Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Popups While Using Firefox... Hijackthis Log


  • This topic is locked This topic is locked
15 replies to this topic

#1 Robin66

Robin66

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 31 August 2007 - 07:10 AM

Hi folks

Despite regular Ad-aware and Spybot use, my home computer is now getting IE popups, although we use Firefox exclusively.

Can anyone make sense of this HijackThis logfile?

Thanks,
Robin

(p.s. I reposted this topic after getting a message that my HijackThis wasn't current. I can't find the original post I made, so if I posted twice, I apologize)

***********************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:16 AM, on 8/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Robin\My Documents\Download\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifilm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar7.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\meal road.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fordbody] C:\DOCUME~1\Robin\APPLIC~1\WIPECO~1\DvdUserFlap.exe
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1013\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Aidan')
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1013\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Aidan')
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1013\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Aidan')
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1013\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Aidan')
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1013\..\Run: [Fordbody] C:\DOCUME~1\Aidan\APPLIC~1\WIPECO~1\DvdUserFlap.exe (User 'Aidan')
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1014\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Erin')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZJfox000(2)
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10809 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 31 August 2007 - 09:08 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Robin66 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Download Deljob.exe and save it on your desktop.
Double click on Deljob.exe.
A log,(logit.txt) should open afterwards.
This log will be present on your desktop.
Post the entire contents of the logfile into your next reply,along with a new Hijack This log.
Posted Image
Posted Image

#3 Robin66

Robin66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 01 September 2007 - 05:22 PM

Thanks Richie. I upgraded my JRE.

Here's the log file from that DelJob:

--------------------------------------------------------
File(s) moved to C:\deljob

B1C10C5B998E880B.job
--------------------------------------------------------
Files remaining after cleaning

--------------------------------------------------------
App data folders

Volume in drive C is PRESARIO
Volume Serial Number is 5B74-5E74

Directory of C:\Documents and Settings\Robin\Application Data

08/17/2007 10:37 PM <DIR> .
08/17/2007 10:37 PM <DIR> ..
02/07/2007 10:18 AM <DIR> Adobe
02/07/2007 10:21 AM <DIR> AdobeUM
07/29/2006 03:39 PM <DIR> Ahead
10/25/2005 10:30 PM <DIR> APPLEC~1 Apple Computer
02/17/2007 12:02 PM <DIR> ArcSoft
07/11/2007 09:53 PM <DIR> BITTOR~1 BitTorrent
03/17/2007 11:29 AM <DIR> BLACKB~1 Blackberry Desktop
01/30/2007 11:23 PM <DIR> Canon
10/31/2006 07:10 PM <DIR> Google
11/01/2005 10:36 AM <DIR> Help
01/09/2007 12:04 AM <DIR> HotSync
10/19/2005 08:38 AM <DIR> HPQ
08/10/2005 06:21 AM <DIR> IDENTI~1 Identities
10/19/2005 08:23 AM <DIR> INTERV~1 InterVideo
08/10/2005 06:21 AM <DIR> Intuit
10/22/2005 03:58 PM <DIR> KAZAAL~1 Kazaa Lite
08/17/2007 06:38 PM <DIR> Lavasoft
10/21/2005 07:21 PM <DIR> LEADER~1 Leadertech
07/26/2007 10:31 PM <DIR> LimeWire
10/30/2005 06:38 PM <DIR> MACROM~1 Macromedia
02/11/2007 11:56 PM <DIR> MAXIMI~1 Maximizer
02/24/2007 05:32 PM <DIR> MICROS~1 Microsoft
01/08/2006 10:08 AM <DIR> Mozilla
10/19/2005 12:01 AM <DIR> Real
03/17/2007 11:32 AM <DIR> RESEAR~1 Research In Motion
05/13/2007 11:44 AM <DIR> RONIMU~1 Roni Music
08/10/2005 06:21 AM <DIR> SAMPLE~1 SampleView
01/30/2007 10:37 PM <DIR> ScanSoft
08/07/2006 05:50 PM <DIR> Skype
10/21/2005 07:22 PM <DIR> Sonic
11/27/2005 11:35 PM <DIR> Sun
08/10/2005 06:21 AM <DIR> Symantec
01/24/2007 03:25 PM <DIR> SYSTEM~1 System Requirements Lab
10/23/2005 10:44 PM <DIR> Talkback
10/23/2005 10:44 PM <DIR> THUNDE~1 Thunderbird
08/17/2007 10:54 PM <DIR> WIPECO~1 Wipe comp real
0 File(s) 0 bytes
38 Dir(s) 15,275,057,152 bytes free
Volume in drive C is PRESARIO
Volume Serial Number is 5B74-5E74

Directory of C:\Documents and Settings\All Users\Application Data

08/17/2007 06:38 PM <DIR> .
08/17/2007 06:38 PM <DIR> ..
02/07/2007 10:23 AM <DIR> Adobe
10/25/2005 10:13 PM <DIR> APPLEC~1 Apple Computer
05/10/2006 05:01 PM <DIR> ARMAGE~1 Armagetron
12/14/2006 11:32 AM <DIR> CA
01/09/2007 12:07 AM <DIR> DataViz
11/18/2006 12:23 PM <DIR> DVDSHR~1 DVD Shrink
10/10/2006 08:37 PM <DIR> Google
08/10/2005 06:21 AM <DIR> HEWLET~1 Hewlett-Packard
01/09/2007 12:05 AM <DIR> HotSync
06/06/2007 12:17 AM <DIR> INSTAL~2 Installations
08/10/2005 06:21 AM <DIR> INSTAL~1 InstallShield
08/10/2005 06:21 AM <DIR> Intuit
08/17/2007 06:38 PM <DIR> Lavasoft
02/02/2007 08:51 PM <DIR> MAXIMI~1 MaximizerGlobalReports
03/25/2007 11:48 AM <DIR> MESSEN~1 Messenger Plus!
08/17/2007 06:38 PM <DIR> MICROS~1 Microsoft
06/06/2007 12:19 AM <DIR> PCSUIT~1 PC Suite
08/18/2006 03:31 PM <DIR> QubeSoft
10/25/2005 10:10 PM <DIR> QUICKT~1 QuickTime
08/10/2005 06:21 AM <DIR> SBSI
08/16/2007 04:34 PM <DIR> SOFTWA~1 Software rule flag owns
10/21/2005 07:49 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
01/30/2007 10:37 PM <DIR> SSSCAN~1 SSScanAppDataDir
01/30/2007 10:37 PM <DIR> SSSCAN~2 SSScanWizard
10/19/2005 02:58 PM <DIR> Symantec
10/27/2005 05:12 PM <DIR> Trymedia
12/14/2005 03:56 PM <DIR> WINDOW~1 Windows Genuine Advantage
0 File(s) 0 bytes
29 Dir(s) 15,275,053,056 bytes free
--------------------------------------------------------


and here's a fresh log from from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:11 PM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Robin\My Documents\Download\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifilm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar7.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\meal road.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fordbody] C:\DOCUME~1\Robin\APPLIC~1\WIPECO~1\DvdUserFlap.exe
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1014\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Erin')
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1014\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Erin')
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1014\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Erin')
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1014\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Erin')
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1014\..\Run: [Fordbody] C:\DOCUME~1\Erin\APPLIC~1\WIPECO~1\DvdUserFlap.exe (User 'Erin')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZJfox000(2)
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10786 bytes



Thanks again,
Robin

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 02 September 2007 - 05:10 AM

You've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/


With you having Service Pack 2 installed i'm presuming you're using the Windows Firewall.
If you're not using Windows Firewall,or you require a more robust third party firewall then download\install one of the following freeware choices:

Outpost Firewall Free:
http://www.agnitum.com/products/outpostfree/index.php

Sygate Personal Firewall Free Edition:
http://www.filehippo.com/download_sygate_personal_firewall/

Zone Alarm Free:
http://download.zonelabs.com/bin/free/1001..._737_000_en.exe

You may want to read the following.
Understanding and Using Firewalls:
http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/


Make sure all hidden files are showing:
* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\meal road.exe
O4 - HKCU\..\Run: [Fordbody] C:\DOCUME~1\Robin\APPLIC~1\WIPECO~1\DvdUserFlap.exe
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1014\..\Run: [Fordbody] C:\DOCUME~1\Erin\APPLIC~1\WIPECO~1\DvdUserFlap.exe (User 'Erin')
O8 - Extra context menu item: &Search - ?p=ZJfox000(2)

Exit Hijackthis.

Find and delete:
C:\Documents and Settings\Robin\Application Data\Wipe comp real
C:\Documents and Settings\All Users\Application Data\Software rule flag owns
C:\Documents and Settings\All Users\Application Data\Trymedia

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#5 Robin66

Robin66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 03 September 2007 - 10:16 AM

OK, Richie, here's the log from the SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/03/2007 at 11:14 AM

Application Version : 3.9.1008

Core Rules Database Version : 3298
Trace Rules Database Version: 1306

Scan type : Complete Scan
Total Scan Time : 02:15:07

Memory items scanned : 476
Memory threats detected : 0
Registry items scanned : 6334
Registry threats detected : 0
File items scanned : 89953
File threats detected : 179

Adware.Tracking Cookie
C:\Documents and Settings\Robin\Cookies\robin@partygaming.122.2o7[1].txt
C:\Documents and Settings\Robin\Cookies\robin@kickass-media[1].txt
C:\Documents and Settings\Robin\Cookies\robin@atdmt[2].txt
C:\Documents and Settings\Robin\Cookies\robin@supermediastore[1].txt
C:\Documents and Settings\Robin\Cookies\robin@questionmarket[1].txt
C:\Documents and Settings\Robin\Cookies\robin@ads.ratingz[1].txt
C:\Documents and Settings\Robin\Cookies\robin@ads.aintitcool[2].txt
C:\Documents and Settings\Robin\Cookies\robin@server.iad.liveperson[2].txt
C:\Documents and Settings\Robin\Cookies\robin@image.masterstats[1].txt
C:\Documents and Settings\Robin\Cookies\robin@login.tracking101[3].txt
C:\Documents and Settings\Robin\Cookies\robin@html[1].txt
C:\Documents and Settings\Robin\Cookies\robin@ads.digital-digest[1].txt
C:\Documents and Settings\Robin\Cookies\robin@ads.digitalmedianet[1].txt
C:\Documents and Settings\Robin\Cookies\robin@yadro[2].txt
C:\Documents and Settings\Robin\Cookies\robin@xiti[1].txt
C:\Documents and Settings\Robin\Cookies\robin@azjmp[1].txt
C:\Documents and Settings\Robin\Cookies\robin@ads.webfeat[2].txt
C:\Documents and Settings\Robin\Cookies\robin@imrworldwide[2].txt
C:\Documents and Settings\Robin\Cookies\robin@adopt.euroclick[2].txt
C:\Documents and Settings\Robin\Cookies\robin@interclick[1].txt
C:\Documents and Settings\Robin\Cookies\robin@numetro_live[1].txt
C:\Documents and Settings\Robin\Cookies\robin@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Robin\Cookies\robin@partypoker[2].txt
C:\Documents and Settings\Robin\Cookies\robin@ads.cartoonnetwork[1].txt
C:\Documents and Settings\Robin\Cookies\robin@easy-hit-counters[1].txt
C:\Documents and Settings\Robin\Cookies\robin@adcentriconline[1].txt
C:\Documents and Settings\Robin\Cookies\robin@worldlingomedia[1].txt
C:\Documents and Settings\Robin\Cookies\robin@track.webgains[1].txt
C:\Documents and Settings\Robin\Cookies\robin@ad[1].txt
C:\Documents and Settings\Robin\Cookies\robin@ads2.net2day[1].txt
C:\Documents and Settings\Aidan\Cookies\aidan@ad.directanetworks[2].txt
C:\Documents and Settings\Aidan\Cookies\aidan@ad.zanox[1].txt
C:\Documents and Settings\Aidan\Cookies\aidan@adbrite[1].txt
C:\Documents and Settings\Aidan\Cookies\aidan@adcentriconline[2].txt
C:\Documents and Settings\Aidan\Cookies\aidan@adopt.euroclick[1].txt
C:\Documents and Settings\Aidan\Cookies\aidan@ads.adbrite[1].txt
C:\Documents and Settings\Aidan\Cookies\aidan@ads.awesomehouseparty[1].txt
C:\Documents and Settings\Aidan\Cookies\aidan@ads.cartoonnetwork[1].txt
C:\Documents and Settings\Aidan\Cookies\aidan@ads.toonamijetstream[1].txt
C:\Documents and Settings\Aidan\Cookies\aidan@atwola[2].txt
C:\Documents and Settings\Aidan\Cookies\aidan@bs.serving-sys[2].txt
C:\Documents and Settings\Aidan\Cookies\aidan@mywebsearch[1].txt
C:\Documents and Settings\Aidan\Cookies\aidan@serving-sys[2].txt
C:\Documents and Settings\Aidan\Cookies\aidan@specificclick[2].txt
C:\Documents and Settings\Connor\Cookies\connor@a.websponsors[1].txt
C:\Documents and Settings\Connor\Cookies\connor@adcentriconline[1].txt
C:\Documents and Settings\Connor\Cookies\connor@adopt.euroclick[2].txt
C:\Documents and Settings\Connor\Cookies\connor@ads.ak.facebook[1].txt
C:\Documents and Settings\Connor\Cookies\connor@ads.cnn[1].txt
C:\Documents and Settings\Connor\Cookies\connor@affiliate.budsinc[1].txt
C:\Documents and Settings\Connor\Cookies\connor@atwola[1].txt
C:\Documents and Settings\Connor\Cookies\connor@azjmp[2].txt
C:\Documents and Settings\Connor\Cookies\connor@bs.serving-sys[1].txt
C:\Documents and Settings\Connor\Cookies\connor@burstnet[2].txt
C:\Documents and Settings\Connor\Cookies\connor@clicks.emarketmakers[1].txt
C:\Documents and Settings\Connor\Cookies\connor@eas.apm.emediate[2].txt
C:\Documents and Settings\Connor\Cookies\connor@interclick[2].txt
C:\Documents and Settings\Connor\Cookies\connor@login.tracking101[2].txt
C:\Documents and Settings\Connor\Cookies\connor@media.wii.ign[2].txt
C:\Documents and Settings\Connor\Cookies\connor@partygaming.122.2o7[1].txt
C:\Documents and Settings\Connor\Cookies\connor@partygaming.122.2o7[2].txt
C:\Documents and Settings\Connor\Cookies\connor@partypoker[2].txt
C:\Documents and Settings\Connor\Cookies\connor@questionmarket[2].txt
C:\Documents and Settings\Connor\Cookies\connor@server.iad.liveperson[1].txt
C:\Documents and Settings\Connor\Cookies\connor@serving-sys[1].txt
C:\Documents and Settings\Connor\Cookies\connor@track.webgains[1].txt
C:\Documents and Settings\Erin\Cookies\erin@a.websponsors[2].txt
C:\Documents and Settings\Erin\Cookies\erin@ad.directanetworks[2].txt
C:\Documents and Settings\Erin\Cookies\erin@adopt.euroclick[1].txt
C:\Documents and Settings\Erin\Cookies\erin@adopt.hbmediapro[2].txt
C:\Documents and Settings\Erin\Cookies\erin@ads.ak.facebook[1].txt
C:\Documents and Settings\Erin\Cookies\erin@ads.awesomehouseparty[1].txt
C:\Documents and Settings\Erin\Cookies\erin@ads.cartoonnetwork[1].txt
C:\Documents and Settings\Erin\Cookies\erin@atwola[1].txt
C:\Documents and Settings\Erin\Cookies\erin@azjmp[1].txt
C:\Documents and Settings\Erin\Cookies\erin@banner.casinofortune[2].txt
C:\Documents and Settings\Erin\Cookies\erin@belnk[1].txt
C:\Documents and Settings\Erin\Cookies\erin@burstnet[2].txt
C:\Documents and Settings\Erin\Cookies\erin@dist.belnk[2].txt
C:\Documents and Settings\Erin\Cookies\erin@gostats[2].txt
C:\Documents and Settings\Erin\Cookies\erin@itxt.vibrantmedia[1].txt
C:\Documents and Settings\Erin\Cookies\erin@optimost[1].txt
C:\Documents and Settings\Erin\Cookies\erin@overture[1].txt
C:\Documents and Settings\Erin\Cookies\erin@partygaming.122.2o7[1].txt
C:\Documents and Settings\Erin\Cookies\erin@partypoker[2].txt
C:\Documents and Settings\Erin\Cookies\erin@precisionclick[1].txt
C:\Documents and Settings\Erin\Cookies\erin@qnsr[2].txt
C:\Documents and Settings\Erin\Cookies\erin@server.cpmstar[2].txt
C:\Documents and Settings\Erin\Cookies\erin@smileycentral[1].txt
C:\Documents and Settings\Keigan\Cookies\keigan@adopt.euroclick[1].txt
C:\Documents and Settings\Keigan\Cookies\keigan@ads.ak.facebook[2].txt
C:\Documents and Settings\Keigan\Cookies\keigan@ads.cartoonnetwork[1].txt
C:\Documents and Settings\Keigan\Cookies\keigan@ads.cnn[2].txt
C:\Documents and Settings\Keigan\Cookies\keigan@ads.toonamijetstream[1].txt
C:\Documents and Settings\Keigan\Cookies\keigan@affiliate.budsinc[2].txt
C:\Documents and Settings\Keigan\Cookies\keigan@azjmp[1].txt
C:\Documents and Settings\Keigan\Cookies\keigan@banners.battleon[1].txt
C:\Documents and Settings\Keigan\Cookies\keigan@burstnet[2].txt
C:\Documents and Settings\Keigan\Cookies\keigan@eas.apm.emediate[1].txt
C:\Documents and Settings\Keigan\Cookies\keigan@familymediaguide[2].txt
C:\Documents and Settings\Keigan\Cookies\keigan@msnportal.112.2o7[1].txt
C:\Documents and Settings\Keigan\Cookies\keigan@server.cpmstar[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@3.adbrite[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@adcentriconline[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@adknowledge[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@admarketplace[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@adopt.hbmediapro[2].txt
C:\Documents and Settings\Kyla\Cookies\kyla@ads.addesktop[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@ads.cc214142[2].txt
C:\Documents and Settings\Kyla\Cookies\kyla@ads.cnn[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@ads.monster[2].txt
C:\Documents and Settings\Kyla\Cookies\kyla@atwola[2].txt
C:\Documents and Settings\Kyla\Cookies\kyla@belnk[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@burstnet[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@clickaction[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@clicktorrent[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@dist.belnk[2].txt
C:\Documents and Settings\Kyla\Cookies\kyla@easy-hit-counters[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@fixionmedia[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@focalex[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@hits.clickandtrack[2].txt
C:\Documents and Settings\Kyla\Cookies\kyla@i.screensavers[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@icc.intellisrv[2].txt
C:\Documents and Settings\Kyla\Cookies\kyla@image.masterstats[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@kanoodle[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@optimost[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@partner2profit[2].txt
C:\Documents and Settings\Kyla\Cookies\kyla@server.cpmstar[2].txt
C:\Documents and Settings\Kyla\Cookies\kyla@teenadvice.about[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@teenpeople[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@www.0stats[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@www.screensavers[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@xxxbaby-bratxxx.piczo[1].txt
C:\Documents and Settings\Kyla\Cookies\kyla@yadro[1].txt
C:\Documents and Settings\Robin\Cookies\robin@ad.isohunt[2].txt
C:\Documents and Settings\Robin\Cookies\robin@ads.cnn[1].txt
C:\Documents and Settings\Robin\Cookies\robin@ads.mlogiq[1].txt
C:\Documents and Settings\Robin\Cookies\robin@ads.turner[1].txt
C:\Documents and Settings\Robin\Cookies\robin@adsense[1].txt
C:\Documents and Settings\Robin\Cookies\robin@adsense[2].txt
C:\Documents and Settings\Robin\Cookies\robin@itxt.vibrantmedia[1].txt
C:\Documents and Settings\Robin\Cookies\robin@kanoodle[2].txt
C:\Documents and Settings\Robin\Cookies\robin@login.tracking101[2].txt
C:\Documents and Settings\Robin\Cookies\robin@tripod.lycos[1].txt
C:\Documents and Settings\Robin\Cookies\robin@warlog[1].txt
C:\Documents and Settings\Robin\Cookies\robin@www.elitecastingnetwork[2].txt

Adware.Lop-Variant
C:\DOCUMENTS AND SETTINGS\AIDAN\APPLICATION DATA\WIPE COMP REAL\ANTI TRUST PART JUNK.EXE
C:\DOCUMENTS AND SETTINGS\AIDAN\APPLICATION DATA\WIPE COMP REAL\DVDUSERFLAP.EXE
C:\DOCUMENTS AND SETTINGS\AIDAN\LOCAL SETTINGS\TEMP\BIS3.EXE
C:\DOCUMENTS AND SETTINGS\CONNOR\APPLICATION DATA\WIPE COMP REAL\DVDUSERFLAP.EXE
C:\DOCUMENTS AND SETTINGS\ERIN\APPLICATION DATA\WIPE COMP REAL\DVDUSERFLAP.EXE
C:\DOCUMENTS AND SETTINGS\KEIGAN\APPLICATION DATA\WIPE COMP REAL\DVDUSERFLAP.EXE
C:\DOCUMENTS AND SETTINGS\KYLA\APPLICATION DATA\WIPE COMP REAL\DVDUSERFLAP.EXE
C:\PROGRAM FILES\ADVERTS\UNINST.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP715\A0090477.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP716\A0090530.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP717\A0090557.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP718\A0090578.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP719\A0090622.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP720\A0090630.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP721\A0090645.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP721\A0090698.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP722\A0090718.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP723\A0090740.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP724\A0090762.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP725\A0090789.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP726\A0090827.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP727\A0090847.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP728\A0090913.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP729\A0090961.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP732\A0091294.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP732\A0091320.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP733\A0091328.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP733\A0092300.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP734\A0092322.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP736\A0092381.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP736\A0092382.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP736\A0092383.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP736\A0092385.EXE

And here's a new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:02 PM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Robin\My Documents\Download\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifilm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar7.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Fordbody] C:\DOCUME~1\Robin\APPLIC~1\WIPECO~1\DvdUserFlap.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10701 bytes


BTW, when I ran the AVAST antivirus it cleaned a couple of things, so that when you told me to use HijackThis to delete that 04 - HKUS entry, it wasn't there any more.

And when I ran the SuperAntiSpyware program, the AVAST antivirus program detected a ton of trojans during SuperAntiSpyware's scan (I deleted some before I saw it recommended 'move to chest')

The pc seems to be working well right now... and I'll keep a closer eye on it too.

Thanks again for all your help so far, Richie. I really appreciate it.

Robin

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 03 September 2007 - 10:26 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKCU\..\Run: [Fordbody] C:\DOCUME~1\Robin\APPLIC~1\WIPECO~1\DvdUserFlap.exe

Restart your pc.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#7 Robin66

Robin66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 05 September 2007 - 08:59 AM

Hmm... my posts keep getting blocked due to an older version of Hijack this... but it's version 2.02.

I'll try posting the HijackThis log and the ComboFix log as two separate posts.

Here's HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:04 AM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Robin\My Documents\Download\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Robin\My Documents\Download\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifilm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar7.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1013\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Aidan')
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1013\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Aidan')
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1013\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Aidan')
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1013\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Aidan')
O4 - HKUS\S-1-5-21-2577763155-4219313877-1205628177-1013\..\Run: [Fordbody] C:\DOCUME~1\Aidan\APPLIC~1\WIPECO~1\DvdUserFlap.exe (User 'Aidan')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11279 bytes


Thanks
Robin

And here's ComboFix:

ComboFix 07-09-04.4 - "Robin" 2007-09-03 20:42:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.309 [GMT -3:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Kyla\APPLIC~1\microsoft\internet explorer\quick launch\Internet Explorer.lnk
D:\Autorun.inf


((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))


2007-09-03 20:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-03 09:05 <DIR> d-------- C:\DOCUME~1\Robin\APPLIC~1\Wipe comp real
2007-09-03 08:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-03 08:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-03 08:48 <DIR> d-------- C:\DOCUME~1\Robin\APPLIC~1\SUPERAntiSpyware.com
2007-09-02 23:46 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-02 23:46 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-02 23:46 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-02 23:46 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-02 23:46 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-02 23:46 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-02 23:46 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-02 23:46 <DIR> d-------- C:\Program Files\Alwil Software
2007-09-01 19:38 <DIR> d-------- C:\Program Files\Veoh Networks
2007-09-01 19:18 <DIR> d-------- C:\deljob
2007-08-29 22:27 <DIR> d-------- C:\DOCUME~1\Kyla\APPLIC~1\Wipe comp real
2007-08-23 09:40 <DIR> d-------- C:\DOCUME~1\Robin\.housecall6.6
2007-08-20 20:09 <DIR> d-------- C:\DOCUME~1\Keigan\APPLIC~1\Wipe comp real
2007-08-17 22:55 <DIR> d-------- C:\VundoFix Backups
2007-08-17 22:53 111,616 --a------ C:\VundoFix.exe
2007-08-17 18:38 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-17 18:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-17 18:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-17 07:41 <DIR> d-------- C:\DOCUME~1\Connor\APPLIC~1\Lavasoft
2007-08-16 18:44 <DIR> d-------- C:\DOCUME~1\Erin\APPLIC~1\Wipe comp real
2007-08-16 17:56 <DIR> d-------- C:\DOCUME~1\Connor\APPLIC~1\Wipe comp real
2007-08-16 16:33 <DIR> d-------- C:\Program Files\Wipe comp real
2007-08-16 16:33 <DIR> d-------- C:\Program Files\Windows Live
2007-08-16 16:33 <DIR> d-------- C:\Program Files\Adverts
2007-08-16 16:33 <DIR> d-------- C:\DOCUME~1\Aidan\APPLIC~1\Wipe comp real


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-04 20:42 --------- d-------- C:\Program Files\LogMeIn
2007-09-03 08:57 --------- d-------- C:\DOCUME~1\Robin\APPLIC~1\LimeWire
2007-09-01 19:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-31 08:58 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-29 17:19 --------- d-------- C:\Program Files\Piano Suite
2007-08-23 13:18 --------- d-------- C:\Program Files\MSN Messenger
2007-08-23 07:20 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-23 07:20 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-17 18:38 --------- d-------- C:\DOCUME~1\Robin\APPLIC~1\Lavasoft
2007-08-16 16:33 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-08-14 19:40 --------- d-------- C:\Program Files\Miuchiz
2007-07-31 08:46 --------- d-------- C:\Program Files\MGA Games
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-24 18:24 --------- d-------- C:\Program Files\CardRecovery
2007-07-19 03:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 20:39 --------- d-------- C:\DOCUME~1\Keigan\APPLIC~1\BitTorrent
2007-07-12 20:36 --------- d-------- C:\DOCUME~1\Keigan\APPLIC~1\Lavasoft
2007-07-12 20:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-11 22:22 --------- d-------- C:\Program Files\HASBRO Interactive
2007-07-11 22:21 --------- d-------- C:\Program Files\Easy Internet signup
2007-07-11 22:20 --------- d-------- C:\Program Files\Palm
2007-07-11 22:18 --------- d-------- C:\Program Files\Maximizer
2007-07-11 22:18 --------- d-------- C:\Program Files\Common Files\Maximizer
2007-07-11 21:53 --------- d-------- C:\DOCUME~1\Robin\APPLIC~1\BitTorrent
2007-06-27 11:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 11:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 11:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 11:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 11:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 11:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 11:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 11:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 11:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 11:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 11:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 11:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 11:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 11:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 11:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 11:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 11:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 11:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 11:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 11:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 05:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 05:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 05:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 04:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 03:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 03:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 07:23 1033216 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 07:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
2007-02-02 20:59 190 --a------ C:\Program Files\Common Files\psasetup.log


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-10 05:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-25 22:14]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-08-24 17:37]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Adobe Reader Speed Launch.lnk.disabled [2005-10-18 23:18:46]
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2007-01-09 00:07:09]
Microsoft Office.lnk.disabled [2005-11-14 10:42:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"PCDrProfiler"=
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R2 ScFBPNT3;CanoScan FBP3 Port Driver;\??\C:\WINDOWS\system32\drivers\ScFBPNT3.SYS
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys
S2 Ca50xav;Icatch(V) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca50xav.sys
S3 dump_wmimmc;dump_wmimmc;\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys
S3 USBCamera;Icatch(V) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk50x.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - CATCHME

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-04 20:47:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-09-04 20:49:11
C:\ComboFix-quarantined-files.txt ... 2007-09-04 20:48

--- E O F ---


Thanks
Robin

#8 Robin66

Robin66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 05 September 2007 - 09:00 AM

Edited..... since apparently now I duplicated the combofix text. Ugh!

Edited by Robin66, 05 September 2007 - 09:02 AM.


#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 05 September 2007 - 09:36 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
C:\Documents and Settings\Robin\Application Data\Wipe comp real
C:\Documents and Settings\Kyla\Application Data\Wipe comp real
C:\Documents and Settings\Keigan\Application Data\Wipe comp real
C:\Documents and Settings\Erin\Application Data\Wipe comp real
C:\Documents and Settings\Connor\Application Data\Wipe comp real
C:\Documents and Settings\Aidan\Application Data\Wipe comp real
C:\Program Files\Wipe comp real

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.

Let me know how your pc is running now.
Posted Image
Posted Image

#10 Robin66

Robin66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 05 September 2007 - 07:54 PM

ComboFix Log:

ComboFix 07-09-04.4 - "Robin" 2007-09-06 21:26:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254 [GMT -3:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Aidan\Application Data\Wipe comp real
C:\Documents and Settings\Aidan\Application Data\Wipe comp real\0
C:\Documents and Settings\Connor\Application Data\Wipe comp real
C:\Documents and Settings\Erin\Application Data\Wipe comp real
C:\Documents and Settings\Keigan\Application Data\Wipe comp real
C:\Documents and Settings\Kyla\Application Data\Wipe comp real
C:\Documents and Settings\Robin\Application Data\Wipe comp real
C:\Program Files\Wipe comp real


((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 )))))))))))))))))))))))))))))))


2007-09-06 17:43 <DIR> d-------- C:\DOCUME~1\Joan\APPLIC~1\ScanSoft
2007-09-06 17:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-09-05 03:00 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-03 20:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-03 08:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-03 08:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-09-03 08:48 <DIR> d-------- C:\DOCUME~1\Robin\APPLIC~1\SUPERAntiSpyware.com
2007-09-02 23:46 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-02 23:46 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-02 23:46 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-02 23:46 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-02 23:46 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-02 23:46 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-02 23:46 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-02 23:46 <DIR> d-------- C:\Program Files\Alwil Software
2007-09-01 19:38 <DIR> d-------- C:\Program Files\Veoh Networks
2007-09-01 19:18 <DIR> d-------- C:\deljob
2007-08-23 09:40 <DIR> d-------- C:\DOCUME~1\Robin\.housecall6.6
2007-08-17 22:55 <DIR> d-------- C:\VundoFix Backups
2007-08-17 22:53 111,616 --a------ C:\VundoFix.exe
2007-08-17 18:38 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-17 18:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-17 18:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-17 07:41 <DIR> d-------- C:\DOCUME~1\Connor\APPLIC~1\Lavasoft
2007-08-16 16:33 <DIR> d-------- C:\Program Files\Windows Live
2007-08-16 16:33 <DIR> d-------- C:\Program Files\Adverts


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-06 21:21 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-09-06 20:42 --------- d-------- C:\Program Files\LogMeIn
2007-09-06 17:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
2007-09-03 08:57 --------- d-------- C:\DOCUME~1\Robin\APPLIC~1\LimeWire
2007-09-01 19:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-29 17:19 --------- d-------- C:\Program Files\Piano Suite
2007-08-23 13:18 --------- d-------- C:\Program Files\MSN Messenger
2007-08-23 07:20 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-23 07:20 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-17 18:38 --------- d-------- C:\DOCUME~1\Robin\APPLIC~1\Lavasoft
2007-08-16 16:33 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-08-14 19:40 --------- d-------- C:\Program Files\Miuchiz
2007-07-31 08:46 --------- d-------- C:\Program Files\MGA Games
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-24 18:24 --------- d-------- C:\Program Files\CardRecovery
2007-07-19 03:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 20:39 --------- d-------- C:\DOCUME~1\Keigan\APPLIC~1\BitTorrent
2007-07-12 20:36 --------- d-------- C:\DOCUME~1\Keigan\APPLIC~1\Lavasoft
2007-07-12 20:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-11 22:22 --------- d-------- C:\Program Files\HASBRO Interactive
2007-07-11 22:21 --------- d-------- C:\Program Files\Easy Internet signup
2007-07-11 22:20 --------- d-------- C:\Program Files\Palm
2007-07-11 22:18 --------- d-------- C:\Program Files\Maximizer
2007-07-11 22:18 --------- d-------- C:\Program Files\Common Files\Maximizer
2007-07-11 21:53 --------- d-------- C:\DOCUME~1\Robin\APPLIC~1\BitTorrent
2007-06-27 11:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 11:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 11:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 11:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 11:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 11:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 11:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 11:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 11:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 11:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 11:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 11:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 11:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 11:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 11:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 11:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 11:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 11:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 11:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 11:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 05:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 05:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 05:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 04:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 03:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 03:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 07:23 1033216 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 07:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll
2007-02-02 20:59 190 --a------ C:\Program Files\Common Files\psasetup.log


((((((((((((((((((((((((((((( snapshot_2007-09-04_204814.64 )))))))))))))))))))))))))))))))))))))))))

-c----w 315,904 2006-11-01 22:31:34 C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
-c----w 213,216 2005-06-28 13:23:26 C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 13:23:54 C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
----a-w 317,440 2007-06-27 01:10:26 C:\WINDOWS\inf\unregmp2.exe
----a-w 13,536 2005-06-28 13:20:24 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spmsg.dll
----a-w 213,216 2005-06-28 13:23:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spuninst.exe
----a-w 317,440 2007-06-27 01:10:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\unregmp2.exe
----a-w 716,000 2005-06-28 13:24:52 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\update.exe
----a-w 371,424 2005-06-28 13:23:54 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\updspapi.dll

----a-w 315,904 2006-11-01 22:31:34 C:\WINDOWS\inf\unregmp2.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-10 05:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-25 22:14]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-08-24 17:37]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Adobe Reader Speed Launch.lnk.disabled [2005-10-18 23:18:46]
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2007-01-09 00:07:09]
Microsoft Office.lnk.disabled [2005-11-14 10:42:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"PCDrProfiler"=
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
R1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R2 ScFBPNT3;CanoScan FBP3 Port Driver;\??\C:\WINDOWS\system32\drivers\ScFBPNT3.SYS
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
R3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys
S2 Ca50xav;Icatch(V) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca50xav.sys
S3 dump_wmimmc;dump_wmimmc;\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys
S3 USBCamera;Icatch(V) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk50x.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - CATCHME

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 21:31:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-06 21:32:11
C:\ComboFix-quarantined-files.txt ... 2007-09-06 21:31
C:\ComboFix2.txt ... 2007-09-04 20:49

--- E O F ---

And HijackTHis log after I reboot, because I don't have a 'start' button any more! ;)

#11 Robin66

Robin66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 05 September 2007 - 08:01 PM

...and here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:50 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Documents and Settings\Robin\My Documents\Download\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifilm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar7.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10360 bytes

Thanks
Robin

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 06 September 2007 - 06:30 AM

I don't have a 'start' button any more!

Try this:
Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge the imformation into the registry,then restart your pc.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamsMRU]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoToolbarsOnTaskbar"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetTaskbar"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]
@="Media Band"
"BarSize"=-


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoBandCustomize"=dword:00000000
"NoMovingBands"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoMovingBands"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"**del.NoMovingBands"=" "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"**del.NoSaveSettings"=" "

Is your Start button back now or not please.
Posted Image
Posted Image

#13 Robin66

Robin66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 08 September 2007 - 12:16 PM

My Start button came back fine. The date on the PC was ahead by one day though. I just fixed that.

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 08 September 2007 - 01:40 PM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Deljob.exe
logit.txt
fix.reg
Combofix.exe

C:\Qoobox
C:\VundoFix Backups

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading unselect 'Show hidden files and folders'.
* Re-check the 'Hide file extensions for known types' option.
* Re-check the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.


Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#15 Robin66

Robin66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 10 September 2007 - 07:00 AM

Done and done.

Thanks *again* for all your help Richie.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users