Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups From Url.cpvfeed And Others When I Search In Google,fanfiction


  • Please log in to reply
3 replies to this topic

#1 tothefive

tothefive

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 10 September 2007 - 08:34 PM

Hi! I've just registered here to ask for assistance for this problem.
I never usually get this type of problem until one day I used the Google Tool bar Search bar in INTERNET EXPLORER. After that, I've been receiving pop-ups from url.cpvfeed and others. This also happens when I search in Fanfiction,yahoo and other search sites, though it never happens in Firefox nor Opera, only Internet Explorer. Please assist me to take off this parasite before I die :thumbsup:
Here's my log from HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:52 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
C:\Program Files\sQusi\sQusi Tracking Blocker\sQusiBasicApp.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\new\My Documents\Downloads\Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\04DwvRn4.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: MPXPTray.lnk = C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
O4 - Startup: sQusi Tracking Blocker.lnk = C:\Program Files\sQusi\sQusi Tracking Blocker\sQusiBasicApp.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188342131926
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BA0386A-3CA7-4E64-BFBB-FCF40A882DA9}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: sQusiStub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - http://mail.cwjamaica.com/SkinFiles/cwjama...t/bgrdmenus.gif

--

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 11 September 2007 - 05:09 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum tothefive :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 tothefive

tothefive
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 17 September 2007 - 05:46 PM

Here are the log files:
ComboFix 07-09-18 - "new" 2007-09-18 15:31:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.126 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-08-18 to 2007-09-18 )))))))))))))))))))))))))))))))
.

2007-09-11 20:01 2,288 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-11 20:00 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-11 20:00 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-11 20:00 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-11 20:00 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-10 14:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-10 14:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-10 13:30 <DIR> d-------- C:\VundoFix Backups
2007-09-09 23:16 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-08 18:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-08 02:10 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-09-08 01:10 <DIR> d-------- C:\Program Files\Opera
2007-09-07 20:35 <DIR> d-------- C:\Program Files\Alwil Software
2007-09-07 18:33 <DIR> d-------- C:\DOCUME~1\new\APPLIC~1\WinPatrol
2007-09-07 18:32 <DIR> d-------- C:\Program Files\BillP Studios
2007-09-07 17:41 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-09-07 17:40 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-09-07 17:39 <DIR> d-------- C:\DOCUME~1\new\APPLIC~1\SiteAdvisor
2007-09-07 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-09-07 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-07 16:55 184,320 --a------ C:\WINDOWS\system32\04DwvRn4.dll
2007-09-07 02:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
2007-09-06 22:08 <DIR> d-------- C:\EasyBoot
2007-09-06 13:26 <DIR> d-------- C:\DOCUME~1\new\APPLIC~1\AVSMedia
2007-09-05 20:22 184,320 --a------ C:\WINDOWS\system32\3eju4r27.dll
2007-09-04 12:28 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-09-04 12:28 <DIR> d-------- C:\Program Files\ffdshow
2007-09-03 11:47 <DIR> d-------- C:\Program Files\Xvid
2007-09-03 11:46 <DIR> d-------- C:\Program Files\AVI Codec Pack
2007-09-03 11:46 <DIR> d-------- C:\Program Files\3ivx
2007-09-03 11:42 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-09-03 01:39 <DIR> d-------- C:\Program Files\Comical
2007-08-29 16:10 <DIR> d-------- C:\DOCUME~1\new\APPLIC~1\GRETECH
2007-08-29 16:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
2007-08-29 16:07 <DIR> d-------- C:\Program Files\GRETECH
2007-08-29 01:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-29 01:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-28 18:54 <DIR> d-------- C:\Program Files\Windows Defender
2007-08-28 18:13 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-08-28 13:54 <DIR> d-------- C:\Program Files\uharcgui
2007-08-28 13:18 203,776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-08-28 00:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-08-28 00:47 <DIR> d-------- C:\DOCUME~1\new\APPLIC~1\Azureus
2007-08-28 00:23 <DIR> d-------- C:\Program Files\Azureus
2007-08-28 00:13 <DIR> d-------- C:\DOCUME~1\new\APPLIC~1\Media Player Classic
2007-08-27 23:45 <DIR> d-------- C:\Program Files\Gabest
2007-08-27 23:30 <DIR> d-------- C:\WINDOWS\exefnd
2007-08-27 18:04 <DIR> d-------- C:\DOCUME~1\new\APPLIC~1\Google
2007-08-27 18:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-27 18:00 <DIR> d-------- C:\Program Files\Google
2007-08-27 17:22 <DIR> d-------- C:\Program Files\Total Video Converter
2007-08-27 17:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
2007-08-27 16:57 <DIR> d-------- C:\DOCUME~1\new\APPLIC~1\Real
2007-08-26 22:07 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-08-26 22:07 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-08-26 18:06 <DIR> d-------- C:\Program Files\sQusi
2007-08-26 18:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\sQusi
2007-08-26 16:58 <DIR> d-------- C:\Program Files\UltraISO
2007-08-26 16:58 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2007-08-26 01:28 <DIR> d-------- C:\Program Files\AusLogics BoostSpeed
2007-08-25 23:39 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag
2007-08-25 20:55 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-08-25 20:53 <DIR> d-------- C:\Program Files\Common Files\Real
2007-08-25 20:52 <DIR> d-------- C:\Program Files\Real
2007-08-25 14:00 <DIR> d-------- C:\Program Files\Shareaza
2007-08-25 14:00 <DIR> d-------- C:\DOCUME~1\new\APPLIC~1\Shareaza

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-18 15:39 --------- d-------- C:\DOCUME~1\new\APPLIC~1\uTorrent
2007-09-18 15:28 --------- d-------- C:\DOCUME~1\new\APPLIC~1\DMCache
2007-09-18 15:23 --------- d-------- C:\Program Files\eMule
2007-09-18 15:19 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-10 00:45 --------- d-------- C:\Program Files\Zoom Player
2007-09-09 19:43 --------- d-------- C:\Program Files\SpywareBlaster
2007-09-08 08:01 --------- d-------- C:\Program Files\Crawler
2007-09-08 01:11 --------- d-------- C:\DOCUME~1\new\APPLIC~1\Opera
2007-09-08 01:08 --------- d-------- C:\Program Files\BitLord
2007-09-07 17:32 --------- d-------- C:\Program Files\Common Files\AVSMedia
2007-09-05 15:17 --------- d-------- C:\Program Files\DivX
2007-08-31 13:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
2007-08-30 02:41 37270 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2007-08-29 12:41 --------- d-------- C:\Program Files\uTorrent
2007-08-28 16:44 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-28 16:44 --------- d-------- C:\Program Files\CyberLink
2007-08-28 16:44 --------- d-------- C:\DOCUME~1\new\APPLIC~1\CyberLink
2007-08-26 14:45 --------- d-------- C:\Program Files\LimeWire
2007-08-25 02:39 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-24 23:52 --------- d-------- C:\Program Files\Internet Download Manager
2007-08-15 22:28 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-15 18:50 --------- d-------- C:\DOCUME~1\new\APPLIC~1\GoldWaveCDDB
2007-08-15 18:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GoldWaveCDDB
2007-08-15 18:41 --------- d-------- C:\Program Files\GoldWave
2007-08-14 02:47 --------- d-------- C:\DOCUME~1\new\APPLIC~1\Vso
2007-08-13 01:39 --------- d-------- C:\DOCUME~1\new\APPLIC~1\Pegasys Inc
2007-08-12 21:47 --------- d-------- C:\Program Files\Pegasys Inc
2007-08-08 02:50 --------- d-------- C:\Program Files\Quick Screen Recorder
2007-08-08 02:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
2007-08-07 18:47 --------- d-------- C:\Program Files\Easy Screensaver Maker 1.2
2007-08-06 20:53 --------- d-------- C:\Program Files\directx
2007-08-05 18:06 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-02 21:33 --------- d-------- C:\Program Files\Easiestutils
2007-08-02 19:15 --------- d-------- C:\Program Files\Smallvideosoft
2007-07-31 23:40 --------- d-------- C:\Program Files\DVDFab Platinum 3
2007-07-31 21:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
2007-07-31 20:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio
2007-07-31 19:57 737280 --a--c--- C:\WINDOWS\iun6002.exe
2007-07-31 18:20 --------- d-------- C:\Program Files\ImTOO
2007-07-31 16:52 --------- d-------- C:\Program Files\VSO
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 22:01 5585 --a------ C:\debug.fz10.reg
2007-07-27 20:31 --------- d-------- C:\DOCUME~1\new\APPLIC~1\IDM
2007-07-27 18:31 225280 --a------ C:\WINDOWS\system32\sQusiStub.dll
2007-07-27 13:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TechSmith
2007-07-27 13:47 --------- d-------- C:\Program Files\TechSmith
2007-07-26 19:06 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-26 19:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 19:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 19:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 19:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-26 19:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 19:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-26 19:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 19:03 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-26 19:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 19:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-26 19:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 19:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-26 19:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-26 19:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-24 02:03 --------- d-------- C:\Program Files\DScaler5
2007-07-24 02:03 --------- d-------- C:\Program Files\CD Audio Reader Filter
2007-07-24 02:02 --------- d-------- C:\Program Files\RealMedia
2007-07-24 02:02 --------- d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-07-24 01:59 --------- d-------- C:\Program Files\SHOUTcast Source
2007-07-24 01:59 --------- d-------- C:\Program Files\Haali
2007-07-19 23:05 --------- d-------- C:\Program Files\InterVideo
2007-07-19 23:05 --------- d-------- C:\Program Files\Common Files\InterVideo
2007-07-19 19:54 --------- d-------- C:\Program Files\QuickTime
2007-07-19 19:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-19 19:39 --------- d-------- C:\Program Files\Windows Media Components
2007-07-16 22:41 94080 --a--c--- C:\DOCUME~1\new\APPLIC~1\ezplay.sys
2007-07-16 22:41 81920 --a------ C:\DOCUME~1\new\APPLIC~1\ezpinst.exe
2007-07-16 22:37 47360 --a--c--- C:\DOCUME~1\new\APPLIC~1\pcouffin.sys
2007-07-13 12:05 14336 --a------ C:\WINDOWS\system32\svchost.exe
2007-07-12 18:18 50520 --a------ C:\WINDOWS\system32\csvidcap.dll
2007-07-12 04:54 107864 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-07-12 03:22 81920 --a------ C:\WINDOWS\system32\frapsvid.dll
2007-06-19 09:22 202424 --a------ C:\WINDOWS\system32\idmmbc.dll
1997-10-24 13:20 25088 --a--c--- C:\WINDOWS\inf\regl3acm.exe
2007-06-15 22:50:30 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2007-09-09_190700.37 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 163,328 2007-09-05 15:43:25 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 11,329,536 2007-09-11 21:43:10 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
----a-w 245,760 2007-09-11 21:43:10 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-09-05 15:43:25 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 11,280,384 2007-09-10 03:16:30 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
----a-w 245,760 2007-09-10 03:16:30 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
----a-w 213,048 2005-05-24 15:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
----a-w 94,208 2007-09-07 15:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 946,176 2007-09-07 15:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
2007-09-07 16:55 184320 --a------ C:\WINDOWS\system32\04DwvRn4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="soundman.exe" [2001-05-29 05:02 C:\WINDOWS\soundman.exe]
"WMC_AutoUpdate"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-10 14:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-06 18:23]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-08-02 12:59]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-07-13 13:11]

C:\DOCUME~1\new\STARTM~1\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-08-16 18:07:08]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-07-06 10:32:55]
MPXPTray.lnk - C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe [2007-06-05 20:43:23]
sQusi Tracking Blocker.lnk - C:\Program Files\sQusi\sQusi Tracking Blocker\sQusiBasicApp.exe [2007-07-27 18:32:02]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-11-24 06:34:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDesktopIniCache"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sQusiStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dxlock]
C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.00\dxlock.exe

R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\C:\Program Files\UltraISO\drivers\ISODrive.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{969B3B70-8765-11D5-9809-0050BACBF861}]
rundll32.exe advpack.dll,LaunchINFSection C:\Program Files\CyberLink\MP3PowerEncoder\Cyber.inf,PerUserStub
.
Contents of the 'Scheduled Tasks' folder
"2007-08-29 13:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-09-01 14:00:00 C:\WINDOWS\Tasks\At11.job"
"2007-09-08 15:00:01 C:\WINDOWS\Tasks\At12.job"
"2007-09-18 16:00:00 C:\WINDOWS\Tasks\At13.job"
"2007-09-08 17:00:00 C:\WINDOWS\Tasks\At14.job"
"2007-09-10 18:00:00 C:\WINDOWS\Tasks\At15.job"
"2007-09-10 19:00:11 C:\WINDOWS\Tasks\At16.job"
"2007-09-10 20:00:03 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-09-10 21:00:01 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-09-11 22:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-09-10 05:00:00 C:\WINDOWS\Tasks\At2.job"
"2007-09-11 23:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-09-12 00:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-09-12 01:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-09-10 02:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-09-10 03:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-09-10 04:00:00 C:\WINDOWS\Tasks\At25.job"
"2007-09-10 05:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-10 06:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-08 07:00:03 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-08-05 18:34:20 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-10 06:00:00 C:\WINDOWS\Tasks\At3.job"
"2007-08-05 18:34:20 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-08-05 18:34:20 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-08-05 18:34:20 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-08-05 18:34:20 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-08-29 13:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-01 14:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-08 15:00:02 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-18 16:00:00 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-08 17:00:00 C:\WINDOWS\Tasks\At38.job"
"2007-09-10 18:00:01 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-08 07:00:05 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-09-10 19:00:16 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-10 20:00:04 C:\WINDOWS\Tasks\At41.job"
"2007-09-10 21:00:02 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-11 22:00:00 C:\WINDOWS\Tasks\At43.job"
"2007-09-11 23:00:00 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-12 00:00:01 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-12 01:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-10 02:00:00 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-09-10 03:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\N20B2I1x.exe
"2007-08-03 08:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-07-30 09:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-07-30 10:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-09-10 04:00:00 C:\WINDOWS\Tasks\At73.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-09-10 05:00:00 C:\WINDOWS\Tasks\At74.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-09-10 06:00:00 C:\WINDOWS\Tasks\At75.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-09-08 07:00:05 C:\WINDOWS\Tasks\At76.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-08-29 04:36:57 C:\WINDOWS\Tasks\At77.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-08-29 04:36:57 C:\WINDOWS\Tasks\At78.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-08-29 04:36:57 C:\WINDOWS\Tasks\At79.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-07-30 11:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-08-29 04:36:57 C:\WINDOWS\Tasks\At80.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-08-29 04:36:57 C:\WINDOWS\Tasks\At81.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-08-29 13:01:03 C:\WINDOWS\Tasks\At82.job"
"2007-09-01 14:01:04 C:\WINDOWS\Tasks\At83.job"
"2007-09-08 15:00:03 C:\WINDOWS\Tasks\At84.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-09-18 16:00:01 C:\WINDOWS\Tasks\At85.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-09-08 17:00:00 C:\WINDOWS\Tasks\At86.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-09-10 18:00:01 C:\WINDOWS\Tasks\At87.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-09-10 19:00:17 C:\WINDOWS\Tasks\At88.job"
"2007-09-10 20:00:04 C:\WINDOWS\Tasks\At89.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-08-03 12:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\304muTQ4.exe
"2007-09-10 21:00:02 C:\WINDOWS\Tasks\At90.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-09-11 22:00:00 C:\WINDOWS\Tasks\At91.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-09-11 23:00:00 C:\WINDOWS\Tasks\At92.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-09-12 00:00:01 C:\WINDOWS\Tasks\At93.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-09-12 01:00:00 C:\WINDOWS\Tasks\At94.job"
"2007-09-10 02:00:00 C:\WINDOWS\Tasks\At95.job"
- C:\WINDOWS\system32\AsFUj1Fw.exe
"2007-09-10 03:00:00 C:\WINDOWS\Tasks\At96.job"
"2007-09-18 19:21:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-11 22:00:00 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
"2007-09-18 19:18:13 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-09-06 07:00:28 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-09-04 21:47:14 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-07-16 18:17:19 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-07-17 16:00:16 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 15:38:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-18 15:42:56
C:\ComboFix-quarantined-files.txt ... 2007-09-18 15:42
C:\ComboFix2.txt ... 2007-09-09 19:10
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:45 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
C:\Program Files\sQusi\sQusi Tracking Blocker\sQusiBasicApp.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\new\My Documents\Downloads\Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\04DwvRn4.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: MPXPTray.lnk = C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe
O4 - Startup: sQusi Tracking Blocker.lnk = C:\Program Files\sQusi\sQusi Tracking Blocker\sQusiBasicApp.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188342131926
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BA0386A-3CA7-4E64-BFBB-FCF40A882DA9}: NameServer = 10.0.0.138
O20 - AppInit_DLLs: sQusiStub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - http://mail.cwjamaica.com/SkinFiles/cwjama...t/bgrdmenus.gif

--

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 17 September 2007 - 05:58 PM

Click Start/Run,type CMD then press Ok.
At the command prompt copy and paste the following command,then press Enter:
DEL C:\WINDOWS\Tasks\At*.job

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\WINDOWS\system32\3eju4r27.dll
C:\WINDOWS\system32\04DwvRn4.dll


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\04DwvRn4.dll
Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.


Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option 1 Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy and paste the content of that report into your next reply.

*IMPORTANT*
Do NOT run any other options until you are asked to do so!

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users