Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Just Cant Get Rid Of This!


  • Please log in to reply
18 replies to this topic

#1 voodoonirvana

voodoonirvana

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 07 October 2007 - 02:43 PM

Theres this circle with an exclamation mark in my system tray saying im infected and giving me popups and all that. I can't get rid of it at all and I think it kind of branches out into a whole bunch of spread out files, at least thats what it looks like to me, I dont know. Heres my log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:44 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hpshopping.com/cgi-bin/hpdirect...&aoid=26020
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{86-6A-A2-23-ZN}] C:\Documents and Settings\Sam Torok\Local Settings\Temp\TIP2D002.exe P2D002
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmuh.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hffgjavp.dll",sitypnow
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Sam Torok\Local Settings\Temp\TIP2D002.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7703 bytes

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:31 PM

Posted 07 October 2007 - 03:22 PM

Welcome to the site! We need to tweak the Hijackthis log before we can start..

Go to the folder where Hijackthis is kept and rename the hijackthis application to "showme".
This can be done by right clicking on the program and clicking "rename".
Press enter, then open "showme.exe" by double clicking.
Post a new Hijackthis log from the newly named application.

#3 voodoonirvana

voodoonirvana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 07 October 2007 - 04:23 PM

Okay I renamed the program and did a new log, here ya go.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:27 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\showme.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hpshopping.com/cgi-bin/hpdirect...&aoid=26020
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CF7E8C0-868D-43C6-9E09-B94F4513CD89} - C:\WINDOWS\system32\iifffec.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\eqekwoxv.dll
O2 - BHO: (no name) - {EBBA0E57-A9B7-4601-970B-F222BE72776D} - C:\WINDOWS\system32\ddaby.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{86-6A-A2-23-ZN}] C:\Documents and Settings\Sam Torok\Local Settings\Temp\TIP2D002.exe P2D002
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmuh.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hffgjavp.dll",sitypnow
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Sam Torok\Local Settings\Temp\TIP2D002.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O20 - Winlogon Notify: iifffec - C:\WINDOWS\SYSTEM32\iifffec.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8531 bytes

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:31 PM

Posted 07 October 2007 - 04:48 PM

Please download VundoFix.exe to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button".

#5 voodoonirvana

voodoonirvana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 07 October 2007 - 06:06 PM

Heres the VundoFix log. I had to reboot and it ran again to try and delete two it coudnt before, I think it worked. But I don't know if those were my problems because the icon is still there and I'm still getting popups.


VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 6:32:24 PM 10/7/2007

Listing files found while scanning....

C:\windows\system32\drvmuhr.dll
C:\WINDOWS\system32\eqekwoxv.dll
C:\WINDOWS\system32\hffgjavp.dll
C:\WINDOWS\system32\pvajgffh.ini

Beginning removal...

Attempting to delete C:\windows\system32\drvmuhr.dll
C:\windows\system32\drvmuhr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eqekwoxv.dll
C:\WINDOWS\system32\eqekwoxv.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hffgjavp.dll
C:\WINDOWS\system32\hffgjavp.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pvajgffh.ini
C:\WINDOWS\system32\pvajgffh.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\eqekwoxv.dll
C:\WINDOWS\system32\eqekwoxv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hffgjavp.dll
C:\WINDOWS\system32\hffgjavp.dll Has been deleted!

Performing Repairs to the registry.
Done!


And heres the new HijackThis Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:16 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HiJackThis\showme.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hpshopping.com/cgi-bin/hpdirect...&aoid=26020
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CF7E8C0-868D-43C6-9E09-B94F4513CD89} - C:\WINDOWS\system32\iifffec.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\voulobxr.dll
O2 - BHO: (no name) - {E59197FC-605B-46E2-A56F-16F824394659} - C:\WINDOWS\system32\ddaby.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{86-6A-A2-23-ZN}] C:\Documents and Settings\Sam Torok\Local Settings\Temp\TIP2D002.exe P2D002
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmuh.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Sam Torok\Local Settings\Temp\TIP2D002.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O20 - Winlogon Notify: iifffec - C:\WINDOWS\SYSTEM32\iifffec.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8472 bytes



Also, when I reboot, AVG tells me I have something effecting me in my System32 folder so I tell it to delete it but it just acts like it never did anything to it.

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:31 PM

Posted 08 October 2007 - 03:25 AM

Download Combofix to your desktop. !! It is really important that combofix.exe is on your desktop, not somewhere else or not in a folder on your desktop.
Then go to start > run and copy and paste next command in the field:

"C:\Documents and Settings\Owner\Desktop\combofix.exe" /v iifffec voulobxr ddaby drvmuh winjyp32

Hit enter. This should start the combofix.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

#7 voodoonirvana

voodoonirvana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 08 October 2007 - 09:53 PM

Download Combofix to your desktop. !! It is really important that combofix.exe is on your desktop, not somewhere else or not in a folder on your desktop.
Then go to start > run and copy and paste next command in the field:

"C:\Documents and Settings\Owner\Desktop\combofix.exe" /v iifffec voulobxr ddaby drvmuh winjyp32

Hit enter. This should start the combofix.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.



I followed what you did and it worked up until it started running lol. The program started, then like 6 windows error reports came up, then after clicking through those it said I need administrative privelages to do it. What do I do?

#8 voodoonirvana

voodoonirvana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 08 October 2007 - 11:33 PM

Nevermind I got it. I had to do it in Safe Mode though for some reason. Heres the ComboFix log:

ComboFix 07-10-09.2 - Sam Torok 2007-10-09 0:22:47.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.775 [GMT -4:00]
Running from: C:\Documents and Settings\Sam Torok\Desktop\combofix.exe
Command switches used :: /v iifffec voulobxr ddaby drvmuh winjyp32
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sam Torok\Start Menu\Programs\StartUp\TA_Start.lnk
C:\Documents and Settings\Sam Torok\Start Menu\Programs\StartUp\ta_start.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\dlngytcx.ini
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nedjpaya.exe
C:\WINDOWS\system32\voulobxr.dll
C:\WINDOWS\system32\winjyp32.dll
C:\WINDOWS\system32\xctygnld.dll
C:\WINDOWS\system32\ybadd.bak1
C:\WINDOWS\system32\ybadd.bak1
C:\WINDOWS\system32\ybadd.bak2
C:\WINDOWS\system32\ybadd.bak2
C:\WINDOWS\system32\ybadd.ini
C:\WINDOWS\system32\ybadd.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-09 00:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 18:36 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-07 18:32 <DIR> d-------- C:\VundoFix Backups
2007-10-05 19:26 <DIR> d-------- C:\!KillBox
2007-10-05 19:14 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-05 19:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-05 19:11 <DIR> d-------- C:\Documents and Settings\Sam Torok\.housecall6.6
2007-10-05 18:27 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-05 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-03 18:45 101,888 --a------ C:\WINDOWS\system32\drvmuh.dll
2007-10-03 18:45 34,816 --a------ C:\WINDOWS\system32\iifffec.dll
2007-09-26 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-09-20 23:46 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-09-20 23:46 40,832 --a------ C:\WINDOWS\system32\drivers\motodrv.sys
2007-09-20 23:46 21,632 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-09-20 23:42 <DIR> d-------- C:\Program Files\Motorola
2007-09-20 23:42 77,895 --a------ C:\WINDOWS\system32\unibus_tcutil.dll
2007-09-20 23:42 37,760 --a------ C:\WINDOWS\system32\drivers\P2k.sys
2007-09-20 22:03 <DIR> d-------- C:\Program Files\WIBUKEY
2007-09-20 22:03 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2007-09-20 22:03 139,264 --a------ C:\WINDOWS\system32\WkWin32.dll
2007-09-20 22:03 67,072 --a------ C:\WINDOWS\system32\drivers\Wibukey.sys
2007-09-20 22:03 57,552 --a------ C:\WINDOWS\system32\WKDOS.EXE
2007-09-20 22:03 52,736 --a------ C:\WINDOWS\system\WkWin.dll
2007-09-20 22:03 29,696 --a------ C:\WINDOWS\system32\drivers\Wibukey2.sys
2007-09-20 21:52 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2007-09-20 21:40 21,456 --a------ C:\WINDOWS\system32\drivers\SilvrLnk.sys
2007-09-20 21:39 <DIR> d-------- C:\Program Files\TI Education
2007-09-20 21:39 <DIR> d-------- C:\Program Files\Common Files\TI Shared
2007-09-20 21:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-20 21:35 49,536 -ra------ C:\WINDOWS\system32\drivers\tiehdusb.sys
2007-09-13 15:46 <DIR> d-------- C:\Program Files\Xinox Software
2007-09-12 22:08 <DIR> d-------- C:\Program Files\PackageFactory
2007-09-12 21:59 <DIR> d-------- C:\Program Files\AutoHotkey

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 02:21 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\FrostWire
2007-10-05 03:21 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\Lavasoft
2007-09-24 02:32 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\U3
2007-09-21 04:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-21 01:54 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-21 01:54 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-09-21 01:48 25,600 -c--a-w C:\Documents and Settings\Sam Torok\usbsermptxp.sys
2007-09-21 01:48 22,768 -c--a-w C:\Documents and Settings\Sam Torok\usbsermpt.sys
2007-09-18 03:26 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\Image Zone Express
2007-09-08 21:22 --------- d-----w C:\Program Files\ordrumbox
2007-09-07 19:54 --------- d-----w C:\Program Files\Audacity
2007-09-07 01:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-07 00:51 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\JCreator
2007-09-07 00:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\JCreator
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-27 08:18 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\LimeWire
2007-08-25 19:15 --------- d-----w C:\Program Files\Bradbury
2007-08-21 04:26 --------- d-----w C:\Program Files\Common Files\Vbox
2007-08-21 04:20 --------- d-----w C:\Program Files\Ipswitch
2007-08-20 02:28 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\Ethereal
2007-08-19 18:51 --------- d-----w C:\Program Files\Ethereal
2007-08-19 18:49 --------- d-----w C:\Program Files\WinPcap
2007-08-19 17:28 --------- d-----w C:\Program Files\Encarta Online
2007-08-18 13:28 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-08-16 21:04 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\AdobeUM
2007-05-31 02:47 456,272 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-03-27 17:24 92,064 -c--a-w C:\Documents and Settings\Sam Torok\mqdmmdm.sys
2007-03-27 17:24 9,232 -c--a-w C:\Documents and Settings\Sam Torok\mqdmmdfl.sys
2007-03-27 17:24 79,328 -c--a-w C:\Documents and Settings\Sam Torok\mqdmserd.sys
2007-03-27 17:24 66,656 -c--a-w C:\Documents and Settings\Sam Torok\mqdmbus.sys
2007-03-27 17:24 6,208 -c--a-w C:\Documents and Settings\Sam Torok\mqdmcmnt.sys
2007-03-27 17:24 5,936 -c--a-w C:\Documents and Settings\Sam Torok\mqdmwhnt.sys
2007-03-27 17:24 4,048 -c--a-w C:\Documents and Settings\Sam Torok\mqdmcr.sys
2005-05-13 22:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 16:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2007-05-31 03:32:00 88 --sh--r C:\WINDOWS\system32\42DE83773A.sys
2005-07-14 17:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 20:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2004-01-25 05:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-05-31 03:46:19 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
2005-02-28 18:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 05:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CF7E8C0-868D-43C6-9E09-B94F4513CD89}]
2007-10-03 18:45 34816 --a------ C:\WINDOWS\system32\iifffec.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 16:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 16:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 16:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 11:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 14:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 13:50]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"{86-6A-A2-23-ZN}"="C:\Documents and Settings\Sam Torok\Local Settings\Temp\TIP2D002.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 01:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-07-05 12:20]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 11:29]
"P2kAutostart"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3CF7E8C0-868D-43C6-9E09-B94F4513CD89}"= C:\WINDOWS\system32\iifffec.dll [2007-10-03 18:45 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifffec]
iifffec.dll 2007-10-03 18:45 34816 C:\WINDOWS\system32\iifffec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddaby.dll

R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a10ae586-f817-11db-8e3a-0014a5d99f19}]
AutoRun\command - H:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 04:25:45 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-30 18:57:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-01 18:57:41 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 00:26:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????^??????`?@?????L?@
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 0:28:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 00:28
.
--- E O F ---




And heres the new Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:34 AM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HiJackThis\showme.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hpshopping.com/cgi-bin/hpdirect...&aoid=26020
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CF7E8C0-868D-43C6-9E09-B94F4513CD89} - C:\WINDOWS\system32\iifffec.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {D66E136E-A0C7-43C8-936B-AFDBC1B38295} - C:\WINDOWS\system32\gebyw.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{86-6A-A2-23-ZN}] C:\Documents and Settings\Sam Torok\Local Settings\Temp\TIP2D002.exe P2D002
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O20 - Winlogon Notify: iifffec - C:\WINDOWS\SYSTEM32\iifffec.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8003 bytes



Oh and the icon is finally gone from my tray!! Thankyou!! :D :D

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:31 PM

Posted 09 October 2007 - 02:04 PM

Good work! Let's continue.. :thumbsup:

It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hpshopping.com/cgi-bin/hpdirect...&aoid=26020
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {3CF7E8C0-868D-43C6-9E09-B94F4513CD89} - C:\WINDOWS\system32\iifffec.dll
O2 - BHO: (no name) - {D66E136E-A0C7-43C8-936B-AFDBC1B38295} - C:\WINDOWS\system32\gebyw.dll
O4 - HKLM\..\Run: [{86-6A-A2-23-ZN}] C:\Documents and Settings\Sam Torok\Local Settings\Temp\TIP2D002.exe P2D002
O20 - Winlogon Notify: iifffec - C:\WINDOWS\SYSTEM32\iifffec.dll

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\drvmuh.dll
C:\WINDOWS\system32\iifffec.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\gebyw.dll


Open 'file' in the killboxmenu on top and choose Paste from clipboard
You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click "yes".
Click OK at any Pending File Rename Operations prompt, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now.

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

Close all instances of Internet Explorer .
Go to your control panel and open "Internet Options".
Click on the "General" tab.
Click the "Delete Cookies" button, then the "Delete Files" button.
If prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

Go to start and click on the "run" button.
Type the following in the box --> cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
Press OK to remove them.

Reboot again and post a new Hijackthis log for review..

#10 voodoonirvana

voodoonirvana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 10 October 2007 - 12:04 AM

I had an error when I tried to delete the files on reboot. I tried it in safe mode too but got the same thing. It says PendingFileRenameOperations Registry Data has been Romeved by External Process!

#11 voodoonirvana

voodoonirvana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 10 October 2007 - 08:09 PM

Alright nevermind I got them to delete. Heres my new log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19, on 2007-10-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\HiJackThis\showme.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {51FF78BC-C7EE-4E24-B252-43035AC949BD} - C:\WINDOWS\system32\gebyw.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7262 bytes

Edited by voodoonirvana, 10 October 2007 - 08:20 PM.


#12 voodoonirvana

voodoonirvana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 11 October 2007 - 02:18 PM

//Mod edit: Merged threads.
Title of this post was " Please Check My Log File, Pop-ups, slower computer, slower internet, all the symptoms"

Voodoonirvan - please keep all posts on this problem within this thread to preclude confusion and to ensure timely responses.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:18, on 2007-10-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\showme.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {54CAD0D0-426B-450A-BC1F-60F2AE337F2C} - C:\WINDOWS\system32\gebyw.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\rnnpgusm.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\pkelhukn.dll",sitypnow
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7381 bytes

Edited by KoanYorel, 11 October 2007 - 02:40 PM.
Merged new post with active thread


#13 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:31 PM

Posted 11 October 2007 - 03:05 PM

Ok, as the moderator said, please do not post a new thread... why not post your problems back here?
By starting a new topic, not only does it confuse things, it makes it look as though you feel my help is not adequate..

Basically, you are getting reinfected...when was the last time you updated Avast?
Make sure combofix is still on your desktop, and run the following command:

"C:\Documents and Settings\Owner\Desktop\combofix.exe" /v pkelhukn rnnpgusm gebyw

Post the combofix and a new Hijackthis log..

#14 voodoonirvana

voodoonirvana
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 11 October 2007 - 03:29 PM

I'm sorry. This is my first time posting here and I wasn't sure if my thread was abandoned or forgotten or what, so sorry about that it wont happen again.

ComboFix Log:

ComboFix 07-10-12.1 - Sam Torok 2007-10-11 4:17:20.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.488 [GMT -4:00]
Running from: C:\Documents and Settings\Sam Torok\Desktop\combofix.exe
Command switches used :: /v pkelhukn rnnpgusm gebyw
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\nkuhlekp.ini
C:\WINDOWS\system32\noijyljl.exe
C:\WINDOWS\system32\pkelhukn.dll
C:\WINDOWS\system32\rnnpgusm.dll
C:\WINDOWS\system32\tbmlthmj.exe
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\wybeg.ini

.
((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-10 15:18 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-09 20:18 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 00:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 18:32 <DIR> d-------- C:\VundoFix Backups
2007-10-05 19:14 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-05 19:12 <DIR> d-------- C:\Documents and Settings\Sam Torok\Application Data\Grisoft
2007-10-05 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-05 19:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-05 19:11 <DIR> d-------- C:\Documents and Settings\Sam Torok\.housecall6.6
2007-10-05 18:27 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-05 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-26 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-09-20 23:46 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-09-20 23:46 40,832 --a------ C:\WINDOWS\system32\drivers\motodrv.sys
2007-09-20 23:46 21,632 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-09-20 23:42 <DIR> d-------- C:\Program Files\Motorola
2007-09-20 23:42 77,895 --a------ C:\WINDOWS\system32\unibus_tcutil.dll
2007-09-20 23:42 37,760 --a------ C:\WINDOWS\system32\drivers\P2k.sys
2007-09-20 22:03 <DIR> d-------- C:\Program Files\WIBUKEY
2007-09-20 22:03 <DIR> d-------- C:\Program Files\WIBU-SYSTEMS
2007-09-20 22:03 139,264 --a------ C:\WINDOWS\system32\WkWin32.dll
2007-09-20 22:03 67,072 --a------ C:\WINDOWS\system32\drivers\Wibukey.sys
2007-09-20 22:03 57,552 --a------ C:\WINDOWS\system32\WKDOS.EXE
2007-09-20 22:03 52,736 --a------ C:\WINDOWS\system\WkWin.dll
2007-09-20 22:03 29,696 --a------ C:\WINDOWS\system32\drivers\Wibukey2.sys
2007-09-20 21:52 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2007-09-20 21:40 21,456 --a------ C:\WINDOWS\system32\drivers\SilvrLnk.sys
2007-09-20 21:39 <DIR> d-------- C:\Program Files\TI Education
2007-09-20 21:39 <DIR> d-------- C:\Program Files\Common Files\TI Shared
2007-09-20 21:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-20 21:35 49,536 -ra------ C:\WINDOWS\system32\drivers\tiehdusb.sys
2007-09-13 16:02 <DIR> d-------- C:\Program Files\Sun
2007-09-13 15:46 <DIR> d-------- C:\Program Files\Xinox Software
2007-09-12 22:08 <DIR> d-------- C:\Program Files\PackageFactory
2007-09-12 21:59 <DIR> d-------- C:\Program Files\AutoHotkey

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 02:21 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\FrostWire
2007-10-05 03:21 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\Lavasoft
2007-09-24 02:32 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\U3
2007-09-21 04:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-21 01:54 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-09-21 01:54 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-09-21 01:48 25,600 -c--a-w C:\Documents and Settings\Sam Torok\usbsermptxp.sys
2007-09-21 01:48 22,768 -c--a-w C:\Documents and Settings\Sam Torok\usbsermpt.sys
2007-09-18 03:26 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\Image Zone Express
2007-09-13 20:02 --------- d-----w C:\Program Files\Java
2007-09-08 21:22 --------- d-----w C:\Program Files\ordrumbox
2007-09-07 19:54 --------- d-----w C:\Program Files\Audacity
2007-09-07 01:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-07 00:51 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\JCreator
2007-09-07 00:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\JCreator
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-27 08:18 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\LimeWire
2007-08-25 19:15 --------- d-----w C:\Program Files\Bradbury
2007-08-21 04:26 --------- d-----w C:\Program Files\Macromedia
2007-08-21 04:26 --------- d-----w C:\Program Files\Common Files\Vbox
2007-08-21 04:20 --------- d-----w C:\Program Files\Ipswitch
2007-08-20 02:28 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\Ethereal
2007-08-19 18:51 --------- d-----w C:\Program Files\Ethereal
2007-08-19 18:49 --------- d-----w C:\Program Files\WinPcap
2007-08-19 17:28 --------- d-----w C:\Program Files\Encarta Online
2007-08-18 13:28 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-08-16 21:04 --------- d-----w C:\Documents and Settings\Sam Torok\Application Data\AdobeUM
2007-05-31 02:47 456,272 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-03-27 17:24 92,064 -c--a-w C:\Documents and Settings\Sam Torok\mqdmmdm.sys
2007-03-27 17:24 9,232 -c--a-w C:\Documents and Settings\Sam Torok\mqdmmdfl.sys
2007-03-27 17:24 79,328 -c--a-w C:\Documents and Settings\Sam Torok\mqdmserd.sys
2007-03-27 17:24 66,656 -c--a-w C:\Documents and Settings\Sam Torok\mqdmbus.sys
2007-03-27 17:24 6,208 -c--a-w C:\Documents and Settings\Sam Torok\mqdmcmnt.sys
2007-03-27 17:24 5,936 -c--a-w C:\Documents and Settings\Sam Torok\mqdmwhnt.sys
2007-03-27 17:24 4,048 -c--a-w C:\Documents and Settings\Sam Torok\mqdmcr.sys
2005-05-13 22:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 16:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2007-05-31 03:32:00 88 --sha-r C:\WINDOWS\system32\42DE83773A.sys
2005-07-14 17:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 20:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 10:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2004-01-25 05:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-05-31 03:46:19 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 11:47:16 31,744 --sha-r C:\WINDOWS\system32\msfDX.dll
2005-02-28 18:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 05:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-09_ 0.28.03.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2004-08-04 21:00:00 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-14 18:09:18 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-14 18:09:19 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-14 18:09:19 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-14 18:09:19 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-14 18:09:20 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
+ 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 13:39:54 115,712 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2007-08-22 13:12:15 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\browseui.dll
+ 2007-08-22 13:12:15 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\cdfview.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\danim.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\extmgr.dll
+ 2007-08-21 10:30:45 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\iedw.exe
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\iepeers.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\inseng.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\jsproxy.dll
+ 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\mshtml.dll
+ 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\mshtmled.dll
+ 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\msrating.dll
+ 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\mstime.dll
+ 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\pngfilt.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\shdocvw.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\shlwapi.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\urlmon.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\wininet.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\xpsp3res.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\browseui.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mshtml.dll
+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mshtmled.dll
+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\msrating.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\shdocvw.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\shlwapi.dll
+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\wininet.dll
+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\updspapi.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
+ 2007-06-13 06:53:14 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
- 2007-06-14 18:09:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 13:12:15 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:18 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 13:12:15 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-06-14 18:09:18 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-22 13:12:15 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-14 18:09:18 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-08-22 13:12:15 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-08-22 13:12:16 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
- 2007-06-14 18:09:18 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-14 18:09:19 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-22 13:12:16 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-14 14:07:24 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-21 10:30:45 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-06-14 18:09:19 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-22 13:12:16 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-14 18:09:19 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-22 13:12:16 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-06-14 18:09:19 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-06-14 18:09:20 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-22 13:12:17 3,058,176 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-14 18:09:19 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-22 13:12:17 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-14 18:09:19 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-22 13:12:17 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-14 18:09:20 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-22 13:12:17 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-06-14 18:09:20 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-22 13:12:17 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-06-14 18:09:20 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-06-14 18:09:20 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-06-14 18:09:20 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-22 13:12:18 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-06-26 14:09:10 658,944 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-22 13:12:18 658,944 ------w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-06-14 18:09:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-14 18:09:19 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-06-14 18:09:19 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-14 18:09:19 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-06-14 18:09:19 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-14 18:09:20 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:19 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-14 18:09:19 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-14 18:09:20 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-06-14 18:09:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 21:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-06-14 18:09:20 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-06-14 18:09:20 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-06-26 14:09:10 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-06-14 13:39:54 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-12 08:21:50 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_74c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 16:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 16:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 16:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 11:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 14:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 13:50]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 01:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-07-05 12:20]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 11:29]
"P2kAutostart"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebyw.dll

R3 HBtnKey;HBtnKey;C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a10ae586-f817-11db-8e3a-0014a5d99f19}]
AutoRun\command - H:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 07:09:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-30 18:57:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-01 18:57:41 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 04:22:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????_??????`?@?????L?@
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-12 4:24:59 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 00:28
C:\ComboFix2.txt ... 2007-10-09 00:28
.
--- E O F ---




Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:52 AM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\showme.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7169 bytes

#15 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:31 PM

Posted 12 October 2007 - 01:36 PM

Hey there, not much more left to do now...how is the system running? :thumbsup:

Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"="msv1_0"

Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Please perform this online scan: Kaspersky Webscan
Note that this scanner will only work on Internet Explorer, so please use this browser for the scan.
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.

When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users