Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log - Redirections From Google


  • Please log in to reply
6 replies to this topic

#1 bizzle2

bizzle2

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 22 July 2007 - 05:55 AM

Hi everyone, I have a Hijackthis log here... I have done so many spyware adware scans etc, but nothing seems to be able to pick out my redirections from google, happening about every other click from the results page to random websites and this spoof advertsing website. I would be so greatful if anyone could help! Thanks!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:16 AM, on 22/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\gigabeat room 3.0\TosGbWatcher.exe
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\MYSECR~1\MSFMON.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\4t Tray Minimizer\4t-min.exe
C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\DOWNLO~1\fdm.exe
C:\PROGRA~1\MICFE0~1\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.44.69.57:3129
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEbho Class - {68C55168-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\Inline Search\InlineSearch.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Download Manager\iefdmcks.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\Toshiba\gigabeat room 3.0\TosGbWatcher.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe
O4 - Startup: AutorunsDisabled
O4 - Startup: Find And Run Robot - SystemTray Trigger.lnk = C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Windows Live™ Messenger.lnk = C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Download Manager\dlall.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Download Manager\dllink.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICFE0~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICFE0~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICFE0~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168278964406
O16 - DPF: {7C405D1B-4007-11D3-8B8E-00104B3E656F} (SBCRecorderPlayer Control) - https://www.vodafone.net/VoiceRecorder/SBCRP.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - http://my.ebay.co.uk/ws/eBayISAPI.dll?MyeBay&MyeBay=

--
End of file - 10446 bytes

Edited by bizzle2, 22 July 2007 - 09:22 AM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 22 July 2007 - 09:37 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum bizzle2 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download and run Fixwareout from the link below:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


Also post a fresh Hijackthis log please.
Posted Image
Posted Image

#3 bizzle2

bizzle2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 22 July 2007 - 10:34 AM

Thanks Richie. here is the Fixwareout log, and I am doing the combofix now.

--------



Username "Jamie" - 2007-07-22 16:09:55 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdrsc.exe"

Could not flush the DNS Resolver Cache: Function failed during execution.
System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\Temp\kdrsc.ren 65991 10/08/2004

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"TosGbWatcher"="\"C:\\Program Files\\Toshiba\\gigabeat room 3.0\\TosGbWatcher.exe\""
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"MSF_Monitor"="C:\\PROGRA~1\\MYSECR~1\\MSFMON.exe /Start"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"BootSkin Startup Jobs"="\"C:\\Program

Files\\Stardock\\WinCustomize\\BootSkin\\BootSkin.exe\" /StartupJobs"
"CameraFixer"="C:\\WINDOWS\\CameraFixer.exe"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"snp2std"="C:\\WINDOWS\\vsnp2std.exe"
"tsnp2std"="C:\\WINDOWS\\tsnp2std.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"TuneUp MemOptimizer"="\"C:\\Program Files\\TuneUp Utilities 2007

\\MemOptimizer.exe\" autostart"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
»»»»» End report »»»»»

#4 bizzle2

bizzle2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 22 July 2007 - 10:51 AM

Combofix log:




---

"Jamie" - 2007-07-22 16:35:15 - ComboFix 07-07-22.4 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-06-22 to 2007-07-22 )))))))))))))))))))))))))))))))


2007-07-22 16:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-22 16:09 11,571 --a--c--- C:\dnsbak.reg
2007-07-22 15:34 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-07-22 15:33 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-07-22 15:33 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\SiteAdvisor
2007-07-22 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-07-22 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-22 15:30 <DIR> d-------- C:\Program Files\AdIeFiltr
2007-07-22 01:10 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-22 00:51 <DIR> d-------- C:\Program Files\NoAd HOSTS file
2007-07-22 00:44 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\abelhadigital.com
2007-07-22 00:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\abelhadigital.com
2007-07-20 23:24 <DIR> d-------- C:\Program Files\XP Codec Pack
2007-07-20 17:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
20If a 07-07-20 17:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-20 17:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-19 11:35 <DIR> d-------- C:\Program Files\MCEDev.com
2007-07-19 01:00 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-19 01:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-18 23:37 <DIR> d-------- C:\Program Files\Browser Hijack Recover
2007-07-18 15:23 <DIR> d-------- C:\WINDOWS\system32\quicktime
2007-07-18 15:23 <DIR> d-------- C:\Program Files\AVI Codec Pack
2007-07-18 15:19 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\DivX
2007-07-17 23:10 <DIR> d-------- C:\Program Files\Ghost Recon
2007-07-17 14:24 57,344 --a------ C:\WINDOWS\system32\CZDrv.dll
2007-07-17 14:24 <DIR> d-------- C:\WINDOWS\system32\Scripts
2007-07-17 11:43 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-07-17 11:43 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-07-17 11:43 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-07-17 11:43 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-07-17 11:43 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-07-17 11:43 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-17 11:43 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-07-17 11:43 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-07-17 11:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-07-17 11:40 <DIR> d----c--- C:\Downloads
2007-07-17 00:45 <DIR> d-------- C:\Program Files\Inline Search
2007-07-16 23:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-16 20:18 <DIR> d-------- C:\DOCUME~1\Jamie\Recorded TV
2007-07-16 20:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-16 20:11 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\SUPERAntiSpyware.com
2007-07-16 17:55 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-16 17:07 94,208 --a------ C:\WINDOWS\amcap.exe
2007-07-16 17:07 8,816,128 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2007-07-16 17:07 73,728 --a------ C:\WINDOWS\system32\vsnp2std.dll
2007-07-16 17:07 49,152 --a------ C:\WINDOWS\system32\rsnp2std.dll
2007-07-16 17:07 45,056 --a------ C:\WINDOWS\system32\csnp2std.dll
2007-07-16 17:07 349,472 --a------ C:\WINDOWS\WindowsXP-KB822603-x86.exe
2007-07-16 17:07 339,968 --a------ C:\WINDOWS\vsnp2std.exe
2007-07-16 17:07 24,576 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2007-07-16 17:07 20,480 --a------ C:\WINDOWS\usnp2std.exe
2007-07-16 17:07 106,496 --a------ C:\WINDOWS\tsnp2std.exe
2007-07-16 17:07 <DIR> d-------- C:\Program Files\Common Files\snp2std
2007-07-16 17:06 20,480 --------- C:\WINDOWS\CameraFixer.exe
2007-07-13 11:46 <DIR> d-------- C:\Program Files\Cimaware
2007-07-13 11:46 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\MAPILab Ltd
2007-07-13 11:45 <DIR> d-------- C:\Program Files\DS Development
2007-07-13 11:31 10,223,616 --a------ C:\DOCUME~1\Jamie\ntuser.dat
2007-07-12 23:57 <DIR> d-------- C:\Program Files\OfficeRecovery
2007-07-12 19:22 <DIR> d-------- C:\Program Files\XLS Regenerator
2007-07-12 19:18 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\Cimaware
2007-07-12 17:53 <DIR> d-------- C:\Program Files\ABC Amber Excel Converter
2007-07-11 12:48 <DIR> d-------- C:\DOCUME~1\Jamie\APPLIC~1\DS Development
2007-07-11 12:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DS Development
2007-07-11 00:59 676,224 --a------ C:\WINDOWS\system32\Copy (2) of OGACheckControl.DLL
2007-07-10 13:36 <DIR> d-------- C:\Program Files\DriverGenius
2007-07-10 12:20 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-07-10 12:17 <DIR> d-------- C:\Program Files\Microsoft Calculator Plus
2007-07-10 12:09 676,224 --a------ C:\WINDOWS\system32\Copy of OGACheckControl.DLL
2007-07-09 23:35 <DIR> d-------- C:\Program Files\Windows Live
2007-07-09 23:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2007-07-09 23:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
2007-07-09 20:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-09 20:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 20:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 20:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-09 20:05 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 20:05 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 20:05 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 20:05 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-09 20:05 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-09 20:05 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-09 20:05 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-09 20:05 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-09 20:05 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-09 20:05 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-09 20:05 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-09 20:05 124,472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-09 20:05 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-09 18:00 <DIR> d-ahs---- C:\WINDOWS\Repair
2007-07-09 17:57 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-07-09 00:23 <DIR> d-------- C:\Program Files\QK SMTP Server 3
2007-07-03 18:43 <DIR> d-------- C:\WINDOWS\lhsp
2007-07-03 18:42 <DIR> d-------- C:\Program Files\ZebSpeech 2.0.0
2007-07-03 18:36 <DIR> d-------- C:\WINDOWS\speech
2007-06-24 18:29 <DIR> d-------- C:\Program Files\GTA 3
2007-06-24 18:28 <DIR> d-------- C:\Program Files\Website
2007-06-24 18:28 <DIR> d-------- C:\Program Files\txd
2007-06-24 18:28 <DIR> d-------- C:\Program Files\TEXT
2007-06-24 18:28 <DIR> d-------- C:\Program Files\skins


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-22 15:10:14 -------- d-----w C:\DOCUME~1\Jamie\APPLIC~1\Free Download Manager
2007-07-20 16:36:31 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-20 12:10:19 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-20 10:30:46 -------- d-----w C:\Program Files\Google
2007-07-18 23:28:30 -------- d-----w C:\Program Files\Real
2007-07-18 14:15:55 -------- d-----w C:\Program Files\DivX
2007-07-17 13:42:17 81,920 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-07-12 16:06:27 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
2007-07-12 11:11:14 -------- d-----w C:\Program Files\LDC Driving Test 3-in-1
2007-07-10 23:01:59 -------- d-----w C:\Program Files\Alpha Prime
2007-07-10 22:51:57 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2007-07-10 14:17:42 -------- d-----w C:\Program Files\Microsoft Bootvis
2007-07-09 14:42:15 -------- d-----w C:\Program Files\LDC Driving Test eXtra 2006
2007-07-04 08:38:14 -------- d-----w C:\Program Files\AutoHotkey
2007-06-29 10:17:17 4 -c----w C:\DOCUME~1\Jamie\APPLIC~1\wklnhst.dat
2007-06-22 17:13:28 -------- d-----w C:\Program Files\DVDlabPro2
2007-06-20 17:17:05 -------- d-----w C:\Program Files\RegistryFix
2007-06-20 10:26:33 1,324 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-19 21:48:06 -------- d-----w C:\Program Files\FEAR
2007-06-19 18:01:58 -------- d-----w C:\DOCUME~1\Jamie\APPLIC~1\DMCache
2007-06-18 07:45:35 -------- d-----w C:\Program Files\Common Files\Stardock
2007-06-17 13:27:31 -------- d-----w C:\Program Files\Stardock
2007-06-16 17:44:36 -------- d-----w C:\Program Files\T&L Emulator
2007-06-09 22:54:17 -------- d-----w C:\DOCUME~1\Jamie\APPLIC~1\Viewpoint
2007-06-08 13:49:12 -------- d-----w C:\Program Files\Download Manager
2007-06-07 19:10:48 20,480 ----a-w C:\WINDOWS\system32\ac3config.exe
2007-06-04 14:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 14:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 14:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-01 07:20:30 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-05-30 10:55:14 -------- d-----w C:\Program Files\Media Center Playlist Editor
2007-05-28 23:14:59 -------- d-----w C:\Program Files\Paint.NET
2007-05-28 22:39:26 -------- d-----w C:\Program Files\Messenger
2007-05-28 18:24:43 -------- d-----w C:\Program Files\Media Center Alarm Clock
2007-05-28 18:24:07 -------- d-----w C:\Program Files\MCEBrowser
2007-05-28 18:23:41 -------- d-----w C:\Program Files\mceWeather
2007-05-28 18:21:48 -------- d-----w C:\DOCUME~1\Jamie\APPLIC~1\SoundSpectrum
2007-05-28 18:20:10 -------- d-----w C:\Program Files\SoundSpectrum
2007-05-28 18:18:46 -------- d-----w C:\Program Files\Photo Story 3 for Windows
2007-05-28 18:18:18 -------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-05-27 03:17:32 676,224 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2007-05-26 23:07:19 -------- d-----w C:\DOCUME~1\Jamie\APPLIC~1\Technology Lighthouse
2007-05-22 09:09:48 -------- d-----w C:\Program Files\Microsoft Silverlight
2007-05-17 17:24:01 249,856 ------w C:\WINDOWS\Setup1.exe
2007-05-17 17:24:00 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 16:03:37 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2007-05-05 17:47:47 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-05-02 17:48:22 557,056 ----a-w C:\WINDOWS\system32\AltST.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 11:50:36 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-22 12:43:55 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-04-22 12:43:55 114,688 ----a-w C:\WINDOWS\system32\ct_oal.dll
2007-04-19 15:28:04 784 -c----w C:\DOCUME~1\Jamie\APPLIC~1\mpauth.dat
2007-03-28 11:28:04 64,512 -c-h--w C:\DOCUME~1\Jamie\APPLIC~1\dach100.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-04-21 06:38]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-04-21 06:38]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 16:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"TosGbWatcher"="C:\Program Files\Toshiba\gigabeat room 3.0\TosGbWatcher.exe" [2005-11-07 04:00]
"MSF_Monitor"="C:\PROGRA~1\MYSECR~1\MSFMON.exe" [2006-07-31 00:00]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 17:21]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 16:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-06-01 08:21]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=0 (0x0)
"NoStrCmpLogical"=0 (0x0)
"NoClose"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoInternetOpenWith"=1 (0x1)
"NoBandCustomize"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoClose"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoStartBanner"=00000000
"NoWelcomeScreen"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoDesktopCleanupWizard"=0 (0x0)
"NoSharedDocuments"=0 (0x0)
"NoThemesTab"=1 (0x1)
"ForceClassicControlPanel"=0 (0x0)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoInternetOpenWith"=1 (0x1)
"NoToolbarCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL_Demo]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

achernar - System32\Drivers\Achernar.sys - Achernar - SCSI Command Filters
agpcpq - system32\DRIVERS\agpCPQ.sys - Compaq AGP Bus Filter
bootscreen - \SystemRoot\System32\drivers\vidstub.sys
btserial - \??\C:\WINDOWS\system32\drivers\btserial.sys - Bluetooth Serial Driver
btslbcsp - \??\C:\WINDOWS\system32\drivers\btslbcsp.sys - Bluetooth Port Client Driver
ehrecvr - C:\WINDOWS\eHome\ehRecvr.exe - Media Center Receiver Service
ehsched - C:\WINDOWS\eHome\ehSched.exe - Media Center Scheduler Service
iastor - SYSTEM32\DRIVERS\IASTOR.SYS
mcrdsvc - C:\WINDOWS\ehome\mcrdsvc.exe - Media Center Extender Service
msf32 - \??\C:\Program Files\MySecretFolder XP\MSF32.SYS - MSF32
sasdifsv - \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS - SASDIFSV
saskutil - \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys - SASKUTIL
sfdrv01 - System32\drivers\sfdrv01.sys - StarForce Protection Environment Driver (version 1.x)
sfhlp02 - System32\drivers\sfhlp02.sys - StarForce Protection Helper Driver (version 2.x)
sfvfs02 - System32\drivers\sfvfs02.sys - StarForce Protection VFS Driver (version 2.x)
spssys - system32\drivers\spssys.sys - Toshiba SPS Service
uxtuneup - %SystemRoot%\System32\svchost.exe -k netsvcs - TuneUp Design Expansion - %SystemRoot%\System32\uxtuneup.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2693D93A-D4F3-6D6E-0702-070000020707}
C:\WINDOWS\system32\scvhost.exe

Contents of the 'Scheduled Tasks' folder
2007-07-20 17:45:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2007-07-22 15:43:51 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-07-22 15:35:00 C:\WINDOWS\tasks\User_Feed_Synchronization-{1C4F82D9-1C85-40B9-8174-26887171F545}.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-22 16:40:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-22 16:45:39 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-22 16:45

--- E O F ---




---

And a new Hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:00 PM, on 22/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\gigabeat room 3.0\TosGbWatcher.exe
C:\PROGRA~1\MYSECR~1\MSFMON.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\4t Tray Minimizer\4t-min.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\PROGRA~1\DOWNLO~1\fdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 194.44.69.57:3129
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEbho Class - {68C55168-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\Inline Search\InlineSearch.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Download Manager\iefdmcks.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\Toshiba\gigabeat room 3.0\TosGbWatcher.exe"
O4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe
O4 - Startup: AutorunsDisabled
O4 - Startup: Find And Run Robot - SystemTray Trigger.lnk = C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Windows Live™ Messenger.lnk = C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Download Manager\dlall.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Download Manager\dllink.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICFE0~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICFE0~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICFE0~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168278964406
O16 - DPF: {7C405D1B-4007-11D3-8B8E-00104B3E656F} (SBCRecorderPlayer Control) - https://www.vodafone.net/VoiceRecorder/SBCRP.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - http://my.ebay.co.uk/ws/eBayISAPI.dll?MyeBay&MyeBay=

--
End of file - 10294 bytes

Edited by bizzle2, 22 July 2007 - 10:53 AM.


#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 22 July 2007 - 11:22 AM

If you're not aware of the following restrictions being set,fix them with HijackThis:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Your log is clean,hows your pc running now.
Posted Image
Posted Image

#6 bizzle2

bizzle2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 22 July 2007 - 11:42 AM

Richie, after testing several pages of google search results, it appears my pc is now clean! Hopefully, it's gone for good. Thanks very much once again.

Edited by bizzle2, 22 July 2007 - 11:43 AM.


#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 22 July 2007 - 03:17 PM

If all's ok,please do the following,find and delete:

Fixwareout
Combofix.exe

C:\QOOBOX
C:\Fixwareout

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

----------------------------------------------

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users