Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde


  • This topic is locked This topic is locked
9 replies to this topic

#1 fluidmedia

fluidmedia

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 26 July 2007 - 08:13 PM

i have been trying to remove this but cant could some one help me out below is my log file

thanks

Logfile of HijackThis v1.99.1
Scan saved at 6:05:49 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\web\webserver\Apache2\bin\httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\web\webserver\Apache2\bin\httpd.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mike\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2F18FBE-98A7-4506-B511-807215A913E9}: NameServer = 68.6.16.30,68.6.16.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Apache2 - Unknown owner - C:\web\webserver\Apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:24 PM

Posted 27 July 2007 - 04:09 AM

Hi fluidmedia

Create own folder for HijackThis to desktop and move it to that folder.

Rename HijackThis.exe to scanner.exe and post back a fresh HijackThis log, please :thumbsup:
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 fluidmedia

fluidmedia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 30 July 2007 - 02:26 AM

thanks shaba

i did some reading on my own and ran the combo fix

here are the the new logs

combofix

ComboFix 07-07-27 - "mike" 2007-07-26 18:36:17.1 [GMT -7:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\pqfqmdoi.dll
C:\WINDOWS\system32\yedxbwhv.dll
C:\WINDOWS\system32\yiyvsyni.dll
C:\WINDOWS\system32\yedxbwhv.dll
C:\WINDOWS\system32\winhoq32.dll
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lmllm.tmp
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lmllm.tmp
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lmllm.tmp
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\cbxxwvt.dll
C:\WINDOWS\system32\cbxxwvt.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\mike\APPLIC~1.\smante~1
C:\WINDOWS\sks~1
C:\WINDOWS\system32\components
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\wnscptr.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\ymbols~1


((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))


2007-07-26 18:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-26 18:04 126,016 --a------ C:\WINDOWS\system32\ccuhrgng.dll
2007-07-26 17:36 126,016 --a------ C:\WINDOWS\system32\lybrrqll.dll
2007-07-26 14:32 31,254 --a------ C:\WINDOWS\system32\ddcywuu.dll
2007-07-26 14:01 86,016 --a------ C:\WINDOWS\CtDrvIns.exe
2007-07-26 14:01 68,608 --a------ C:\WINDOWS\system32\drivers\P1110Vid.sys
2007-07-26 14:01 4,216 --a------ C:\WINDOWS\system32\drivers\P1110Stb.sys
2007-07-26 14:01 36,864 --a------ C:\WINDOWS\system32\P1110Pin.dll
2007-07-26 14:01 36,864 --a------ C:\WINDOWS\system32\CtRegApp.dll
2007-07-26 14:01 36,864 --a------ C:\WINDOWS\system32\CtCamMgr.dll
2007-07-26 14:01 32,768 --a------ C:\WINDOWS\system32\P1110Sti.dll
2007-07-26 14:01 32,768 --a------ C:\WINDOWS\system32\P1110Hwx.dll
2007-07-26 14:01 20,480 --a------ C:\WINDOWS\system32\P1110Srv.exe
2007-07-26 14:01 20,480 --a------ C:\WINDOWS\P1110Cfg.exe
2007-07-26 14:01 126,976 --a------ C:\WINDOWS\system32\P1110Vfw.dll
2007-07-26 14:01 <DIR> d-------- C:\WebCam
2007-07-26 13:56 <DIR> d-------- C:\CtDriverInstTemp
2007-07-26 12:34 <DIR> d-------- C:\CWebCam
2007-07-25 23:53 126,016 --a------ C:\WINDOWS\system32\kchiikwe.dll
2007-07-25 21:21 31,254 --a------ C:\WINDOWS\system32\nnnmjge.dll
2007-07-25 17:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-24 19:55 <DIR> d-------- C:\Program Files\iTunes
2007-07-24 19:55 <DIR> d-------- C:\Program Files\iPod
2007-07-22 21:38 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-07-22 21:36 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-22 21:36 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-22 21:33 <DIR> d-------- C:\Program Files\Symantec
2007-07-22 21:33 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-22 21:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-22 18:27 <DIR> d-------- C:\DOCUME~1\mike\.housecall6.6
2007-07-22 11:09 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-22 11:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-22 11:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-22 08:26 12,800 --a------ C:\WINDOWS\system32\s2f.exe
2007-07-21 19:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Authentium
2007-07-21 19:46 <DIR> d-------- C:\Program Files\Common Files\RuleSpace
2007-07-21 19:46 <DIR> d-------- C:\Program Files\Common Files\Aluria
2007-07-21 19:45 <DIR> d-------- C:\Program Files\Common Files\Authentium
2007-07-21 19:42 <DIR> d-------- C:\Program Files\Cox
2007-07-21 18:11 <DIR> d-------- C:\Program Files\Common Files\Authentium Shared
2007-07-14 23:06 <DIR> d-------- C:\Program Files\AVI MPEG RM WMV Joiner
2007-07-08 19:00 <DIR> d---s---- C:\DOCUME~1\mike\UserData
2007-07-08 18:45 19,558 --a------ C:\WINDOWS\hpoins01.dat
2007-07-08 18:45 16,606 --------- C:\WINDOWS\hpomdl01.dat
2007-07-04 10:30 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-04 10:29 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-04 10:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-01 19:38 425,984 --a------ C:\WINDOWS\system32\wodKeys.dll
2007-07-01 19:38 385,024 --a------ C:\WINDOWS\system32\wodSFTP.dll
2007-07-01 19:38 1,079,808 --a------ C:\WINDOWS\system32\we.dll
2007-07-01 19:38 <DIR> d-------- C:\Program Files\AceBIT


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-26 16:21 --------- d-------- C:\DOCUME~1\mike\APPLIC~1\Azureus
2007-07-25 19:54 --------- d-------- C:\Program Files\Picasa2
2007-07-24 19:41 --------- d-------- C:\Program Files\QuickTime
2007-07-22 21:42 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-22 21:42 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-08 18:06 --------- d-------- C:\DOCUME~1\mike\APPLIC~1\eFax Messenger
2007-07-07 11:05 --------- d-------- C:\DOCUME~1\mike\APPLIC~1\Apple Computer
2007-07-01 19:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-30 21:11 --------- d-------- C:\DOCUME~1\mike\APPLIC~1\Ahead
2007-06-25 19:08 --------- d-------- C:\Program Files\Apache Software Foundation
2007-06-22 16:01 --------- d-------- C:\Program Files\Azureus
2007-06-20 17:04 --------- d-------- C:\Program Files\eFax Messenger 4.3
2007-06-13 01:59 1277 --a------ C:\WINDOWS\mozver.dat
2007-06-13 01:06 --------- d-------- C:\Program Files\Common Files\Ahead
2007-06-13 01:04 --------- d-------- C:\Program Files\Nero
2007-06-12 19:26 --------- d-------- C:\Program Files\Apple Software Update
2007-06-11 17:42 --------- d-------- C:\Program Files\TVersity
2007-06-08 18:12 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-05 23:21 --------- d-------- C:\DOCUME~1\mike\APPLIC~1\DivX
2007-06-05 19:29 --------- d-------- C:\Program Files\Microsoft IntelliPoint
2007-06-05 19:28 --------- d-------- C:\Program Files\Microsoft IntelliType Pro
2007-06-04 15:18 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 17:54 --------- d-------- C:\Program Files\Google
2007-06-02 21:01 --------- d-------- C:\Program Files\DivX
2007-06-01 00:10 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-06-01 00:10 --------- d-------- C:\Program Files\BitComet
2007-05-31 23:55 --------- d-------- C:\DOCUME~1\mike\APPLIC~1\.BitTornado
2007-05-31 23:54 --------- d-------- C:\Program Files\BitTornado
2007-05-30 23:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-30 23:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-30 23:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-30 23:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-30 23:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-23 17:28 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-05-23 17:28 249856 --------- C:\WINDOWS\Setup1.exe
2007-05-16 09:42 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-15 09:45 972336 --a------ C:\WINDOWS\UNNeroVision.exe
2007-05-10 00:23 0 --a--c--- C:\WINDOWS\nsreg.dat
2007-05-09 23:37 21640 --a--c--- C:\WINDOWS\system32\emptyregdb.dat
2007-05-09 13:51 214504 --a------ C:\WINDOWS\system32\grfilter.dll
2007-05-09 13:40 79336 --a------ C:\WINDOWS\system32\wscapi.dll
2007-05-09 13:40 79336 --a------ C:\WINDOWS\system32\AuthWSC.dll
2007-05-09 13:39 103968 --a------ C:\WINDOWS\system32\authcrypt.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-08-12 21:25 C:\WINDOWS\system32\sstray.exe]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 10:21]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 19:05]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-06-25 22:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=C:\WINDOWS\pss\eFax 4.3.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"C:\Program Files\ATI Multimedia\main\launchpd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvmug.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESP]
c:\Program Files\Cox\Applications\app\start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
mgrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wise-FTP Scheduler]


R0 GRFILTER;Authentium NDIS Driver;C:\WINDOWS\system32\drivers\GRFILTER.sys
R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys
R1 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.SYS
R2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\system32\drivers\atibtcap.sys
R2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\system32\drivers\atibtxbr.sys
R2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\system32\drivers\ativtutw.sys
R2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\system32\drivers\ativxstw.sys
R2 CSS DVP;Dynamic Virus Protection;C:\WINDOWS\system32\DRIVERS\css-dvp.sys
R2 GRTdiMon;Authentium TDI Mon;C:\WINDOWS\system32\Drivers\GRTdiMon.sys
R2 WSearch;Windows Search;C:\WINDOWS\system32\SearchIndexer.exe /Embedding
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
R3 nvnforce;Service for NVIDIA® nForce™ Audio;C:\WINDOWS\system32\drivers\nvapu.sys
R3 P1110VID;Creative WebCam NX;C:\WINDOWS\system32\DRIVERS\P1110Vid.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S2 Microsoft System Management;Microsoft System Management;C:\WINDOWS\system32\system.exe
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3cc549d-1988-11dc-80fb-000ea6a7817f}]
AutoRun\command- H:\Autorun.exe /run
Shell00\Command- H:\Autorun.exe /run
Shell01\Command- H:\Autorun.exe /action
Shell02\Command- H:\Autorun.exe /uninstall


Contents of the 'Scheduled Tasks' folder
2007-07-25 02:26:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-09 01:56:34 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1183946107.job
2007-07-24 03:34:43 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - mike.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 18:56:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MSSYCLM]
"Start"=dword:66601541
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000001cb
"TracesSuccessful"=dword:00000016

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-26 19:02:59 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-26 19:00

--- E O F ---


HJTHIS

Logfile of HijackThis v1.99.1
Scan saved at 12:22:36 AM, on 7/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\web\webserver\Apache2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\web\webserver\Apache2\bin\httpd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\HJTHIS\scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2F18FBE-98A7-4506-B511-807215A913E9}: NameServer = 68.6.16.30,68.6.16.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Apache2 - Unknown owner - C:\web\webserver\Apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:24 PM

Posted 30 July 2007 - 04:04 AM

Hi

Yes looks much cleaner already :thumbsup:

Open HijackThis, click do a system scan only and checkmark this:

O23 - Service: Microsoft System Management - Unknown owner - C:\WINDOWS\system32\system.exe (file missing)

Close all windows including browser and press fix checked.

Reboot.

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\ccuhrgng.dll
C:\WINDOWS\system32\lybrrqll.dll
C:\WINDOWS\system32\ddcywuu.dll
C:\WINDOWS\system32\kchiikwe.dll
C:\WINDOWS\system32\nnnmjge.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]


Save this as "CFScript"

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Edited by Shaba, 30 July 2007 - 04:06 AM.

Microsoft MVP Consumer Security
Posted Image

Posted Image

#5 fluidmedia

fluidmedia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 30 July 2007 - 10:12 PM

thanks here are the logs

ComboFix 07-07-27 - "mike" 2007-07-30 19:56:57.2 [GMT -7:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\mike\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ccuhrgng.dll
C:\WINDOWS\system32\ddcywuu.dll
C:\WINDOWS\system32\kchiikwe.dll
C:\WINDOWS\system32\lybrrqll.dll
C:\WINDOWS\system32\nnnmjge.dll


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))


2007-07-30 02:29 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-07-30 01:56 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-30 01:56 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-30 01:56 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-07-30 01:56 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-30 01:56 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2007-07-30 01:56 <DIR> d-------- C:\Program Files\Webroot
2007-07-30 01:56 <DIR> d-------- C:\DOCUME~1\mike\APPLIC~1\Webroot
2007-07-30 01:56 <DIR> d-------- C:\DOCUME~1\LOCALS~1.001\APPLIC~1\Webroot
2007-07-30 01:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-30 01:53 164 --a------ C:\install.dat
2007-07-30 01:49 3,164 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-30 01:48 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-30 01:48 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-30 01:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-30 01:03 9,839 --a------ C:\dnsbak.reg
2007-07-30 00:21 <DIR> d-------- C:\HJTHIS
2007-07-29 03:01 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-07-29 03:01 <DIR> d-------- C:\WINDOWS\Profiles
2007-07-29 03:01 <DIR> d-------- C:\DOCUME~1\mike\APPLIC~1\InterTrust
2007-07-29 03:00 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-07-29 03:00 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2007-07-29 03:00 232,192 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2007-07-29 03:00 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-07-29 03:00 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2007-07-29 03:00 <DIR> d-------- C:\Program Files\Belkin
2007-07-26 18:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-26 14:01 86,016 --a------ C:\WINDOWS\CtDrvIns.exe
2007-07-26 14:01 68,608 --a------ C:\WINDOWS\system32\drivers\P1110Vid.sys
2007-07-26 14:01 4,216 --a------ C:\WINDOWS\system32\drivers\P1110Stb.sys
2007-07-26 14:01 36,864 --a------ C:\WINDOWS\system32\P1110Pin.dll
2007-07-26 14:01 36,864 --a------ C:\WINDOWS\system32\CtRegApp.dll
2007-07-26 14:01 36,864 --a------ C:\WINDOWS\system32\CtCamMgr.dll
2007-07-26 14:01 32,768 --a------ C:\WINDOWS\system32\P1110Sti.dll
2007-07-26 14:01 32,768 --a------ C:\WINDOWS\system32\P1110Hwx.dll
2007-07-26 14:01 20,480 --a------ C:\WINDOWS\system32\P1110Srv.exe
2007-07-26 14:01 20,480 --a------ C:\WINDOWS\P1110Cfg.exe
2007-07-26 14:01 126,976 --a------ C:\WINDOWS\system32\P1110Vfw.dll
2007-07-26 14:01 <DIR> d-------- C:\WebCam
2007-07-26 13:56 <DIR> d-------- C:\CtDriverInstTemp
2007-07-26 12:34 <DIR> d-------- C:\CWebCam
2007-07-25 17:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-24 19:55 <DIR> d-------- C:\Program Files\iTunes
2007-07-24 19:55 <DIR> d-------- C:\Program Files\iPod
2007-07-22 21:38 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-07-22 21:36 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-22 21:36 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-22 21:33 <DIR> d-------- C:\Program Files\Symantec
2007-07-22 21:33 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-22 21:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-22 18:27 <DIR> d-------- C:\DOCUME~1\mike\.housecall6.6
2007-07-22 11:09 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-22 11:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-22 11:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-22 08:26 12,800 --a------ C:\WINDOWS\system32\s2f.exe
2007-07-21 19:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Authentium
2007-07-21 19:46 <DIR> d-------- C:\Program Files\Common Files\RuleSpace
2007-07-21 19:46 <DIR> d-------- C:\Program Files\Common Files\Aluria
2007-07-21 19:45 <DIR> d-------- C:\Program Files\Common Files\Authentium
2007-07-21 19:42 <DIR> d-------- C:\Program Files\Cox
2007-07-21 18:11 <DIR> d-------- C:\Program Files\Common Files\Authentium Shared
2007-07-14 23:06 <DIR> d-------- C:\Program Files\AVI MPEG RM WMV Joiner
2007-07-08 19:00 <DIR> d---s---- C:\DOCUME~1\mike\UserData
2007-07-08 18:45 19,558 --a------ C:\WINDOWS\hpoins01.dat
2007-07-08 18:45 16,606 --------- C:\WINDOWS\hpomdl01.dat
2007-07-04 10:30 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-04 10:29 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-04 10:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-01 19:38 425,984 --a------ C:\WINDOWS\system32\wodKeys.dll
2007-07-01 19:38 385,024 --a------ C:\WINDOWS\system32\wodSFTP.dll
2007-07-01 19:38 1,079,808 --a------ C:\WINDOWS\system32\we.dll
2007-07-01 19:38 <DIR> d-------- C:\Program Files\AceBIT
2007-06-25 19:53 <DIR> d-------- C:\web
2007-06-25 19:08 <DIR> d-------- C:\Program Files\Apache Software Foundation
2007-06-25 16:22 <DIR> d-------- C:\var
2007-06-20 17:04 <DIR> d-------- C:\DOCUME~1\mike\APPLIC~1\eFax Messenger
2007-06-20 17:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\eFax Messenger 4.3 Output
2007-06-20 17:03 <DIR> d-------- C:\Program Files\eFax Messenger 4.3
2007-06-20 17:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\eFax Messenger 4.3 Setup
2007-06-13 01:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-06-13 01:04 <DIR> d-------- C:\Program Files\Nero
2007-06-13 01:04 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-06-13 01:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-06-12 19:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
2007-06-11 18:59 <DIR> d-------- C:\DOCUME~1\LOCALS~1.001\APPLIC~1\DivX
2007-06-11 17:42 <DIR> d-------- C:\Program Files\TVersity
2007-06-05 19:29 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2007-06-05 19:28 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 17:54 <DIR> d-------- C:\Program Files\Picasa2
2007-06-03 17:54 <DIR> d-------- C:\Program Files\Google
2007-06-01 01:05 <DIR> d-------- C:\DOCUME~1\mike\APPLIC~1\Azureus
2007-06-01 01:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-01 01:04 <DIR> d-------- C:\Program Files\Azureus


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 19:41 --------- d-------- C:\Program Files\QuickTime
2007-07-22 21:42 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-22 21:42 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-07 11:05 --------- d-------- C:\DOCUME~1\mike\APPLIC~1\Apple Computer
2007-07-01 19:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-30 21:11 --------- d-------- C:\DOCUME~1\mike\APPLIC~1\Ahead
2007-06-13 01:59 1277 --a------ C:\WINDOWS\mozver.dat
2007-06-12 19:26 --------- d-------- C:\Program Files\Apple Software Update
2007-06-08 18:12 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-05 23:21 --------- d-------- C:\DOCUME~1\mike\APPLIC~1\DivX
2007-06-02 21:01 --------- d-------- C:\Program Files\DivX
2007-06-01 00:10 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-06-01 00:10 --------- d-------- C:\Program Files\BitComet
2007-05-31 23:55 --------- d-------- C:\DOCUME~1\mike\APPLIC~1\.BitTornado
2007-05-31 23:54 --------- d-------- C:\Program Files\BitTornado
2007-05-30 23:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-30 23:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-30 23:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-30 23:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-30 23:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-23 17:28 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-05-23 17:28 249856 --------- C:\WINDOWS\Setup1.exe
2007-05-16 09:42 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-15 09:45 972336 --a------ C:\WINDOWS\UNNeroVision.exe
2007-05-10 00:23 0 --a--c--- C:\WINDOWS\nsreg.dat
2007-05-09 23:37 21640 --a--c--- C:\WINDOWS\system32\emptyregdb.dat
2007-05-09 13:51 214504 --a------ C:\WINDOWS\system32\grfilter.dll
2007-05-09 13:40 79336 --a------ C:\WINDOWS\system32\wscapi.dll
2007-05-09 13:40 79336 --a------ C:\WINDOWS\system32\AuthWSC.dll
2007-05-09 13:39 103968 --a------ C:\WINDOWS\system32\authcrypt.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-08-12 21:25 C:\WINDOWS\system32\sstray.exe]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 10:21]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 19:05]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-06-25 22:00]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=C:\WINDOWS\pss\eFax 4.3.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"C:\Program Files\ATI Multimedia\main\launchpd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESP]
c:\Program Files\Cox\Applications\app\start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wise-FTP Scheduler]


R0 GRFILTER;Authentium NDIS Driver;C:\WINDOWS\system32\drivers\GRFILTER.sys
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINDOWS\system32\Drivers\SSHRMD.SYS
R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINDOWS\system32\Drivers\SSIDRV.SYS
R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys
R1 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.SYS
R2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\system32\drivers\atibtcap.sys
R2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\system32\drivers\atibtxbr.sys
R2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\system32\drivers\ativtutw.sys
R2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\system32\drivers\ativxstw.sys
R2 Belkin Wireless USB Network Adapter Service;Belkin Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
R2 CSS DVP;Dynamic Virus Protection;C:\WINDOWS\system32\DRIVERS\css-dvp.sys
R2 GRTdiMon;Authentium TDI Mon;C:\WINDOWS\system32\Drivers\GRTdiMon.sys
R2 WSearch;Windows Search;C:\WINDOWS\system32\SearchIndexer.exe /Embedding
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
R3 nvnforce;Service for NVIDIA® nForce™ Audio;C:\WINDOWS\system32\drivers\nvapu.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 RT73;Belkin USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt73.sys
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\system32\Drivers\sskbfd.sys
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service;"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 P1110VID;Creative WebCam NX;C:\WINDOWS\system32\DRIVERS\P1110Vid.sys
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS
S4 Microsoft System Management;Microsoft System Management;C:\WINDOWS\system32\system.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3cc549d-1988-11dc-80fb-000ea6a7817f}]
AutoRun\command- H:\Autorun.exe /run
Shell00\Command- H:\Autorun.exe /run
Shell01\Command- H:\Autorun.exe /action
Shell02\Command- H:\Autorun.exe /uninstall


Contents of the 'Scheduled Tasks' folder
2007-07-25 02:26:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-09 01:56:34 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1183946107.job
2007-07-30 10:01:24 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - mike.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 20:05:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-30 20:08:22
C:\ComboFix-quarantined-files.txt ... 2007-07-30 20:07
C:\ComboFix2.txt ... 2007-07-26 19:03

--- E O F ---



HJTHIS

Logfile of HijackThis v1.99.1
Scan saved at 8:10:34 PM, on 7/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\web\webserver\Apache2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\web\webserver\Apache2\bin\httpd.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\HJTHIS\scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [nForce Tray Options] "sstray.exe" /r
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2F18FBE-98A7-4506-B511-807215A913E9}: NameServer = 68.6.16.30,68.6.16.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Apache2 - Unknown owner - C:\web\webserver\Apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

thanks

#6 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:24 PM

Posted 31 July 2007 - 03:33 AM

Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
Microsoft MVP Consumer Security
Posted Image

Posted Image

#7 fluidmedia

fluidmedia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 01 August 2007 - 07:40 PM

Wednesday, August 01, 2007 5:35:41 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 1/08/2007
Kaspersky Anti-Virus database records: 370266
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 211973
Number of viruses found 7
Number of infected objects 17
Number of suspicious objects 8
Duration of the scan process 05:01:13

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output\mike\~Running.ping Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.87.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.87.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy265.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf5.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf6.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_274.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1162OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-07-31_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\091982FB.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\4B5EF973.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e2e7ce20da37ae7e33a8ce1cb23b052_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\11890038516ad3ad04aa8689434b6c45_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1813923aaba0b57d7469c544c1bd0bbf_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ae6f5a8d08f61cdbe1569ac91b4cc9c_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c87647cfda3fa8550910c0813163f8e_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d2356d3728821d6e4f38e4fb3a1a8c5_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\280dff8dc88d092c51acb2bac33366aa_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\2cb57d950bdae6410ae004ec4a369110_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\353c951aed2700312d37d89a55287ca2_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3aa326cac1e81fbd5deef765e24d4acc_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c218b232c0711741af410deeeffe634_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fd7cb0d95d69414bc2cb4690ef3be66_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4220cb7777563f89577116be42496cd2_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4998b5e8c25b7be5b2619ff77558579b_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5119e85491f101608b367e09acb69734_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5128cc43e1c1cc48ca38255b10292f17_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\523e58383b30c2180b7900f597946f89_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\53ba9028ac5b7da032eb06b706bb69f7_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\54620c90651eee3dd4cc8c56a583d5b8_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\54b5025acf0862422bfe972a0b91b94d_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\55f900b0b691911d4c466d765f241634_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\570c687d060e6276f2e91730f259b320_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a64d2e06bb31376f889daff59b60c36_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c9f5fe195473a0536f45af71fa12f0a_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d531f448e8f3f4058d83da8678493d5_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\60ecd3c4fd976b214a1d8bd9b390bd7f_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\629fec4d0a78cfdd28a0b69f39a76d6b_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\66ed68018e5c3b27b5acd9ca65321a9c_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c94a525f9bbad42d9f3be7aa323a311_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\76f1f30ab2dadf1ad7c03f2e56905b05_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7cda8445c51e474ca2a2b6fd251369d3_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f4ffa87fb171d3721b738139c44128c_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\843d1038f9b843e70d26a3dde2e2a70e_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\87bb84427d4f03dee93f1e8925dd4777_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a506d181e5d7f65ce1f52abc9e595a4_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e729c3b3eabe1784f983b848b7ddfe2_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e97ea45c8f2a81b4b72192d52f88f37_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\94ebd2c2fc1243494540262bbaeab398_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\977f699f13b02d0b0aadaa65fa906c4c_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9be27d08c6b08351df2f3ebe2660b028_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ca5c45031bf6b73b0e9db40247c3915_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e622acab095f57794b56fd55375d8dd_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7611edfc9c5c461966b91f299a337e1_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab15d091b333a6860412b8850367d176_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac6fe5da66c39197980de52699a8b371_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\adde2ba29653142528ee1365342e8fa5_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\af9e5f0981b060f4cae699454d48e1b4_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b0484dc19fbc0b1255df8579c8cce7c1_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b746afc4b29f5831e0912aa69662b973_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b979dcb2dee7191fb8cdaa1c488f36cc_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb8905e79c7a14e67a1abbe91572da65_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\be13d3d81f45fd3311f9196d2a23435b_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c02f2a3f8c3b6c2b58998031dbff3f96_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2e1822250bbcc5e45d9e91da8f6cd65_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c704f8821b3bce128fcdcbd72317fd72_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c74e84bb001454f25f1b28765565d870_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb8f483fc6f7d99f5bb144f2a14a605b_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce743c4af9caf7f8573e94a17d4ab3a5_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ced886ac6d8086f1cb87cfbca2046382_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d198b6a50729cc13df697e41b99a4736_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d2c70acb39b9ac0097487a2640bcc573_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d36821f12e810be9d1682a2127c58b89_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d57ce6d119c8155a30bc28896dffae27_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6df8e3239ac60657c8ae9083824f7aa_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\dba7e6031f7e5292118fd399b21a4c71_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc638aa0cf5e9d330578d71d8f6a222d_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\dceabfc48b66e46c5f556b0d2ed01ba3_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\de00c10e2e4d585d73c8fb62ef44a948_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\de735f808483144d42b4fce7c7546fe1_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\dee399f04c4b6007cbb1314f703a8039_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e6adbb5e24a9aa31fe8754d73e116fa4_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e777f2e9865df0bddfb26e86c9839120_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e8cd6d38cd735de5d8c237dfb7d8ed04_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed0c0a35ac4c486e76b83ae86890b041_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee75b61fa23e54d7399ff0cc29b0f82f_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3ddc383a79dea3e415187f6962c077a_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa4bc4497f6ced275819ee2d0576bb21_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd5336a68aaf1db0603ae97955f3606d_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe9be70a97be82938741f9276f59f694_c55a2ad8-bba1-4a23-988d-951befeae4da Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip/cas2stub.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\VcodecStarVideos11.zip/stdrun6.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\VcodecStarVideos11.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\VcodecStarVideos9.zip/stdrun8.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\VcodecStarVideos9.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS01629783-83FC-40D5-9875-41830C88AB92.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS028AF56C-0BBA-4823-B647-1344CCE947B4.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS04349D9B-B71A-42EF-A4DF-E9C87C5734C8.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS0670B6D0-1D0A-4F8E-8B52-8574FD182B06.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS06776068-4BF5-49AA-8A3C-B2CFA47DABE7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS094FA108-B46D-4634-A315-46C0C6DC6844.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS131A47DA-6357-4B0A-A921-55A7C0C63AEF.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS148C53D1-C0E1-4CB2-BD90-FF2FE442718F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS16669570-4F1B-4C5B-B4F7-4EB9C5DDCF73.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS1AA2E61E-A937-447E-A218-8D610759A97D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS1C3E7284-775F-42D3-8AB7-0176E5B87E9F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS2009D1E6-F67C-4A96-8226-08075D3DACE2.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS214E2A74-0002-4683-B25B-7941FE229ECB.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS253FBA9B-5CC1-4274-A82D-58150CE49B74.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS27C2A3D8-6535-4B18-97EE-683E8573DB6B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS28772DDE-1377-412D-AA39-AF6BF6A9D578.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS2966E815-7BF7-4285-A890-33B2FAEAAA1F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS2AEAC9C1-FF66-4117-A706-18F4258990C5.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS2E084987-A944-4EF0-928F-BF704E5BB126.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS311A13EB-E929-4F52-846C-22419A221D36.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS35B5AFF5-1EBC-4D6A-8C20-FE68771A9994.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS372CE74F-304C-446E-AF04-76545136044A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS37D444B5-7116-4B44-8692-C176DAE97BB9.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS3ACDBCDC-2773-4D54-8BFB-85E32C22F69D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS3C3A61D3-8625-4753-B15D-49B42ED519C1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS40FF5B21-232B-4A80-A625-5B15BEC879F7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS42F672C3-9C0D-4FA9-8C08-6E057422D5C1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS4547669C-20C4-487B-B233-DF8E3332AA46.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS463EF4F2-2F38-43EA-ACF9-11C95BE00AAE.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS47D0DDBF-3DD9-4CAF-8236-89DF8C8B2DB7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS502CE12A-02D7-49DD-9CC3-EFEDA401C24A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS541E6D91-1A73-4AB2-9F11-9425309331EC.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS54B74F68-0575-451F-BB06-7CA7CF0D179D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS54E8DDB1-8342-479D-B693-809A31486664.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS56B5AD90-5DC3-4498-A044-F22FB40A92ED.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS58046FF6-4DAB-4CEE-B2B3-648A5A57A0D2.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS651ED349-0F0E-4583-A3BD-367F281C1E6A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS652BF58D-2C52-4E00-93A8-7EDD89162A55.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS6B01CC48-32BB-449F-955F-D3021F7091CC.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS6C90D805-DB3B-41E1-AEDE-54E1D1389696.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS6EC664FC-D145-42C9-B966-B29FA156DFA8.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS6F82DA25-B23D-4A1B-B9F8-B3EF23D4E017.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS6FE59E8D-46C2-4CF9-A143-FF5BA0595E5D.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS6FEA69BF-2C35-41D2-A0B3-4600905F9119.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS76D0B047-5E12-4A57-93D0-9416467F933C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS7887A106-8BD8-4083-BC08-73709D8C7BFF.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS79F5DC31-909C-443A-8B8B-A4F84226DCE9.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS7BD5416B-EB3E-422F-B7CE-28C13059E1C8.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS7EBA691C-12B1-4A7D-B012-6C39D11DA0D0.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS7F2D3113-C051-4AE6-9804-F14D34E6F87C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS8782A6B7-42A5-4674-8F87-BB6969781A40.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS896E0F90-3C66-46BE-B1D0-E0B2E237BC51.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS8F30B3C8-C21D-4116-B35F-B29B73E0CC37.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS8F730741-0AB6-48BE-8E69-E2931F83F5B6.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS9220C726-0B1D-4FB9-AA1F-9350AA629CBB.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS92B8D948-CAD4-4715-BB7C-7A07CBBBEAF2.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS92DFDD7F-2FE7-4C32-B07D-2739160117BB.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS9CC40BE8-97F4-4961-AA0E-E79976F7A83A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMS9D5CA6CE-7C8F-44D6-991F-4E8B37F8BC79.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSA89758D2-57D6-4C48-BCB5-CB4705482737.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSAC6800B1-125F-4635-B235-B14E58B2247B.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSAD664D9F-C785-4B2C-8539-B8447F010D74.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSB04C652F-0A25-447F-98F5-35CB6DF28292.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSB2C27106-E623-41CD-B70E-6559F27A7448.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSB3AEA835-E307-4156-9463-788A482A9FBB.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSB454BF9F-AD54-4FCE-AB07-E2B8BACC952F.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSC0D89F60-981B-4C4C-889D-262639ECCDC6.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSC126FF16-ECC9-4DA6-9A77-38A246674657.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSC19B5F47-D29C-4997-9AFF-03EC9DE6BBCA.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSC4D3C418-A469-4F15-93BA-E1EF433CAC2A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSC54C99AC-9DDA-4FAC-A168-23A3A5F97B73.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSC84A9CAC-134F-48C2-896F-D11129EF2739.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSCA8BEC52-CA03-4781-AAD9-15210B77359C.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSCF135FD2-C1B0-410F-950D-00ED4131A2EE.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSD1EFB1F3-F58B-43DE-9305-2246D3B0ABB6.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSD340DEB7-E4FA-4F56-97A8-4A66A92DC3F5.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSD525E064-1308-40F8-855B-2FB1A5D56159.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSD68FD57B-5595-45E1-9273-67005F636AB1.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSD793F812-50A2-44B4-A47F-36A6F2CF7782.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSE0418E8F-A3D5-48C6-8CF1-2394CF3AE013.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSE3443BAC-1F3B-49AF-B5CF-18E96C8C70FF.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSE6F6786D-B28C-4A51-B3F5-020127109F18.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSEFCA8118-7FE8-43F6-AD8A-831D1A1B8BFD.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSEFF135F5-E630-415F-A6FF-A14BC090E889.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSF5C6C5F5-031C-4488-B739-933F62E03131.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSF700DFA4-66E5-4547-82CA-AA694EB559A7.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSFA0743C3-E90F-4529-8CDE-4DA0B8BFB7FE.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSFB0AD366-F50C-4CAC-9FDC-AA8F902EA872.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Application Data\Webroot\Spy Sweeper\Temp\SSMSFCFB2330-D4BB-4E29-B060-FDD5E0E4FF0A.tmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.001\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\mike\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\mike\Application Data\Microsoft\Templates\NormalEmail.dotm Object is locked skipped
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\ghs4ziqe.default\cert8.db Object is locked skipped
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\ghs4ziqe.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\ghs4ziqe.default\history.dat Object is locked skipped
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\ghs4ziqe.default\key3.db Object is locked skipped
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\ghs4ziqe.default\parent.lock Object is locked skipped
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\ghs4ziqe.default\search.sqlite Object is locked skipped
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\ghs4ziqe.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\mike\Application Data\Webroot\Spy Sweeper\Logs\070730210235.ses Object is locked skipped
C:\Documents and Settings\mike\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\mike\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\mike\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\mike\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\mike\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Application Data\Identities\{47FEC711-4411-4BA5-BEE1-9F331BD66D6C}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Application Data\Identities\{47FEC711-4411-4BA5-BEE1-9F331BD66D6C}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Application Data\Microsoft\Outlook\~Outlook.pst.tmp Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\ghs4ziqe.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\ghs4ziqe.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\ghs4ziqe.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\ghs4ziqe.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\mike\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\mike\Local Settings\History\History.IE5\MSHist012007073120070801\index.dat Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Temp\Perflib_Perfdata_c6c.dat Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Temp\~DF458C.tmp Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Temp\~DFDDFC.tmp Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.Word\~WRS{F3D1D2F4-4A3A-4B22-B304-8587C4694782}.tmp Object is locked skipped
C:\Documents and Settings\mike\My Documents\software\Nero 7 8 5 0 Ultra Edition Enhanced + Keymaker\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\mike\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\mike\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.001\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.001\ntuser.dat.LOG Object is locked skipped
C:\Downloads\Nero 7 8 5 0 Ultra Edition Enhanced + Keymaker\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_mike.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_mike.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_mike.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ccuhrgng.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcywuu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kchiikwe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lybrrqll.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mllml.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnmjge.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\winhoq32.dll.vir Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{D0577DDE-3855-4AC7-BBE5-2414C2E4A4D5}\RP2\A0000074.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{D0577DDE-3855-4AC7-BBE5-2414C2E4A4D5}\RP2\A0000075.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{D0577DDE-3855-4AC7-BBE5-2414C2E4A4D5}\RP2\A0000076.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{D0577DDE-3855-4AC7-BBE5-2414C2E4A4D5}\RP2\A0000077.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\System Volume Information\_restore{D0577DDE-3855-4AC7-BBE5-2414C2E4A4D5}\RP2\A0000078.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{D0577DDE-3855-4AC7-BBE5-2414C2E4A4D5}\RP2\change.log Object is locked skipped
C:\web\webserver\Apache2\logs\access.log Object is locked skipped
C:\web\webserver\Apache2\logs\error.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{6AAAA565-8607-4801-83BB-8002A715CE8F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.




Logfile of HijackThis v1.99.1
Scan saved at 5:40:34 PM, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\web\webserver\Apache2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\web\webserver\Apache2\bin\httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJTHIS\scanner.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [nForce Tray Options] "sstray.exe" /r
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2F18FBE-98A7-4506-B511-807215A913E9}: NameServer = 68.6.16.30,68.6.16.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Apache2 - Unknown owner - C:\web\webserver\Apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#8 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:24 PM

Posted 02 August 2007 - 02:58 AM

Hi

Empty these folders:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
C:\QooBox\Quarantine

Empty Recycle Bin

Still problems?
Microsoft MVP Consumer Security
Posted Image

Posted Image

#9 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:24 PM

Posted 06 August 2007 - 04:21 AM

fluidmedia?
Microsoft MVP Consumer Security
Posted Image

Posted Image

#10 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:24 PM

Posted 09 August 2007 - 12:46 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users