posted Image

#5 stupidus3r

stupidus3r
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 24 July 2007 - 01:05 PM

heres drweb-cureit log file


RegUBP2b-Jason Harrison.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots;Trojan.StartPage.1505;Deleted.;
Process.exe;C:\Documents and Settings\Jason Harrison\Desktop\Installs\SmitfraudFix;Tool.Prockill;Moved.;
restart.exe;C:\Documents and Settings\Jason Harrison\Desktop\Installs\SmitfraudFix;Tool.ShutDown.11;Moved.;
pv.exe;C:\Documents and Settings\Jason Harrison\Desktop\smitRem;Program.PrcView.3741;Moved.;
(Part2) .wmv;C:\Documents and Settings\jason harrison2\Desktop\Drivef\Installs;Trojan.Isbar.389;Deleted.;
(part9).wmv;C:\Documents and Settings\jason harrison2\Desktop\Drivef\Installs;Trojan.Isbar.389;Deleted.;
MiniBugTransporter.dll;C:\Program Files\Common Files\Real\WeatherBug;Adware.Minibug;Moved.;
A0044663.dll;C:\System Volume Information\_restore{382F652B-2210-4BC5-9FEE-58D819B04A8F}\RP128;Trojan.StartPage.20245;Deleted.;
A0044679.dll;C:\System Volume Information\_restore{382F652B-2210-4BC5-9FEE-58D819B04A8F}\RP128;Trojan.StartPage.20245;Deleted.;
A0044689.dll;C:\System Volume Information\_restore{382F652B-2210-4BC5-9FEE-58D819B04A8F}\RP128;Trojan.DownLoader.28660;Deleted.;
A0044698.dll;C:\System Volume Information\_restore{382F652B-2210-4BC5-9FEE-58D819B04A8F}\RP128;Trojan.StartPage.20245;Deleted.;
A0044730.exe\data002;C:\System Volume Information\_restore{382F652B-2210-4BC5-9FEE-58D819B04A8F}\RP128\A0044730.exe;Trojan.StartPage.20245;;
A0044730.exe;C:\System Volume Information\_restore{382F652B-2210-4BC5-9FEE-58D819B04A8F}\RP128;Archive contains infected objects;Moved.;
A0044749.dll;C:\System Volume Information\_restore{382F652B-2210-4BC5-9FEE-58D819B04A8F}\RP128;Trojan.StartPage.20245;Deleted.;
A0046943.dll;C:\System Volume Information\_restore{382F652B-2210-4BC5-9FEE-58D819B04A8F}\RP138;Trojan.DownLoader.28671;Deleted.;
A0047213.exe;C:\System Volume Information\_restore{382F652B-2210-4BC5-9FEE-58D819B04A8F}\RP139;Tool.Prockill;Moved.;
A0047215.exe;C:\System Volume Information\_restore{382F652B-2210-4BC5-9FEE-58D819B04A8F}\RP139;Tool.ShutDown.11;Moved.;
A0051158.reg;C:\System Volume Information\_restore{382F652B-2210-4BC5-9FEE-58D819B04A8F}\RP141;Trojan.StartPage.1505;Deleted.;
popcaploader.dll;C:\WINDOWS\Downloaded Program Files;Program.PopcapLoader;Moved.;

and hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:45 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Zonelabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Ocucom\PreCast\tmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jason Harrison\Desktop\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [Train Your Brain] C:\Program Files\Train Your Brain\TrainYourBrain.exe -minimized
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PreCast Monitor.lnk = C:\Program Files\Ocucom\PreCast\tmon.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/C...22/ComCtl32.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1774cbcd76ecaf...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178180034906
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {78D80081-F388-11D3-9161-00105A07EA40} (LEAD MCMP/MJPEG Decoder) - http://www.leadtools.com/cabs/LCODCCMPE.CAB
O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://www.legendofares.com/download/mgusamanagerv1001.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin...7207/MILive.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.comcast.net/online2/heavy...aploader_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\Zonelabs\vsmon.exe

--
End of file - 14954 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 24 July 2007 - 03:34 PM

Please disable Spybot S&Ds protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Reboot the computer.

If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm

---------------------------------------------------------

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

---------------------------------------------------------

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
SmitfraudFix

C:\!KillBox
C:\QOOBOX
C:\Documents and Settings\userprofile\DoctorWeb

---------------------------------------------------------

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

--------------------------------------------------------

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

--------------------------------------------------------

Enable Spybot S&Ds protection.

--------------------------------------------------------

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users