Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Progressively Worse Spontaneous Popups


  • This topic is locked This topic is locked
7 replies to this topic

#1 azdrmn5

azdrmn5

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 24 July 2007 - 10:31 PM

Logfile of HijackThis v1.99.1
Scan saved at 11:09:28 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Magicantispy\Magicantispy.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\bwctrwgx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\win4CA.tmp.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Ramo\LOCALS~1\Temp\Rar$EX01.011\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\vrotvbbc.dll",forkonce
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magicantispy] C:\Program Files\Magicantispy\Magicantispy.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller AtiBthServ (AtiBthServ) - Unknown owner - C:\WINDOWS\system32\1041r.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:52 PM

Posted 25 July 2007 - 03:22 AM

Hi,

Please uninstall Magicantispy again and don't let it install the next time.

Then, * Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 azdrmn5

azdrmn5
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 25 July 2007 - 10:03 PM

Combo Fix log:

"Ramo" - 2007-07-25 20:58:42 [GMT -4:00] - ComboFix 07-07-24.5 - Service Pack 2 NTFS
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtqnkh.dll
C:\WINDOWS\system32\fassjuon.dll
C:\WINDOWS\system32\hkgycmir.dll
C:\WINDOWS\system32\iiihf.dll
C:\WINDOWS\system32\jkklife.dll
C:\WINDOWS\system32\nnnmjhg.dll
C:\WINDOWS\system32\oeqlfuji.dll
C:\WINDOWS\system32\tuvwtus.dll
C:\WINDOWS\system32\bwctrwgx.exe
C:\WINDOWS\system32\cxrpvuib.exe
C:\WINDOWS\system32\dtjsdbjp.exe
C:\WINDOWS\system32\ecbpjqkh.exe
C:\WINDOWS\system32\fpectmrm.exe
C:\WINDOWS\system32\fqriupwi.exe
C:\WINDOWS\system32\ipamdhyu.exe
C:\WINDOWS\system32\irnixthf.exe
C:\WINDOWS\system32\kmpeqgqv.exe
C:\WINDOWS\system32\kqeawshl.exe
C:\WINDOWS\system32\ljbepujc.exe
C:\WINDOWS\system32\mcxehwlr.exe
C:\WINDOWS\system32\pgbsaush.exe
C:\WINDOWS\system32\pwnqriom.exe
C:\WINDOWS\system32\ruxkcwvw.exe
C:\WINDOWS\system32\tsuboyaf.exe
C:\WINDOWS\system32\twrqvuhe.exe
C:\WINDOWS\system32\cmqoyaww.dll
C:\WINDOWS\system32\gxqcnian.dll
C:\WINDOWS\system32\hevqgmrv.dll
C:\WINDOWS\system32\htutufgi.dll
C:\WINDOWS\system32\oqhxmyjj.dll
C:\WINDOWS\system32\sefdodpy.dll
C:\WINDOWS\system32\jkklife.dll
C:\WINDOWS\system32\nnnmjhg.dll
C:\WINDOWS\system32\tuvwtus.dll
C:\WINDOWS\system32\winlxj32.dll
C:\WINDOWS\system32\fhiii.ini
C:\WINDOWS\system32\ijuflqeo.ini
C:\WINDOWS\system32\jlnpo.bak1
C:\WINDOWS\system32\jlnpo.bak2
C:\WINDOWS\system32\jlnpo.ini
C:\WINDOWS\system32\jlnpo.ini2
C:\WINDOWS\system32\jlnpo.tmp
C:\WINDOWS\system32\jlnpo.bak1
C:\WINDOWS\system32\jlnpo.bak2
C:\WINDOWS\system32\jlnpo.ini
C:\WINDOWS\system32\jlnpo.ini2
C:\WINDOWS\system32\jlnpo.tmp
C:\WINDOWS\system32\hggfdcc.dll
C:\WINDOWS\system32\opnlj.dll
C:\WINDOWS\system32\hggfdcc.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Ramo\APPLIC~1.\macromedia\Flash Player\#SharedObjects\Z8WLUZXG\www.broadcaster.com
C:\DOCUME~1\Ramo\APPLIC~1.\macromedia\Flash Player\#SharedObjects\Z8WLUZXG\www.broadcaster.com\played_list.sol
C:\DOCUME~1\Ramo\APPLIC~1.\macromedia\Flash Player\#SharedObjects\Z8WLUZXG\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\Ramo\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Ramo\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\Ramo\APPLIC~1\Install.dat
C:\WINDOWS\crosof~1.net
C:\WINDOWS\system32\1041r.exe
C:\WINDOWS\system32\dbjlhqtq.exe
C:\WINDOWS\system32\gmwkvjya.exe
C:\WINDOWS\system32\gxtnvdqa.exe
C:\WINDOWS\system32\ikcnccii.exe
C:\WINDOWS\system32\jyvyvhfy.exe
C:\WINDOWS\system32\lubgshhd.exe
C:\WINDOWS\system32\tiaynkxe.exe
C:\WINDOWS\system32\wdslsdom.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ATIBTHSERV
-------\AtiBthServ


((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))


2007-07-25 21:05 92,688 --a------ C:\WINDOWS\system32\cdacbfc.dll
2007-07-25 21:04 126,016 --a------ C:\WINDOWS\system32\actvucsd.dll
2007-07-25 21:02 31,254 --a------ C:\WINDOWS\system32\cbxywvs.dll
2007-07-25 21:01 66,112 --a------ C:\WINDOWS\system32\txyrigko.exe
2007-07-25 20:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-25 06:20 31,254 --a------ C:\WINDOWS\system32\rqrqrpp.dll
2007-07-24 21:44 31,254 --a------ C:\WINDOWS\system32\fccawvv.dll
2007-07-24 21:44 181 --ahs---- C:\WINDOWS\system32\1753479560.dat
2007-07-24 06:31 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-24 06:31 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-24 06:31 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-24 06:31 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-24 06:31 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-24 06:31 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-24 06:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-24 06:31 <DIR> d-------- C:\DOCUME~1\Ramo\APPLIC~1\PC Tools
2007-07-06 23:34 <DIR> d-------- C:\Program Files\Total Video Converter
2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\Ramo\APPLIC~1\Sonic
2007-07-01 16:58 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-07-01 16:58 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-01 16:58 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-07-01 16:58 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-07-01 16:58 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-07-01 16:58 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-01 16:58 306,688 --a------ C:\WINDOWS\system32\avisynth.dll
2007-07-01 16:58 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-07-01 16:58 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-07-01 16:58 217,073 --a------ C:\WINDOWS\meta4.exe
2007-07-01 16:58 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-07-01 15:59 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-07-01 15:59 <DIR> d-------- C:\DOCUME~1\Ramo\APPLIC~1\NCH Swift Sound
2007-07-01 13:52 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-01 13:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-06-28 23:08 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-27 23:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-26 20:38 <DIR> d-------- C:\DOCUME~1\Ramo\APPLIC~1\dvdcss
2007-06-26 20:36 <DIR> d-------- C:\DOCUME~1\Ramo\APPLIC~1\CyberLink


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 02:56:34 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\Azureus
2007-07-01 18:06:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-25 03:19:27 1,567 ----a-w C:\WINDOWS\mozver.dat
2007-06-25 02:08:21 -------- d-----w C:\Program Files\Apple Software Update
2007-06-20 02:35:05 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\Skype
2007-06-20 01:34:39 -------- d-----w C:\Program Files\Skype
2007-06-19 23:01:51 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\PCF-VLC
2007-06-19 01:07:10 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\WinRAR
2007-06-19 01:03:35 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\Apple Computer
2007-06-16 19:19:52 -------- d-----w C:\Program Files\Azureus
2007-06-16 17:28:25 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\Participatory Culture Foundation
2007-06-16 17:25:25 -------- d-----w C:\Program Files\Participatory Culture Foundation
2007-06-16 15:21:40 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\.ABC
2007-06-16 01:24:22 -------- d-----w C:\Program Files\Picasa2
2007-06-16 01:24:05 -------- d-----w C:\Program Files\Google
2007-06-16 01:23:03 -------- d-----w C:\Program Files\Common Files\Skype
2007-06-16 01:22:22 -------- d-----w C:\Program Files\DivX
2007-06-16 01:18:08 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\vlc
2007-06-16 01:17:40 -------- d-----w C:\Program Files\VideoLAN
2007-06-16 01:15:02 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\3M
2007-06-16 01:14:44 -------- d-----w C:\Program Files\3M
2007-06-16 01:14:33 -------- d-----w C:\Program Files\ABC
2007-06-16 01:14:14 -------- d-----w C:\Program Files\DVD Decrypter
2007-06-16 01:13:10 -------- d-----w C:\Program Files\DVD Shrink
2007-06-15 09:57:33 -------- d-----w C:\Program Files\Messenger
2007-06-15 03:21:35 -------- d-----w C:\Program Files\Lavasoft
2007-06-15 03:21:12 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-15 03:20:29 -------- d-----w C:\Program Files\Alwil Software
2007-06-15 03:01:00 -------- d-----w C:\Program Files\iTunes
2007-06-15 03:00:54 -------- d-----w C:\Program Files\iPod
2007-06-15 03:00:37 -------- d-----w C:\Program Files\QuickTime
2007-06-15 02:58:01 0 ----a-w C:\WINDOWS\nsreg.dat
2007-06-15 02:23:11 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\Leadertech
2007-06-15 02:10:33 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-15 02:09:33 -------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-06-15 02:09:31 -------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-06-15 02:07:51 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-06-15 02:07:06 -------- d-----w C:\Program Files\Roxio
2007-06-15 02:04:52 -------- d-----w C:\Program Files\CyberLink
2007-06-15 01:41:16 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\Intel
2007-06-15 01:41:10 21,425 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-06-15 01:40:19 -------- d-----w C:\Program Files\Intel
2007-06-15 01:39:15 -------- d-----w C:\Program Files\Broadcom
2007-06-15 01:37:28 -------- d-----w C:\Program Files\SigmaTel
2007-06-15 01:37:02 -------- d-----w C:\Program Files\ATI Technologies
2007-06-15 01:27:34 -------- d-----w C:\Program Files\microsoft frontpage
2007-06-15 01:26:39 0 --sha-r C:\MSDOS.SYS
2007-06-15 01:26:39 0 --sha-r C:\IO.SYS
2007-06-15 01:26:39 0 ----a-w C:\CONFIG.SYS
2007-06-15 01:26:39 0 ----a-w C:\AUTOEXEC.BAT
2007-06-15 01:25:05 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-15 01:25:00 -------- d-----w C:\Program Files\Online Services
2007-06-15 01:24:06 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-06-15 01:23:54 -------- d-----w C:\Program Files\Movie Maker
2007-06-15 01:22:56 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-15 01:22:15 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-15 01:22:06 -------- d-----w C:\Program Files\Windows NT
2007-06-14 21:14:19 -------- d-----w C:\Program Files\Common Files\ODBC
2007-06-14 21:14:15 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 11:19]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 11:17]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 06:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-27 13:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"Magicantispy"="C:\Program Files\Magicantispy\Magicantispy.exe" []

C:\Documents and Settings\Ramo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cdacbfc]
C:\WINDOWS\system32\cdacbfc.dll 2007-07-25 21:05 92688 C:\WINDOWS\system32\cdacbfc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

R1 DLACDBHM;DLACDBHM;C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
R1 DLARTL_N;DLARTL_N;C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
R1 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
R1 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
R1 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
R1 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R2 DLABOIOM;DLABOIOM;C:\WINDOWS\system32\DLA\DLABOIOM.SYS
R2 DLADResN;DLADResN;C:\WINDOWS\system32\DLA\DLADResN.SYS
R2 DLAIFS_M;DLAIFS_M;C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
R2 DLAOPIOM;DLAOPIOM;C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
R2 DLAPoolM;DLAPoolM;C:\WINDOWS\system32\DLA\DLAPoolM.SYS
R2 DLAUDF_M;DLAUDF_M;C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
R2 DLAUDFAM;DLAUDFAM;C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
R2 DRVNDDM;DRVNDDM;C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
R3 BthEnum;Bluetooth Request Block Driver;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
R3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys
R3 BTHUSB;Bluetooth Radio USB Driver;C:\WINDOWS\system32\Drivers\BTHUSB.sys
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S0 cercsr6;cercsr6;C:\WINDOWS\system32\drivers\cercsr6.sys
S3 BTHPORT;Bluetooth Port Driver;C:\WINDOWS\system32\Drivers\BTHport.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


Contents of the 'Scheduled Tasks' folder
2007-07-22 20:17:06 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 21:19:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-25 21:22:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-25 21:22

--- E O F ---

New HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:55:28 PM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Ramo\LOCALS~1\Temp\Rar$EX00.025\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magicantispy] C:\Program Files\Magicantispy\Magicantispy.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cdacbfc - C:\WINDOWS\system32\cdacbfc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:52 PM

Posted 26 July 2007 - 02:52 AM

Hello,

I see you uninstalled Avast in a meanwhile... Any reason? How are you supposed to prevent malware if you uninstall your Antivirus again? Please reinstall it.

Then,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\cdacbfc.dll
C:\WINDOWS\system32\actvucsd.dll
C:\WINDOWS\system32\cbxywvs.dll
C:\WINDOWS\system32\txyrigko.exe
C:\WINDOWS\system32\rqrqrpp.dll
C:\WINDOWS\system32\fccawvv.dll
C:\WINDOWS\system32\1753479560.dat

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Magicantispy"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cdacbfc]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 azdrmn5

azdrmn5
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 26 July 2007 - 09:54 PM

New ComboFix Log

"Ramo" - 2007-07-26 22:45:05 [GMT -4:00] - ComboFix 07-07-24.5 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Ramo\Desktop\CFScript.rtf
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\txyrigko.exe


((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))


2007-07-26 22:35 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-26 22:35 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-26 22:35 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-26 22:35 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-26 22:35 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-26 22:35 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-26 22:34 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-25 21:05 92,672 --a------ C:\WINDOWS\system32\cdacbfc.dll
2007-07-25 21:04 126,016 --a------ C:\WINDOWS\system32\actvucsd.dll
2007-07-25 21:02 31,254 --a------ C:\WINDOWS\system32\cbxywvs.dll
2007-07-25 20:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-25 06:20 31,254 --a------ C:\WINDOWS\system32\rqrqrpp.dll
2007-07-24 21:44 31,254 --a------ C:\WINDOWS\system32\fccawvv.dll
2007-07-24 21:44 181 --ahs---- C:\WINDOWS\system32\1753479560.dat
2007-07-24 06:31 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-24 06:31 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-24 06:31 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-24 06:31 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-24 06:31 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-24 06:31 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-24 06:31 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-24 06:31 <DIR> d-------- C:\DOCUME~1\Ramo\APPLIC~1\PC Tools
2007-07-06 23:34 <DIR> d-------- C:\Program Files\Total Video Converter
2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\Ramo\APPLIC~1\Sonic
2007-07-01 16:58 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-07-01 16:58 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-07-01 16:58 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-07-01 16:58 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-07-01 16:58 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-07-01 16:58 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2007-07-01 16:58 306,688 --a------ C:\WINDOWS\system32\avisynth.dll
2007-07-01 16:58 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-07-01 16:58 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-07-01 16:58 217,073 --a------ C:\WINDOWS\meta4.exe
2007-07-01 16:58 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-07-01 15:59 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-07-01 15:59 <DIR> d-------- C:\DOCUME~1\Ramo\APPLIC~1\NCH Swift Sound
2007-07-01 13:52 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-01 13:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-06-28 23:08 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-27 23:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-26 20:38 <DIR> d-------- C:\DOCUME~1\Ramo\APPLIC~1\dvdcss
2007-06-26 20:36 <DIR> d-------- C:\DOCUME~1\Ramo\APPLIC~1\CyberLink


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 02:56:34 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\Azureus
2007-07-01 18:06:09 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-25 03:19:27 1,567 ----a-w C:\WINDOWS\mozver.dat
2007-06-25 02:08:21 -------- d-----w C:\Program Files\Apple Software Update
2007-06-20 02:35:05 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\Skype
2007-06-20 01:34:39 -------- d-----w C:\Program Files\Skype
2007-06-19 23:01:51 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\PCF-VLC
2007-06-19 01:07:10 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\WinRAR
2007-06-19 01:03:35 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\Apple Computer
2007-06-16 19:19:52 -------- d-----w C:\Program Files\Azureus
2007-06-16 17:28:25 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\Participatory Culture Foundation
2007-06-16 17:25:25 -------- d-----w C:\Program Files\Participatory Culture Foundation
2007-06-16 15:21:40 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\.ABC
2007-06-16 01:24:22 -------- d-----w C:\Program Files\Picasa2
2007-06-16 01:24:05 -------- d-----w C:\Program Files\Google
2007-06-16 01:23:03 -------- d-----w C:\Program Files\Common Files\Skype
2007-06-16 01:22:22 -------- d-----w C:\Program Files\DivX
2007-06-16 01:18:08 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\vlc
2007-06-16 01:17:40 -------- d-----w C:\Program Files\VideoLAN
2007-06-16 01:15:02 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\3M
2007-06-16 01:14:44 -------- d-----w C:\Program Files\3M
2007-06-16 01:14:33 -------- d-----w C:\Program Files\ABC
2007-06-16 01:14:14 -------- d-----w C:\Program Files\DVD Decrypter
2007-06-16 01:13:10 -------- d-----w C:\Program Files\DVD Shrink
2007-06-15 09:57:33 -------- d-----w C:\Program Files\Messenger
2007-06-15 03:21:35 -------- d-----w C:\Program Files\Lavasoft
2007-06-15 03:21:12 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-15 03:20:29 -------- d-----w C:\Program Files\Alwil Software
2007-06-15 03:01:00 -------- d-----w C:\Program Files\iTunes
2007-06-15 03:00:54 -------- d-----w C:\Program Files\iPod
2007-06-15 03:00:37 -------- d-----w C:\Program Files\QuickTime
2007-06-15 02:58:01 0 ----a-w C:\WINDOWS\nsreg.dat
2007-06-15 02:23:11 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\Leadertech
2007-06-15 02:10:33 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-15 02:09:33 -------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-06-15 02:09:31 -------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-06-15 02:07:51 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-06-15 02:07:06 -------- d-----w C:\Program Files\Roxio
2007-06-15 02:04:52 -------- d-----w C:\Program Files\CyberLink
2007-06-15 01:41:16 -------- d-----w C:\DOCUME~1\Ramo\APPLIC~1\Intel
2007-06-15 01:41:10 21,425 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-06-15 01:40:19 -------- d-----w C:\Program Files\Intel
2007-06-15 01:39:15 -------- d-----w C:\Program Files\Broadcom
2007-06-15 01:37:28 -------- d-----w C:\Program Files\SigmaTel
2007-06-15 01:37:02 -------- d-----w C:\Program Files\ATI Technologies
2007-06-15 01:27:34 -------- d-----w C:\Program Files\microsoft frontpage
2007-06-15 01:26:39 0 --sha-r C:\MSDOS.SYS
2007-06-15 01:26:39 0 --sha-r C:\IO.SYS
2007-06-15 01:26:39 0 ----a-w C:\CONFIG.SYS
2007-06-15 01:26:39 0 ----a-w C:\AUTOEXEC.BAT
2007-06-15 01:25:05 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-15 01:25:00 -------- d-----w C:\Program Files\Online Services
2007-06-15 01:24:06 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-06-15 01:23:54 -------- d-----w C:\Program Files\Movie Maker
2007-06-15 01:22:56 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-15 01:22:15 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-15 01:22:06 -------- d-----w C:\Program Files\Windows NT
2007-06-14 21:14:19 -------- d-----w C:\Program Files\Common Files\ODBC
2007-06-14 21:14:15 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 11:19]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 11:17]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 06:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-27 13:54]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"Magicantispy"="C:\Program Files\Magicantispy\Magicantispy.exe" []

C:\Documents and Settings\Ramo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cdacbfc]
C:\WINDOWS\system32\cdacbfc.dll 2007-07-25 21:21 92672 C:\WINDOWS\system32\cdacbfc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

R1 DLACDBHM;DLACDBHM;C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
R1 DLARTL_N;DLARTL_N;C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
R1 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
R1 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
R1 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
R1 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R2 DLABOIOM;DLABOIOM;C:\WINDOWS\system32\DLA\DLABOIOM.SYS
R2 DLADResN;DLADResN;C:\WINDOWS\system32\DLA\DLADResN.SYS
R2 DLAIFS_M;DLAIFS_M;C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
R2 DLAOPIOM;DLAOPIOM;C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
R2 DLAPoolM;DLAPoolM;C:\WINDOWS\system32\DLA\DLAPoolM.SYS
R2 DLAUDF_M;DLAUDF_M;C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
R2 DLAUDFAM;DLAUDFAM;C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
R2 DRVNDDM;DRVNDDM;C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
R3 BthEnum;Bluetooth Request Block Driver;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
R3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys
R3 BTHUSB;Bluetooth Radio USB Driver;C:\WINDOWS\system32\Drivers\BTHUSB.sys
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S0 cercsr6;cercsr6;C:\WINDOWS\system32\drivers\cercsr6.sys
S3 BTHPORT;Bluetooth Port Driver;C:\WINDOWS\system32\Drivers\BTHport.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER

Contents of the 'Scheduled Tasks' folder
2007-07-22 20:17:06 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 22:47:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-26 22:48:14
C:\ComboFix-quarantined-files.txt ... 2007-07-26 22:48
C:\ComboFix2.txt ... 2007-07-25 21:22

--- E O F ---

New HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 10:51:35 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Ramo\LOCALS~1\Temp\Rar$EX00.774\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magicantispy] C:\Program Files\Magicantispy\Magicantispy.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cdacbfc - C:\WINDOWS\system32\cdacbfc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:52 PM

Posted 27 July 2007 - 03:38 AM

Hi,

Command switches used :: C:\Documents and Settings\Ramo\Desktop\CFScript.rtf


This is what I asked previously:

* Open notepad - don't use any other texteditor than notepad or the script will fail.

And that's why it also failed, because you were using Word instead of notepad.
So please perform my instructions again with CFScript and then post the logs in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:52 PM

Posted 04 August 2007 - 04:28 AM

Still with us?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:52 PM

Posted 16 August 2007 - 01:03 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users