Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have Something And Don't Know What It Is


  • Please log in to reply
3 replies to this topic

#1 chattytim

chattytim

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 25 July 2007 - 06:15 PM

I have tryed to clean my computer several times but have not been successful.
I get this message every time i open an application from panda. :thumbsup:
abware/ilookup
c:\program files\common files\svchost.exe

No matter what i do i can not get rid of this thing. As a side effect panda when it scans changes the names of log of files as supiciuse. Almost all of them are exe programs like, ventrla, notepad, etc. It has alos recked my uninstaller, i can't unstall most program now. And, as a side note i can run the window vista patch 2 update, it crashes every time.

Logfile of HijackThis v1.99.1
Scan saved at 7:01:33 PM, on 7/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\mksauth.exe
C:\WINDOWS\System32\nutsrv4.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Motive\BellSouthBrowser.exe
C:\Program Files\MKS Toolkit\bin\secshd.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\TimH\MYDOCU~1\MY_PIC~1\WALLPA~1\WALLPA~1.EXE
C:\WINDOWS\System32\telnetd.exe
c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\stinger.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {493C455E-83B2-D861-CC08-DF98BC16F3CD} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\MKSTOO~1\bin\ncoeenv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\BellSouthBrowser.exe" /hidden
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [TPSRV9x] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WallPaper] C:\DOCUME~1\TimH\MYDOCU~1\MY_PIC~1\WALLPA~1\WALLPA~1.EXE /h
O4 - Startup: Start Changing Now ....lnk = C:\Documents and Settings\TimH\My Documents\MY_PICTURES\WALLPAPER\WALLPAPER.EXE
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: http://www.thottbot.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185050768953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185050755468
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instantservice.com/jars/customerxsigned40.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1d/www.n....0_SILENT_2.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...stx/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} - http://install.premiumzone.de/InstallationsAssistent.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: vtutt - C:\WINDOWS\System32\vtutt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winyyq32 - winyyq32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CMMON32 System Application (CMMON32 SysApp) - Unknown owner - C:\Windows\cmmon.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MKSAUTH - Mortice Kern Systems Inc. - C:\WINDOWS\System32\mksauth.exe
O23 - Service: MKS Secure Shell Service (MKSSecureSH) - DataFocus, Inc. - C:\Program Files\MKS Toolkit\bin\secshd.exe
O23 - Service: MKS Telnetd (MKSTelnetd) - DataFocus, Inc. - C:\WINDOWS\System32\telnetd.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\System32\nutsrv4.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
O23 - Service: Nortel Networks TunnelGuard (tunnelguardservice) - Alexandria Software Consulting - C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


I will take any help you can give me
Thanks
Chattytim

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 26 July 2007 - 09:20 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum chattytim :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

-------------------------------------------

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

-------------------------------------------

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


Also post a fresh Hijackthis log please.
Posted Image
Posted Image

#3 chattytim

chattytim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 17 August 2007 - 08:13 AM

Thank you for your help.

It several tryed to get all 3 of the above applications to finish. Here are the results. Please let me know next steps, if you see stuff that still has not come off. Should i attempt to down load and install the sp2 xp patch. I was not able to run and install before do to all the erros.

And thank you agian for your help.


SDFix: Version 1.98

Run by TimH on Fri 08/17/2007 at 08:00 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\LXSUPM~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSMAPI32.EXE - Deleted
C:\WINDOWS\SYSTEM32\INTR32.DLL - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\TimH\Local Settings\Application Data\Microsoft\Messenger\chatty_tim@hotmail.com\Sharing Folders\dawnandchance@hotmail.com\Thumbs.db
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\system32\657A50EDF2.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\Guest\Application Data\Microsoft\Office\Shortcut Bar\Off1E3.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Acc6h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Acc6s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\AccE3.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\AccE3h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\AccE3s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des10h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des10s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des12h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des12s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des15h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des15s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des16.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des16h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des16s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des2h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des2s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des3C2Bh.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des3C2Bs.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des3h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des3s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des4h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des4s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des5h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des5s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des6h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des6s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\DesE4h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\DesE4s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Fav4h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Fav4s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Off1h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Off1s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Off4.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Off4h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Off4s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro21.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro21h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro21s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro5h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro5s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro7h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro7s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Qui2h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Qui2s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\QuiE5.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\QuiE5h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\QuiE5s.tmp
C:\Documents and Settings\TimH\Application Data\Microsoft\Office\Shortcut Bar\Off2.tmp
C:\Documents and Settings\TimH\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\TimH\Application Data\Microsoft\Word\~WRL1214.tmp
C:\Documents and Settings\TimH\Application Data\Microsoft\Word\~WRL1404.tmp
C:\Documents and Settings\TimH\Application Data\Microsoft\Word\~WRL2108.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished


SDFix: Version 1.98

Run by TimH on Fri 08/17/2007 at 08:00 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\LXSUPM~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSMAPI32.EXE - Deleted
C:\WINDOWS\SYSTEM32\INTR32.DLL - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\TimH\Local Settings\Application Data\Microsoft\Messenger\chatty_tim@hotmail.com\Sharing Folders\dawnandchance@hotmail.com\Thumbs.db
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\system32\657A50EDF2.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\Guest\Application Data\Microsoft\Office\Shortcut Bar\Off1E3.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Acc6h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Acc6s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\AccE3.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\AccE3h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\AccE3s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des10h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des10s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des12h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des12s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des15h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des15s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des16.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des16h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des16s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des2h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des2s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des3C2Bh.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des3C2Bs.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des3h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des3s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des4h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des4s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des5h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des5s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des6h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Des6s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\DesE4h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\DesE4s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Fav4h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Fav4s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Off1h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Off1s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Off4.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Off4h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Off4s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro21.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro21h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro21s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro5h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro5s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro7h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Pro7s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Qui2h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\Qui2s.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\QuiE5.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\QuiE5h.tmp
C:\Documents and Settings\Kids\Application Data\Microsoft\Office\Shortcut Bar\QuiE5s.tmp
C:\Documents and Settings\TimH\Application Data\Microsoft\Office\Shortcut Bar\Off2.tmp
C:\Documents and Settings\TimH\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\TimH\Application Data\Microsoft\Word\~WRL1214.tmp
C:\Documents and Settings\TimH\Application Data\Microsoft\Word\~WRL1404.tmp
C:\Documents and Settings\TimH\Application Data\Microsoft\Word\~WRL2108.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished

ComboFix 07-08-15.3 - "TimH" 2007-08-17 8:29:02.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.565 [GMT -4:00]


((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))


2007-08-16 21:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-16 18:36 <DIR> d-------- C:\VundoFix Backups
2007-08-15 20:23 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-21 17:13 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-21 16:53 32,512 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2007-07-21 16:53 29,952 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2007-07-21 16:53 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-07-21 16:52 996,352 --a------ C:\WINDOWS\explorer.exe
2007-07-21 16:52 996,352 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-07-21 16:52 995,328 --------- C:\WINDOWS\system32\dllcache\conf.exe
2007-07-21 16:52 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-07-21 16:52 991,232 --------- C:\WINDOWS\system32\dllcache\esent.dll
2007-07-21 16:52 99,840 --a------ C:\WINDOWS\system32\iexpress.exe
2007-07-21 16:52 99,840 --------- C:\WINDOWS\system32\dllcache\iexpress.exe
2007-07-21 16:52 99,328 --a------ C:\WINDOWS\system32\dllcache\imekrcic.dll
2007-07-21 16:52 99,328 --------- C:\WINDOWS\system32\dllcache\setupqry.dll
2007-07-21 16:52 99,328 --------- C:\WINDOWS\system32\dllcache\dfrgntfs.exe
2007-07-21 16:52 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-07-21 16:52 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-07-21 16:52 98,816 --------- C:\WINDOWS\system32\dllcache\migload.exe
2007-07-21 16:52 98,816 --------- C:\WINDOWS\system32\dllcache\dmstyle.dll
2007-07-21 16:52 98,816 --------- C:\WINDOWS\system32\dllcache\clipbrd.exe
2007-07-21 16:52 98,304 --a------ C:\WINDOWS\system32\actxprxy.dll
2007-07-21 16:52 98,304 --------- C:\WINDOWS\system32\dllcache\actxprxy.dll
2007-07-21 16:52 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-07-21 16:52 974,848 --------- C:\WINDOWS\system32\dllcache\dxdiag.exe
2007-07-21 16:52 96,256 --a------ C:\WINDOWS\system32\evntagnt.dll
2007-07-21 16:52 96,256 --------- C:\WINDOWS\system32\dllcache\wmiutils.dll
2007-07-21 16:52 96,256 --------- C:\WINDOWS\system32\dllcache\evntagnt.dll
2007-07-21 16:52 95,232 --a------ C:\WINDOWS\system32\6to4svc.dll
2007-07-21 16:52 95,232 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll
2007-07-21 16:52 94,208 --------- C:\WINDOWS\system32\dllcache\pchshell.dll
2007-07-21 16:52 94,208 --------- C:\WINDOWS\system32\dllcache\fpencode.dll
2007-07-21 16:52 93,184 --------- C:\WINDOWS\system32\dllcache\oeimport.dll
2007-07-21 16:52 92,160 --a------ C:\WINDOWS\system32\cscdll.dll
2007-07-21 16:52 92,160 --------- C:\WINDOWS\system32\dllcache\cscdll.dll
2007-07-21 16:52 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2007-07-21 16:52 91,648 --------- C:\WINDOWS\system32\dllcache\ahui.exe
2007-07-21 16:52 91,136 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-07-21 16:52 91,136 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-07-21 16:52 90,112 --------- C:\WINDOWS\system32\dllcache\msjro.dll
2007-07-21 16:52 9,728 --a------ C:\WINDOWS\system32\gpkrsrc.dll
2007-07-21 16:52 9,728 --------- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2007-07-21 16:52 9,728 --------- C:\WINDOWS\system32\dllcache\gpkrsrc.dll
2007-07-21 16:52 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-07-21 16:52 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2007-07-21 16:52 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2007-07-21 16:52 9,216 --------- C:\WINDOWS\system32\dllcache\wuauserv.dll
2007-07-21 16:52 9,216 --------- C:\WINDOWS\system32\dllcache\icaapi.dll
2007-07-21 16:52 9,216 --------- C:\WINDOWS\system32\dllcache\dumprep.exe
2007-07-21 16:52 872,557 --------- C:\WINDOWS\system32\dllcache\fp4awel.dll
2007-07-21 16:52 866,016 --------- C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2007-07-21 16:52 86,074 --a------ C:\WINDOWS\system32\dllcache\voicesub.dll
2007-07-21 16:52 86,016 --------- C:\WINDOWS\system32\dllcache\msdatl3.dll
2007-07-21 16:52 851,456 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-21 16:52 85,504 --------- C:\WINDOWS\system32\dllcache\catsrvps.dll
2007-07-21 16:52 85,504 --------- C:\WINDOWS\system32\catsrvps.dll
2007-07-21 16:52 84,992 --a------ C:\WINDOWS\system32\evntwin.exe
2007-07-21 16:52 84,992 --a------ C:\WINDOWS\system32\dskquota.dll
2007-07-21 16:52 84,992 --------- C:\WINDOWS\system32\dllcache\evntwin.exe
2007-07-21 16:52 84,992 --------- C:\WINDOWS\system32\dllcache\dskquota.dll
2007-07-21 16:52 827,438 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2007-07-21 16:52 82,432 --a------ C:\WINDOWS\system32\fldrclnr.dll
2007-07-21 16:52 82,432 --------- C:\WINDOWS\system32\dllcache\wmiaprpl.dll
2007-07-21 16:52 82,432 --------- C:\WINDOWS\system32\dllcache\fldrclnr.dll
2007-07-21 16:52 82,035 --------- C:\WINDOWS\system32\dllcache\fp4anscp.dll
2007-07-21 16:52 81,977 --a------ C:\WINDOWS\system32\dllcache\imjpdct.dll
2007-07-21 16:52 81,408 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2007-07-21 16:52 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-07-21 16:52 80,896 --------- C:\WINDOWS\system32\dllcache\stdprov.dll
2007-07-21 16:52 80,896 --------- C:\WINDOWS\system32\dllcache\dpvsetup.exe
2007-07-21 16:52 80,384 --a------ C:\WINDOWS\system32\dllcache\imekrmbx.dll
2007-07-21 16:52 80,384 --a------ C:\WINDOWS\system32\cabview.dll
2007-07-21 16:52 80,384 --------- C:\WINDOWS\system32\dllcache\cabview.dll
2007-07-21 16:52 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2007-07-21 16:52 8,832 --------- C:\WINDOWS\system32\dllcache\framebuf.dll
2007-07-21 16:52 8,192 --a------ C:\WINDOWS\system32\igmpagnt.dll
2007-07-21 16:52 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-07-21 16:52 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2007-07-21 16:52 8,192 --------- C:\WINDOWS\system32\dllcache\igmpagnt.dll
2007-07-21 16:52 8,192 --------- C:\WINDOWS\system32\dllcache\d3d8thk.dll
2007-07-21 16:52 8,192 --------- C:\WINDOWS\system32\dllcache\comrepl.exe
2007-07-21 16:52 8,192 --------- C:\WINDOWS\system32\dllcache\autolfn.exe
2007-07-21 16:52 798,782 --------- C:\WINDOWS\system32\dllcache\srchui.dll
2007-07-21 16:52 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-07-21 16:52 797,184 --------- C:\WINDOWS\system32\dllcache\d3dim700.dll
2007-07-21 16:52 792,064 --a------ C:\WINDOWS\system32\comres.dll
2007-07-21 16:52 792,064 --------- C:\WINDOWS\system32\dllcache\comres.dll
2007-07-21 16:52 79,872 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2007-07-21 16:52 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-07-21 16:52 79,360 --a------ C:\WINDOWS\system32\diantz.exe
2007-07-21 16:52 79,360 --------- C:\WINDOWS\system32\dllcache\dpwsockx.dll
2007-07-21 16:52 79,360 --------- C:\WINDOWS\system32\dllcache\diantz.exe
2007-07-21 16:52 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-07-21 16:52 77,824 --a------ C:\WINDOWS\system32\asycfilt.dll
2007-07-21 16:52 77,824 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-07-21 16:52 77,824 --------- C:\WINDOWS\system32\dllcache\nmchat.dll
2007-07-21 16:52 77,824 --------- C:\WINDOWS\system32\dllcache\icwconn2.exe
2007-07-21 16:52 77,824 --------- C:\WINDOWS\system32\dllcache\dpmodemx.dll
2007-07-21 16:52 77,824 --------- C:\WINDOWS\system32\dllcache\asycfilt.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-15 15:59 --------- d-------- C:\Program Files\World of Warcraft
2007-07-24 22:55 --------- d-------- C:\Program Files\Ventrilo
2007-07-21 17:08 --------- d-------- C:\Program Files\Windows NT
2007-07-21 17:08 --------- d-------- C:\Program Files\Movie Maker
2007-07-21 17:05 --------- d-------- C:\Program Files\Messenger
2007-07-06 10:09 --------- d-------- C:\Program Files\Common Files\Motive
2007-07-05 19:46 --------- d-------- C:\Program Files\Winamp
2007-07-05 19:44 --------- d-------- C:\Program Files\Toolkit for Developers Installer
2007-07-05 19:43 --------- d-------- C:\Program Files\Spyware Doctor
2007-07-05 19:42 --------- d-------- C:\Program Files\MSN Messenger
2003-11-29 15:13 1244 --a------ C:\Program Files\INSTALL.LOG
2003-06-03 16:49 448256 --a------ C:\WINDOWS\inf\EL2K_N64.sys
2003-06-03 16:48 147328 --a------ C:\WINDOWS\inf\EL2K_XP.sys
2003-06-03 16:47 147328 --a------ C:\WINDOWS\inf\EL2K_2K.sys
2005-10-16 17:08:42 56 --sh--r C:\WINDOWS\system32\657A50EDF2.sys
2005-10-16 17:08:44 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{493C455E-83B2-D861-CC08-DF98BC16F3CD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NuTCSetupEnviron"="C:\PROGRA~1\MKSTOO~1\bin\ncoeenv.exe" [2002-02-07 19:58]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-03-21 21:57]
"Nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-04-19 13:26]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-04-19 13:26]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"WallPaper"="C:\DOCUME~1\TimH\MYDOCU~1\MY_PIC~1\WALLPA~1\WALLPA~1.exe" [2001-06-10 19:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"TPSRV9x"="C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=
"Beet"="C:\WINDOWS\System32\SKS~1\rundll32.exe" -vt ndrv
"<NO NAME>"=

C:\Documents and Settings\TimH\Start Menu\Programs\Startup\
Start Changing Now ....lnk - C:\DOCUME~1\TimH\My Documents\MY_PICTURES\WALLPAPER\WALLPAPER.EXE [2003-11-23 16:54:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= (value not set) [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 13:13 45056 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutt]
C:\WINDOWS\System32\vtutt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winyyq32]
winyyq32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\System32\drivers\ShldDrv.sys
R2 CVPND;Cisco Systems, Inc. VPN Service;C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver;\??\C:\WINDOWS\System32\Drivers\CVPNDRVA.sys
R2 MKSAUTH;MKSAUTH;C:\WINDOWS\System32\mksauth.exe
R2 MKSSecureSH;MKS Secure Shell Service;C:\Program Files\MKS Toolkit\bin\secshd.exe
R2 MKSTelnetd;MKS Telnetd;C:\WINDOWS\System32\telnetd.exe
R2 NuTCRACKERService;NuTCRACKER Service;C:\WINDOWS\System32\nutsrv4.exe
R2 PAVDRV;pavdrv;C:\WINDOWS\System32\DRIVERS\pavdrv51.sys
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\System32\DRIVERS\PavProc.sys
R2 SVKP;SVKP;\??\C:\WINDOWS\System32\SVKP.sys
R2 tcaicchg;tcaicchg;\??\C:\WINDOWS\System32\tcaicchg.sys
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\System32\DRIVERS\TCAITDI.sys
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\System32\drivers\av5flt.sys
R3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\System32\drivers\bcgame.sys
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\System32\DRIVERS\dne2000.sys
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\System32\DRIVERS\eacfilt.sys
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys
S2 CMMON32 SysApp;CMMON32 System Application;C:\Windows\cmmon.exe
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\System32\DRIVERS\CVirtA.sys
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\System32\PavSRK.sys
S3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\System32\PavTPK.sys


Contents of the 'Scheduled Tasks' folder
2007-08-15 16:20:51 C:\WINDOWS\Tasks\wrSpySweeper_5718088F27FA4C4B943CECF5FCC04C7D.job - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
2007-08-15 11:20:17 C:\WINDOWS\Tasks\wrSpySweeper_C8E68799F87E495EBC5BAB386A69187E.job - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 08:35:19
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-17 8:36:57
C:\ComboFix-quarantined-files.txt ... 2007-08-17 08:36
C:\ComboFix2.txt ... 2007-08-16 21:29

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 8:50:53 AM, on 8/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\mksauth.exe
C:\WINDOWS\System32\nutsrv4.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
C:\Program Files\MKS Toolkit\bin\secshd.exe
C:\WINDOWS\System32\telnetd.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\apvxdwin.exe
c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\TimH\MYDOCU~1\MY_PIC~1\WALLPA~1\WALLPA~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {493C455E-83B2-D861-CC08-DF98BC16F3CD} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\MKSTOO~1\bin\ncoeenv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [TPSRV9x] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WallPaper] C:\DOCUME~1\TimH\MYDOCU~1\MY_PIC~1\WALLPA~1\WALLPA~1.EXE /h
O4 - Startup: Start Changing Now ....lnk = C:\Documents and Settings\TimH\My Documents\MY_PICTURES\WALLPAPER\WALLPAPER.EXE
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: http://www.thottbot.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185050768953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185050755468
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instantservice.com/jars/customerxsigned40.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1d/www.n....0_SILENT_2.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...stx/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} - http://install.premiumzone.de/InstallationsAssistent.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: vtutt - C:\WINDOWS\System32\vtutt.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winyyq32 - winyyq32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CMMON32 System Application (CMMON32 SysApp) - Unknown owner - C:\Windows\cmmon.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MKSAUTH - Mortice Kern Systems Inc. - C:\WINDOWS\System32\mksauth.exe
O23 - Service: MKS Secure Shell Service (MKSSecureSH) - DataFocus, Inc. - C:\Program Files\MKS Toolkit\bin\secshd.exe
O23 - Service: MKS Telnetd (MKSTelnetd) - DataFocus, Inc. - C:\WINDOWS\System32\telnetd.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\System32\nutsrv4.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
O23 - Service: Nortel Networks TunnelGuard (tunnelguardservice) - Alexandria Software Consulting - C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 22 August 2007 - 08:09 AM

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktopPosted Image
You'll see a black screen flash,thats normal.

@echo off
sc stop CMMON32 SysApp
sc delete CMMON32 SysApp

Restart your pc.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: (no name) - {493C455E-83B2-D861-CC08-DF98BC16F3CD} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: http://www.thottbot.com
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs1b.instantservice.com/jars...erxsigned34.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1d/www.n....0_SILENT_2.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...stx/install.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} - http://install.premiumzone.de/InstallationsAssistent.ocx
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: vtutt - C:\WINDOWS\System32\vtutt.dll (file missing)
O20 - Winlogon Notify: winyyq32 - winyyq32.dll (file missing)

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users