Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo


  • This topic is locked This topic is locked
28 replies to this topic

#1 afritz01

afritz01

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 25 November 2007 - 11:43 AM

Nortons keeps giving me this message.

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Vundo
File: C:\WINDOWS\system32\wvuroon.dll
Location: C:\WINDOWS\system32
Computer: FRITZS
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: 2007-11-25 10:28

I have run Vundofix, Fixvundo, Stinger, Spybot, Ad-Aware and AVG Anti-Root. None of these have located anything.

I am not getting any popups.

Computer only runs slow if I have Norton's real time protection activated because it keeps detecting the Trojan.

The other problem I have is that my windows restore point option is not there. If I right click My Compter and go to where you would deativate it I start getting errors say that rundll is not tresponding and others.


Please help.

Here is my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:12 AM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\~NavNT\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\~NavNT\Rtvscan.exe
C:\windows\System32\nvsvc32.exe
C:\windows\system32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\windows\LTMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\~NavNT\vptray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe
C:\windows\system32\rundll32.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~2\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\drwtsn32.exe
C:\windows\system32\drwtsn32.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [ybxogblccqwo] C:\WINDOWS\System32\uwrhhn.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\~NavNT\vptray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe
O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193876535156
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpnar/en/...hp.cab?1,0,0,94
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\~NavNT\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\windows\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\windows\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\~NavNT\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10653 bytes

Edited by afritz01, 25 November 2007 - 11:45 AM.


BC AdBot (Login to Remove)

 


m

#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 25 November 2007 - 12:40 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Using My Computer, navigate to where you have HijackThis saved.
Right-click on the HijackThis.exe file.
Select "Rename", call it fluffybunny and press enter.
Use fluffybunny.exe from now on.

I see you have Viewpoint installed:
Viewpoint Manager is considered to be foistware rather than malware, since it is installed without your approval but doesn't actually spy or do anything "bad". This will soon change, according to this article, which you may want to read: http://www.clickz.com/news/article.php/3561546
I recommend that you remove the Viewpoint products. If you do decide to get rid of it, please remove all references to Viewpoint from Add/Remove Programs.

Then please scan again with HijackThis and post the new log in your reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 afritz01

afritz01
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 25 November 2007 - 02:01 PM

Thank you for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:45 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\~NavNT\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\~NavNT\Rtvscan.exe
C:\windows\System32\nvsvc32.exe
C:\windows\system32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\windows\LTMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\~NavNT\vptray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe
C:\windows\system32\rundll32.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~2\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\drwtsn32.exe
C:\windows\system32\drwtsn32.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\fluffybunny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {d1375481-3044-b6eb-ba64-b9bc2a6097a0} - {0a7906a2-cb9b-46ab-be6b-44031845731d} - C:\windows\system32\libtiphs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CheckIt 86 Extension Class - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: (no name) - {BFAA5AB4-BC8E-4BE7-A2FD-9F544978473B} - C:\windows\system32\pmnnn.dll
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\windows\system32\wvuroon.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [ybxogblccqwo] C:\WINDOWS\System32\uwrhhn.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\~NavNT\vptray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe
O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193876535156
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpnar/en/...hp.cab?1,0,0,94
O20 - Winlogon Notify: crehcjid - C:\windows\SYSTEM32\crehcjid.dll
O20 - Winlogon Notify: wvuroon - C:\windows\SYSTEM32\wvuroon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\~NavNT\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\windows\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\windows\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\~NavNT\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe

--
End of file - 11467 bytes

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 25 November 2007 - 04:34 PM

Hi again,
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please include VundoFix.txt and a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 afritz01

afritz01
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 25 November 2007 - 05:53 PM

I have run Vundofix several times. It never finds anything so it does not create a text file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:57 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\~NavNT\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\~NavNT\Rtvscan.exe
C:\windows\System32\nvsvc32.exe
C:\windows\system32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\windows\LTMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\~NavNT\vptray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe
C:\windows\system32\rundll32.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~2\bin\IMApp.exe
C:\windows\system32\drwtsn32.exe
C:\windows\system32\drwtsn32.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\fluffybunny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {d1375481-3044-b6eb-ba64-b9bc2a6097a0} - {0a7906a2-cb9b-46ab-be6b-44031845731d} - C:\windows\system32\libtiphs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CheckIt 86 Extension Class - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: (no name) - {BFAA5AB4-BC8E-4BE7-A2FD-9F544978473B} - C:\windows\system32\pmnnn.dll
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\windows\system32\wvuroon.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [ybxogblccqwo] C:\WINDOWS\System32\uwrhhn.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\~NavNT\vptray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe
O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193876535156
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpnar/en/...hp.cab?1,0,0,94
O20 - Winlogon Notify: crehcjid - C:\windows\SYSTEM32\crehcjid.dll
O20 - Winlogon Notify: wvuroon - C:\windows\SYSTEM32\wvuroon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\~NavNT\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\windows\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\windows\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\~NavNT\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe

--
End of file - 11377 bytes

Edited by afritz01, 25 November 2007 - 06:45 PM.


#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 26 November 2007 - 02:35 AM

Double-click VundoFix.exe to run it.
When VundoFix re-opens, click "Scan for Vundo" button.
Once the scan is complete, right click inside the listbox (white box) and click "Add More Files"
Copy and paste the entries below into the top boxes:

C:\windows\SYSTEM32\wvuroon.dll
C:\windows\system32\pmnnn.dll


Click "Add Files" and click "Close Window".
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your Desktop will go blank as it starts removing Vundo - this is normal.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

Please include VundoFix.txt and a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 afritz01

afritz01
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 26 November 2007 - 05:21 PM

I did a NAV full sytem scan since my last post. It said that I had three virus's.
Vundo - wvuroon.dll
Bachdoor.Pharvest - Crehjid.dll
Bachdoor.Pharvest - explorer.exe

Vundofix said on reboot that it could not remove wvuroon.dll and I clicked on remove it again. On reboot it said it found nothing so no text log. Looks like it removed it though. Thanks for all your help and please advise what to do next.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:56 PM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\~NavNT\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\~NavNT\Rtvscan.exe
C:\windows\System32\nvsvc32.exe
C:\windows\system32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\system32\wscntfy.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\windows\LTMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\~NavNT\vptray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\rundll32.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\fluffybunny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {d1375481-3044-b6eb-ba64-b9bc2a6097a0} - {0a7906a2-cb9b-46ab-be6b-44031845731d} - C:\windows\system32\libtiphs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CheckIt 86 Extension Class - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: (no name) - {EA865151-C855-4868-B60C-CB28F54239F4} - C:\windows\system32\pmnnn.dll (file missing)
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\windows\system32\wvuroon.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [ybxogblccqwo] C:\WINDOWS\System32\uwrhhn.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\~NavNT\vptray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe
O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193876535156
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpnar/en/...hp.cab?1,0,0,94
O20 - Winlogon Notify: crehcjid - C:\windows\SYSTEM32\crehcjid.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\~NavNT\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\windows\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\windows\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\~NavNT\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe

--
End of file - 11215 bytes

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 26 November 2007 - 05:38 PM

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 afritz01

afritz01
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 26 November 2007 - 08:18 PM

ComboFix 07-11-19.4 - Owner 2007-11-26 19:04:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.563 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix(2).exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\windows\system32\pmkhf.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-25 19:08 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-24 13:55 5,705 --a------ C:\WINDOWS\system32\cevhpbre.dll
2007-11-24 13:52 81,472 --a------ C:\WINDOWS\system32\libtiphs.dll
2007-11-24 13:45 71,232 --a------ C:\WINDOWS\system32\njhkvqlq.exe
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\WINDOWS
2007-11-23 22:19 <DIR> d---s---- C:\Documents and Settings\Administrator.FRITZS\UserData
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Yahoo! Messenger
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\VERITAS
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Symantec
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Sonic
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Smith Micro
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Share-to-Web Upload Folder
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Roxio
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Motive
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Micrografx
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Leadertech
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Kazaa Lite
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\InterVideo
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\InterTrust
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Goodsol
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\GlobalSCAPE
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\DVD Shrink 3.0
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\COREL
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\BPFTP
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\ArcSoft
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Ahead
2007-11-23 19:22 <DIR> d-------- C:\VundoFix Backups
2007-11-23 11:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert
2007-11-22 18:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webshots
2007-11-22 13:58 97 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-22 10:27 89,088 --a------ C:\WINDOWS\system32\crehcjid.dll
2007-11-22 10:27 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
2007-11-22 10:26 37,376 --------- C:\WINDOWS\system32\wvuroon.dll
2007-11-18 14:26 <DIR> d-------- C:\Program Files\Venturi2
2007-11-17 21:13 <DIR> d-------- C:\Program Files\iTunes
2007-11-17 21:13 <DIR> d-------- C:\Program Files\iPod
2007-11-17 21:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-17 21:12 <DIR> d-------- C:\Program Files\QuickTime
2007-11-17 21:12 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-17 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-17 21:11 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-17 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-10 17:06 42,112 --a------ C:\WINDOWS\system32\drivers\motodrv.sys
2007-11-10 17:06 23,680 --a------ C:\WINDOWS\system32\drivers\motport.sys
2007-11-10 17:05 <DIR> d-------- C:\Program Files\Motorola
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2007-11-10 16:08 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-11-10 16:08 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-11-10 16:08 17,920 --a------ C:\WINDOWS\system32\drivers\motccgp.sys
2007-11-10 16:08 7,680 --a------ C:\WINDOWS\system32\drivers\motccgpfl.sys
2007-11-10 16:08 6,400 --a------ C:\WINDOWS\system32\drivers\motswch.sys
2007-11-10 16:07 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2007-11-10 16:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-11-10 15:57 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2007-11-10 15:57 92,064 --a------ C:\Documents and Settings\Owner\mqdmmdm.sys
2007-11-10 15:57 79,328 --a------ C:\Documents and Settings\Owner\mqdmserd.sys
2007-11-10 15:57 66,656 --a------ C:\Documents and Settings\Owner\mqdmbus.sys
2007-11-10 15:57 25,600 --a------ C:\Documents and Settings\Owner\usbsermptxp.sys
2007-11-10 15:57 22,768 --a------ C:\Documents and Settings\Owner\usbsermpt.sys
2007-11-10 15:57 9,232 --a------ C:\Documents and Settings\Owner\mqdmmdfl.sys
2007-11-10 15:57 6,208 --a------ C:\Documents and Settings\Owner\mqdmcmnt.sys
2007-11-10 15:57 5,936 --a------ C:\Documents and Settings\Owner\mqdmwhnt.sys
2007-11-10 15:57 4,048 --a------ C:\Documents and Settings\Owner\mqdmcr.sys
2007-11-09 17:22 <DIR> d-------- C:\Program Files\LiveUpdate
2007-11-09 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-09 17:21 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-11-09 17:21 25,600 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2007-11-09 16:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-09 16:56 6,208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys
2007-11-09 16:56 5,936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys
2007-11-04 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\X10 Settings
2007-11-04 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2007-11-04 12:01 <DIR> d-------- C:\Program Files\Common Files\ATI
2007-11-04 12:01 <DIR> d-------- C:\Program Files\ATI Multimedia
2007-11-04 12:01 257,872 --a------ C:\WINDOWS\system32\drivers\atirwvd.sys
2007-11-04 12:01 9,091 --a------ C:\WINDOWS\system32\drivers\atirwrf.sys
2007-11-04 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-04 10:10 <DIR> d-------- C:\Program Files\Bonjour
2007-11-04 10:02 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-04 09:55 <DIR> d-------- C:\Photoshop 3
2007-11-03 13:24 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-11-02 20:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2007-11-02 19:36 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-02 19:36 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-10-31 18:49 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-31 18:49 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-31 18:49 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-10-31 18:49 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-31 18:49 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-31 18:49 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-31 18:49 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-31 18:49 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-31 18:49 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-28 09:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 01:08 --------- d-----w C:\Program Files\Java
2007-11-26 00:37 --------- d-----w C:\Program Files\WinMX
2007-11-26 00:35 --------- d-----w C:\Program Files\Kazaa Lite K++
2007-11-25 18:58 --------- d-----w C:\Program Files\Viewpoint
2007-11-25 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-24 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 00:55 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-23 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-22 16:27 1,033,783 ------w C:\windows\explorer.exe
2007-11-18 20:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 21:58 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-07 21:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-11-03 19:05 --------- d-----w C:\Program Files\IncrediMail
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Yahoo! Messenger
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\VERITAS
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Symantec
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Sonic
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Smith Micro
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Share-to-Web Upload Folder
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Roxio
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Motive
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Micrografx
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Leadertech
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Kazaa Lite
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\InterVideo
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\InterTrust
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Goodsol
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\GlobalSCAPE
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\DVD Shrink 3.0
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\COREL
2007-10-25 07:27 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\BPFTP
2007-10-25 07:27 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\ArcSoft
2007-10-25 07:27 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Ahead
2007-10-25 05:36 --------- d-----w C:\Program Files\~NavNT
2007-10-25 05:35 --------- d-----w C:\Program Files\Yahoo!
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro V1.2 Build 220
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro V1.2 Build 216
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro V1.2 Build 204
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro V1.1 Build 154
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro SP2
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelBasic V1.3 Build 244
2007-10-25 05:35 --------- d-----w C:\Program Files\Y-VoiceAlert
2007-10-25 05:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-10-25 05:34 --------- d-----w C:\Program Files\WinISO
2007-10-25 05:34 --------- d-----w C:\Program Files\Windows Media Connect
2007-10-25 05:34 --------- d-----w C:\Program Files\Windows Media Components
2007-10-25 05:34 --------- d-----w C:\Program Files\Windows Journal Viewer
2007-10-25 05:34 --------- d-----w C:\Program Files\WexTech
2007-10-25 05:33 --------- d-----w C:\Program Files\Western Digital
2007-10-25 05:33 --------- d-----w C:\Program Files\Veo Digital Studio
2007-10-25 05:31 --------- d-----w C:\Program Files\Veo Advanced Connect
2007-10-25 05:31 --------- d-----w C:\Program Files\VCDEasy
2007-10-25 05:30 --------- d-----w C:\Program Files\UselessCreations
2007-10-25 05:30 --------- d-----w C:\Program Files\TurboTax
2007-10-25 05:29 --------- d-----w C:\Program Files\Trymedia
2007-10-25 05:29 --------- d-----w C:\Program Files\Trivia Machine
2007-10-25 05:29 --------- d-----w C:\Program Files\Trillian
2007-10-25 05:29 --------- d-----w C:\Program Files\Thumbs4
2007-10-25 05:28 --------- d-----w C:\Program Files\TextAloud MP3
2007-10-25 05:28 --------- d-----w C:\Program Files\TaxCut03
2007-10-25 05:26 --------- d-----w C:\Program Files\Tax Table Library
2007-10-25 05:26 --------- d-----w C:\Program Files\Symantec
2007-10-25 05:26 --------- d-----w C:\Program Files\SureThing
2007-10-25 05:24 --------- d-----w C:\Program Files\Super DVD Ripper
2007-10-25 04:47 --------- d-----w C:\Program Files\StreamCast
2007-10-25 04:47 --------- d-----w C:\Program Files\Stomp RecordNow MAX
2007-10-25 04:47 --------- d-----w C:\Program Files\Stomp
2007-10-25 04:47 --------- d-----w C:\Program Files\Sqirlz Morph
2007-10-25 04:47 --------- d-----w C:\Program Files\SpywareBlaster
2007-10-25 04:47 --------- d-----w C:\Program Files\Sonic
2007-10-25 04:47 --------- d-----w C:\Program Files\SoftBusters
2007-10-25 04:47 --------- d-----w C:\Program Files\Smead
2007-10-25 04:47 --------- d-----w C:\Program Files\Smart Explorer
2007-10-25 04:46 --------- d-----w C:\Program Files\Skype
2007-10-25 04:45 --------- d-----w C:\Program Files\ScanSoft
2007-10-25 04:43 --------- d-----w C:\Program Files\Roxio
2007-10-25 04:43 --------- d-----w C:\Program Files\ReflexiveArcade
2007-10-25 04:43 --------- d-----w C:\Program Files\RecordNow MAX Platinum
2007-10-25 04:42 --------- d-----w C:\Program Files\Reality Fusion
2007-10-25 04:41 --------- d-----w C:\Program Files\Real
2007-10-25 04:41 --------- d-----w C:\Program Files\Ravisent
2007-10-25 04:41 --------- d-----w C:\Program Files\RADVideo
2007-10-25 04:41 --------- d-----w C:\Program Files\QUICKENW
2007-10-25 04:39 --------- d-----w C:\Program Files\Quicken Legal Products
2007-10-25 04:39 --------- d-----w C:\Program Files\Quicken Lawyer 2003 Business
2007-10-25 04:38 --------- d-----w C:\Program Files\QUICKEN Home
2007-10-25 04:37 --------- d-----w C:\Program Files\Quake III Arena
2007-10-25 04:36 --------- d-----w C:\Program Files\Pretty Good MahJongg
2007-10-25 04:35 --------- d-----w C:\Program Files\Pinnacle
2007-10-25 04:28 --------- d-----w C:\Program Files\Picasa
2007-10-25 04:28 --------- d-----w C:\Program Files\Photoshp
2007-10-25 04:28 --------- d-----w C:\Program Files\Photoshop
2007-10-25 04:28 --------- d-----w C:\Program Files\PC-Doctor for Windows XP
2007-10-25 04:26 --------- d-----w C:\Program Files\OfficeUpdate11
2007-10-25 04:25 --------- d-----w C:\Program Files\OfficeUpdate
2007-10-25 04:25 --------- d-----w C:\Program Files\Norton AntiVirus(2)
2007-10-25 04:25 --------- d-----w C:\Program Files\NETGEAR
2007-10-25 04:25 --------- d-----w C:\Program Files\NavNT
2007-10-25 04:24 --------- d-----w C:\Program Files\MUSICMATCH
2007-10-25 04:24 --------- d-----w C:\Program Files\MSXML 4.0
2003-06-09 19:03 32 --sha-w C:\windows\{D6352398-86DA-4E87-B5EC-10434E7826F4}.dat
2003-06-09 19:03 32 --sha-w C:\windows\system32\{7C2F35B1-3111-4391-85C5-969E7E83A501}.dat
.

((((((((((((((((((((((((((((( snapshot@2007-11-24_20.46.47.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-07 21:54:27 3,210 ----a-w C:\windows\mozver.dat
+ 2007-11-26 01:05:09 3,210 ----a-w C:\windows\mozver.dat
- 2007-09-25 03:30:28 135,168 ----a-w C:\windows\system32\java.exe
+ 2007-09-25 04:30:28 135,168 ----a-w C:\windows\system32\java.exe
- 2007-09-25 03:30:30 135,168 ----a-w C:\windows\system32\javaw.exe
+ 2007-09-25 04:30:30 135,168 ----a-w C:\windows\system32\javaw.exe
- 2007-09-25 04:31:42 139,264 ----a-w C:\windows\system32\javaws.exe
+ 2007-09-25 05:31:42 139,264 ----a-w C:\windows\system32\javaws.exe
+ 2007-11-27 01:14:33 16,384 ----atw C:\windows\TEMP\Perflib_Perfdata_fa8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0a7906a2-cb9b-46ab-be6b-44031845731d}]
2007-11-24 13:52 81472 --a------ C:\windows\system32\libtiphs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA865151-C855-4868-B60C-CB28F54239F4}]
C:\windows\system32\pmnnn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
2007-11-22 10:26 37376 --------- C:\windows\system32\wvuroon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe" [2002-07-24 18:37]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 01:56]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2006-02-16 13:02]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"P2kAutostart"="C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe" [2005-11-01 19:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-07-28 14:19 C:\WINDOWS\system32\nwiz.exe]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 00:11]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 22:56]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-19 00:39]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-05-15 04:29]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 04:20]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-06-14 17:39]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-22 00:28]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 00:18]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-23 21:12]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 02:49]
"ybxogblccqwo"="C:\WINDOWS\System32\uwrhhn.exe" []
"LTMSG"="LTMSG.exe" [2003-07-14 09:52 C:\WINDOWS\ltmsg.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"vptray"="C:\PROGRA~1\~NavNT\vptray.exe" [2003-05-21 00:21]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-02-09 14:22:49]
CheckIt 86.lnk - C:\Program Files\CheckIt\86\CheckIt86.exe [2003-11-14 16:29:09]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
NETGEAR WG311T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2006-09-15 16:12:26]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\windows\system32\wvuroon.dll [2007-11-22 10:26 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
crehcjid.dll 2007-11-22 10:27 89088 C:\WINDOWS\system32\crehcjid.dll
C:\WINDOWS\system32\NavLogon.dll 2003-05-21 00:19 45056 C:\WINDOWS\system32\NavLogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\windows\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\windows\system32\drivers\DVDVRRdr_xp.sys
S3 JumpShot;Lexar Media USB Compact Flash Driver;C:\windows\system32\DRIVERS\LEXAR2K.SYS
S3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys
S3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys
S3 MotDev;Motorola Inc. USB Device;C:\windows\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\windows\system32\DRIVERS\motmodem.sys
S3 motport;Motorola USB Diagnostic Port;C:\windows\system32\DRIVERS\motport.sys
S3 mqdmbus;Motorola DM Composite Driver (WDM);C:\windows\system32\DRIVERS\mqdmbus.sys
S3 mqdmmdfl;Motorola USB Modem (Filter);C:\windows\system32\DRIVERS\mqdmmdfl.sys
S3 mqdmmdm;Motorola USB Modem;C:\windows\system32\DRIVERS\mqdmmdm.sys
S3 mqdmserd;Motorola USB Diag;C:\windows\system32\DRIVERS\mqdmserd.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\windows\system32\DRIVERS\sonypvs1.sys
S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\windows\system32\DRIVERS\ucdnt.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-25 09:00:02 C:\windows\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-11-21 21:14:01 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-27 01:13:00 C:\windows\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 19:13:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-26 19:16:27 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-24 20:57
.
--- E O F ---

#10 afritz01

afritz01
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 27 November 2007 - 09:31 PM

My lastest HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:32 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\windows\LTMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\~NavNT\DefWatch.exe
C:\windows\system32\fxiqculh.exe
C:\PROGRA~1\~NavNT\vptray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\~NavNT\Rtvscan.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe
C:\windows\System32\nvsvc32.exe
C:\windows\system32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\windows\system32\rundll32.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\fluffybunny.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {b4ea8fa1-7931-b8cb-0924-a27d48844604} - {40644884-d72a-4290-bc8b-13971af8ae4b} - C:\windows\system32\oxvyitgn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CheckIt 86 Extension Class - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: (no name) - {D8A1F87F-E1A6-42D4-AD3B-073C9BBC7ECE} - C:\windows\system32\vturo.dll
O2 - BHO: (no name) - {EA865151-C855-4868-B60C-CB28F54239F4} - C:\windows\system32\pmnnn.dll (file missing)
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\windows\system32\wvuroon.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [ybxogblccqwo] C:\WINDOWS\System32\uwrhhn.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\~NavNT\vptray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe
O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193876535156
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpnar/en/...hp.cab?1,0,0,94
O20 - Winlogon Notify: crehcjid - C:\windows\SYSTEM32\crehcjid.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\~NavNT\DefWatch.exe
O23 - Service: DomainService - - C:\windows\system32\fxiqculh.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\windows\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\windows\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\~NavNT\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe

--
End of file - 11325 bytes

#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 28 November 2007 - 04:32 PM

Hello there,
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O2 - BHO: {b4ea8fa1-7931-b8cb-0924-a27d48844604} - {40644884-d72a-4290-bc8b-13971af8ae4b} - C:\windows\system32\oxvyitgn.dll
O2 - BHO: (no name) - {D8A1F87F-E1A6-42D4-AD3B-073C9BBC7ECE} - C:\windows\system32\vturo.dll
O2 - BHO: (no name) - {EA865151-C855-4868-B60C-CB28F54239F4} - C:\windows\system32\pmnnn.dll (file missing)
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\windows\system32\wvuroon.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ybxogblccqwo] C:\WINDOWS\System32\uwrhhn.exe
O20 - Winlogon Notify: crehcjid - C:\windows\SYSTEM32\crehcjid.dll
O23 - Service: DomainService - - C:\windows\system32\fxiqculh.exe


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Next, please find and delete the following files (if present):

C:\WINDOWS\System32\fxiqculh.exe
C:\WINDOWS\System32\crehcjid.dll
C:\WINDOWS\System32\uwrhhn.exe

Copy and paste the following text into Notepad:
sc stop DomainService
sc delete DomainService
Save this as "services.bat". Choose to save as *all files and place it on your Desktop.
Double-click services.bat.

Reboot into Normal Mode again.

Then please scan once more with both HijackThis and Combofix, posting the logs in your reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 afritz01

afritz01
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 28 November 2007 - 08:33 PM

Thanx again Charles for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:25 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\windows\LTMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\~NavNT\vptray.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\PROGRA~1\~NavNT\DefWatch.exe
C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\PROGRA~1\~NavNT\Rtvscan.exe
C:\windows\system32\rundll32.exe
C:\windows\System32\nvsvc32.exe
C:\windows\system32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\fluffybunny.exe
C:\windows\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CheckIt 86 Extension Class - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: (no name) - {CB339659-66BB-41A2-AA4E-D15324FB5B5E} - C:\windows\system32\ddayv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [ybxogblccqwo] C:\WINDOWS\System32\uwrhhn.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\~NavNT\vptray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe
O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193876535156
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpnar/en/...hp.cab?1,0,0,94
O20 - Winlogon Notify: crehcjid - C:\windows\SYSTEM32\crehcjid.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\~NavNT\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\windows\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\windows\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\~NavNT\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe

--
End of file - 10823 bytes



ComboFix 07-11-19.4 - Owner 2007-11-28 19:17:44.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.590 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix(2).exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\system32\ddayv.dll
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-27 19:35 78,912 --a------ C:\WINDOWS\system32\oxvyitgn.dll
2007-11-27 19:29 78,705 --a------ C:\WINDOWS\system32\ikmikbqo.dll
2007-11-25 19:08 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-24 13:55 5,705 --a------ C:\WINDOWS\system32\cevhpbre.dll
2007-11-24 13:52 81,472 --a------ C:\WINDOWS\system32\libtiphs.dll
2007-11-24 13:45 71,232 --a------ C:\WINDOWS\system32\njhkvqlq.exe
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\WINDOWS
2007-11-23 22:19 <DIR> d---s---- C:\Documents and Settings\Administrator.FRITZS\UserData
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Yahoo! Messenger
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\VERITAS
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Symantec
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Sonic
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Smith Micro
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Share-to-Web Upload Folder
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Roxio
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Motive
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Micrografx
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Leadertech
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Kazaa Lite
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\InterVideo
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\InterTrust
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Goodsol
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\GlobalSCAPE
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\DVD Shrink 3.0
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\COREL
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\BPFTP
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\ArcSoft
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Ahead
2007-11-23 19:22 <DIR> d-------- C:\VundoFix Backups
2007-11-23 11:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert
2007-11-22 18:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webshots
2007-11-22 13:58 97 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-22 10:27 89,088 --a------ C:\WINDOWS\system32\crehcjid.dll
2007-11-22 10:27 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
2007-11-22 10:26 37,376 --------- C:\WINDOWS\system32\wvuroon.dll
2007-11-18 14:26 <DIR> d-------- C:\Program Files\Venturi2
2007-11-17 21:13 <DIR> d-------- C:\Program Files\iTunes
2007-11-17 21:13 <DIR> d-------- C:\Program Files\iPod
2007-11-17 21:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-17 21:12 <DIR> d-------- C:\Program Files\QuickTime
2007-11-17 21:12 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-17 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-17 21:11 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-17 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-10 17:06 42,112 --a------ C:\WINDOWS\system32\drivers\motodrv.sys
2007-11-10 17:06 23,680 --a------ C:\WINDOWS\system32\drivers\motport.sys
2007-11-10 17:05 <DIR> d-------- C:\Program Files\Motorola
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2007-11-10 16:08 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-11-10 16:08 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-11-10 16:08 17,920 --a------ C:\WINDOWS\system32\drivers\motccgp.sys
2007-11-10 16:08 7,680 --a------ C:\WINDOWS\system32\drivers\motccgpfl.sys
2007-11-10 16:08 6,400 --a------ C:\WINDOWS\system32\drivers\motswch.sys
2007-11-10 16:07 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2007-11-10 16:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-11-10 15:57 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2007-11-10 15:57 92,064 --a------ C:\Documents and Settings\Owner\mqdmmdm.sys
2007-11-10 15:57 79,328 --a------ C:\Documents and Settings\Owner\mqdmserd.sys
2007-11-10 15:57 66,656 --a------ C:\Documents and Settings\Owner\mqdmbus.sys
2007-11-10 15:57 25,600 --a------ C:\Documents and Settings\Owner\usbsermptxp.sys
2007-11-10 15:57 22,768 --a------ C:\Documents and Settings\Owner\usbsermpt.sys
2007-11-10 15:57 9,232 --a------ C:\Documents and Settings\Owner\mqdmmdfl.sys
2007-11-10 15:57 6,208 --a------ C:\Documents and Settings\Owner\mqdmcmnt.sys
2007-11-10 15:57 5,936 --a------ C:\Documents and Settings\Owner\mqdmwhnt.sys
2007-11-10 15:57 4,048 --a------ C:\Documents and Settings\Owner\mqdmcr.sys
2007-11-09 17:22 <DIR> d-------- C:\Program Files\LiveUpdate
2007-11-09 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-09 17:21 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-11-09 17:21 25,600 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2007-11-09 16:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-09 16:56 6,208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys
2007-11-09 16:56 5,936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys
2007-11-04 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\X10 Settings
2007-11-04 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2007-11-04 12:01 <DIR> d-------- C:\Program Files\Common Files\ATI
2007-11-04 12:01 <DIR> d-------- C:\Program Files\ATI Multimedia
2007-11-04 12:01 257,872 --a------ C:\WINDOWS\system32\drivers\atirwvd.sys
2007-11-04 12:01 9,091 --a------ C:\WINDOWS\system32\drivers\atirwrf.sys
2007-11-04 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-04 10:10 <DIR> d-------- C:\Program Files\Bonjour
2007-11-04 10:02 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-04 09:55 <DIR> d-------- C:\Photoshop 3
2007-11-03 13:24 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-11-02 20:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2007-11-02 19:36 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-02 19:36 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-10-31 18:49 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-31 18:49 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-31 18:49 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-10-31 18:49 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-31 18:49 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-31 18:49 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-31 18:49 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-31 18:49 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 01:08 --------- d-----w C:\Program Files\Java
2007-11-26 00:37 --------- d-----w C:\Program Files\WinMX
2007-11-26 00:35 --------- d-----w C:\Program Files\Kazaa Lite K++
2007-11-25 18:58 --------- d-----w C:\Program Files\Viewpoint
2007-11-25 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-24 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 00:55 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-23 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-22 16:27 1,033,783 ------w C:\windows\explorer.exe
2007-11-18 20:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 21:58 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-07 21:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-11-03 19:05 --------- d-----w C:\Program Files\IncrediMail
2007-10-28 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-10-27 14:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gtek
2007-10-27 14:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\GTek
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Yahoo! Messenger
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\VERITAS
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Symantec
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Sonic
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Smith Micro
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Share-to-Web Upload Folder
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Roxio
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Motive
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Micrografx
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Leadertech
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Kazaa Lite
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\InterVideo
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\InterTrust
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Goodsol
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\GlobalSCAPE
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\DVD Shrink 3.0
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\COREL
2007-10-25 07:27 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\BPFTP
2007-10-25 07:27 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\ArcSoft
2007-10-25 07:27 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Ahead
2007-10-25 05:36 --------- d-----w C:\Program Files\~NavNT
2007-10-25 05:35 --------- d-----w C:\Program Files\Yahoo!
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro V1.2 Build 220
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro V1.2 Build 216
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro V1.2 Build 204
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro V1.1 Build 154
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro SP2
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelBasic V1.3 Build 244
2007-10-25 05:35 --------- d-----w C:\Program Files\Y-VoiceAlert
2007-10-25 05:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-10-25 05:34 --------- d-----w C:\Program Files\WinISO
2007-10-25 05:34 --------- d-----w C:\Program Files\Windows Media Connect
2007-10-25 05:34 --------- d-----w C:\Program Files\Windows Media Components
2007-10-25 05:34 --------- d-----w C:\Program Files\Windows Journal Viewer
2007-10-25 05:34 --------- d-----w C:\Program Files\WexTech
2007-10-25 05:33 --------- d-----w C:\Program Files\Western Digital
2007-10-25 05:33 --------- d-----w C:\Program Files\Veo Digital Studio
2007-10-25 05:31 --------- d-----w C:\Program Files\Veo Advanced Connect
2007-10-25 05:31 --------- d-----w C:\Program Files\VCDEasy
2007-10-25 05:30 --------- d-----w C:\Program Files\UselessCreations
2007-10-25 05:30 --------- d-----w C:\Program Files\TurboTax
2007-10-25 05:29 --------- d-----w C:\Program Files\Trymedia
2007-10-25 05:29 --------- d-----w C:\Program Files\Trivia Machine
2007-10-25 05:29 --------- d-----w C:\Program Files\Trillian
2007-10-25 05:29 --------- d-----w C:\Program Files\Thumbs4
2007-10-25 05:28 --------- d-----w C:\Program Files\TextAloud MP3
2007-10-25 05:28 --------- d-----w C:\Program Files\TaxCut03
2007-10-25 05:26 --------- d-----w C:\Program Files\Tax Table Library
2007-10-25 05:26 --------- d-----w C:\Program Files\Symantec
2007-10-25 05:26 --------- d-----w C:\Program Files\SureThing
2007-10-25 05:24 --------- d-----w C:\Program Files\Super DVD Ripper
2007-10-25 04:47 --------- d-----w C:\Program Files\StreamCast
2007-10-25 04:47 --------- d-----w C:\Program Files\Stomp RecordNow MAX
2007-10-25 04:47 --------- d-----w C:\Program Files\Stomp
2007-10-25 04:47 --------- d-----w C:\Program Files\Sqirlz Morph
2007-10-25 04:47 --------- d-----w C:\Program Files\SpywareBlaster
2007-10-25 04:47 --------- d-----w C:\Program Files\Sonic
2007-10-25 04:47 --------- d-----w C:\Program Files\SoftBusters
2007-10-25 04:47 --------- d-----w C:\Program Files\Smead
2007-10-25 04:47 --------- d-----w C:\Program Files\Smart Explorer
2007-10-25 04:46 --------- d-----w C:\Program Files\Skype
2007-10-25 04:45 --------- d-----w C:\Program Files\ScanSoft
2007-10-25 04:43 --------- d-----w C:\Program Files\Roxio
2007-10-25 04:43 --------- d-----w C:\Program Files\ReflexiveArcade
2007-10-25 04:43 --------- d-----w C:\Program Files\RecordNow MAX Platinum
2007-10-25 04:42 --------- d-----w C:\Program Files\Reality Fusion
2007-10-25 04:41 --------- d-----w C:\Program Files\Real
2007-10-25 04:41 --------- d-----w C:\Program Files\Ravisent
2007-10-25 04:41 --------- d-----w C:\Program Files\RADVideo
2007-10-25 04:41 --------- d-----w C:\Program Files\QUICKENW
2007-10-25 04:39 --------- d-----w C:\Program Files\Quicken Legal Products
2007-10-25 04:39 --------- d-----w C:\Program Files\Quicken Lawyer 2003 Business
2007-10-25 04:38 --------- d-----w C:\Program Files\QUICKEN Home
2007-10-25 04:37 --------- d-----w C:\Program Files\Quake III Arena
2007-10-25 04:36 --------- d-----w C:\Program Files\Pretty Good MahJongg
2007-10-25 04:35 --------- d-----w C:\Program Files\Pinnacle
2007-10-25 04:28 --------- d-----w C:\Program Files\Picasa
2007-10-25 04:28 --------- d-----w C:\Program Files\Photoshp
2007-10-25 04:28 --------- d-----w C:\Program Files\Photoshop
2007-10-25 04:28 --------- d-----w C:\Program Files\PC-Doctor for Windows XP
2007-10-25 04:26 --------- d-----w C:\Program Files\OfficeUpdate11
2007-10-25 04:25 --------- d-----w C:\Program Files\OfficeUpdate
2007-10-25 04:25 --------- d-----w C:\Program Files\Norton AntiVirus(2)
2007-10-25 04:25 --------- d-----w C:\Program Files\NETGEAR
2003-06-09 19:03 32 --sha-w C:\windows\{D6352398-86DA-4E87-B5EC-10434E7826F4}.dat
2003-06-09 19:03 32 --sha-w C:\windows\system32\{7C2F35B1-3111-4391-85C5-969E7E83A501}.dat
.

((((((((((((((((((((((((((((( snapshot@2007-11-24_20.46.47.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-07 21:54:27 3,210 ----a-w C:\windows\mozver.dat
+ 2007-11-26 01:05:09 3,210 ----a-w C:\windows\mozver.dat
- 2007-09-25 03:30:28 135,168 ----a-w C:\windows\system32\java.exe
+ 2007-09-25 04:30:28 135,168 ----a-w C:\windows\system32\java.exe
- 2007-09-25 03:30:30 135,168 ----a-w C:\windows\system32\javaw.exe
+ 2007-09-25 04:30:30 135,168 ----a-w C:\windows\system32\javaw.exe
- 2007-09-25 04:31:42 139,264 ----a-w C:\windows\system32\javaws.exe
+ 2007-09-25 05:31:42 139,264 ----a-w C:\windows\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe" [2002-07-24 18:37]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 01:56]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2006-02-16 13:02]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"P2kAutostart"="C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe" [2005-11-01 19:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-07-28 14:19 C:\WINDOWS\system32\nwiz.exe]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 00:11]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 22:56]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-19 00:39]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-05-15 04:29]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 04:20]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-06-14 17:39]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-22 00:28]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 00:18]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-23 21:12]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 02:49]
"ybxogblccqwo"="C:\WINDOWS\System32\uwrhhn.exe" []
"LTMSG"="LTMSG.exe" [2003-07-14 09:52 C:\WINDOWS\ltmsg.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"vptray"="C:\PROGRA~1\~NavNT\vptray.exe" [2003-05-21 00:21]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-02-09 14:22:49]
CheckIt 86.lnk - C:\Program Files\CheckIt\86\CheckIt86.exe [2003-11-14 16:29:09]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
NETGEAR WG311T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2006-09-15 16:12:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
crehcjid.dll 2007-11-22 10:27 89088 C:\WINDOWS\system32\crehcjid.dll
C:\WINDOWS\system32\NavLogon.dll 2003-05-21 00:19 45056 C:\WINDOWS\system32\NavLogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\windows\system32\ddayv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\windows\system32\drivers\DVDVRRdr_xp.sys
S3 JumpShot;Lexar Media USB Compact Flash Driver;C:\windows\system32\DRIVERS\LEXAR2K.SYS
S3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys
S3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys
S3 MotDev;Motorola Inc. USB Device;C:\windows\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\windows\system32\DRIVERS\motmodem.sys
S3 motport;Motorola USB Diagnostic Port;C:\windows\system32\DRIVERS\motport.sys
S3 mqdmbus;Motorola DM Composite Driver (WDM);C:\windows\system32\DRIVERS\mqdmbus.sys
S3 mqdmmdfl;Motorola USB Modem (Filter);C:\windows\system32\DRIVERS\mqdmmdfl.sys
S3 mqdmmdm;Motorola USB Modem;C:\windows\system32\DRIVERS\mqdmmdm.sys
S3 mqdmserd;Motorola USB Diag;C:\windows\system32\DRIVERS\mqdmserd.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\windows\system32\DRIVERS\sonypvs1.sys
S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\windows\system32\DRIVERS\ucdnt.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-28 09:00:00 C:\windows\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-11-28 21:14:00 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-29 01:27:00 C:\windows\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 19:27:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 19:30:04 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-27 23:08
C:\ComboFix3.txt ... 2007-11-26 19:16
.
--- E O F ---

#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 29 November 2007 - 04:17 PM

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O2 - BHO: (no name) - {CB339659-66BB-41A2-AA4E-D15324FB5B5E} - C:\windows\system32\ddayv.dll
O4 - HKLM\..\Run: [ybxogblccqwo] C:\WINDOWS\System32\uwrhhn.exe
O20 - Winlogon Notify: crehcjid - C:\windows\SYSTEM32\crehcjid.dll


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Open Notepad - don't use any other text editor or the script will fail.
Copy and paste the text in the quote box below into the document:

File::
C:\WINDOWS\system32\oxvyitgn.dll
C:\WINDOWS\system32\ikmikbqo.dll
C:\WINDOWS\system32\cevhpbre.dll
C:\WINDOWS\system32\libtiphs.dll
C:\WINDOWS\system32\njhkvqlq.exe
C:\WINDOWS\system32\crehcjid.dll
C:\WINDOWS\system32\wvuroon.dll


Save this as txtfile CFScript .
Then drag the CFScript into ComboFix.exe as you see in the screenshot below:

Posted Image

This will start ComboFix again.
A new log will be created, which i would like to see in your reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#14 afritz01

afritz01
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 29 November 2007 - 05:15 PM

ComboFix 07-11-19.4 - Owner 2007-11-29 15:58:00.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.533 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt

FILE
C:\WINDOWS\system32\cevhpbre.dll
C:\WINDOWS\system32\crehcjid.dll
C:\WINDOWS\system32\ikmikbqo.dll
C:\WINDOWS\system32\libtiphs.dll
C:\WINDOWS\system32\njhkvqlq.exe
C:\WINDOWS\system32\oxvyitgn.dll
C:\WINDOWS\system32\wvuroon.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cevhpbre.dll
C:\WINDOWS\system32\crehcjid.dll
C:\WINDOWS\system32\ikmikbqo.dll
C:\WINDOWS\system32\libtiphs.dll
C:\WINDOWS\system32\njhkvqlq.exe
C:\WINDOWS\system32\oxvyitgn.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-25 19:08 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\WINDOWS
2007-11-23 22:19 <DIR> d---s---- C:\Documents and Settings\Administrator.FRITZS\UserData
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Yahoo! Messenger
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\VERITAS
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Symantec
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Sonic
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Smith Micro
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Share-to-Web Upload Folder
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Roxio
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Motive
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Micrografx
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Leadertech
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Kazaa Lite
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\InterVideo
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\InterTrust
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Goodsol
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\GlobalSCAPE
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\DVD Shrink 3.0
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\COREL
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\BPFTP
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\ArcSoft
2007-11-23 22:19 <DIR> d-------- C:\Documents and Settings\Administrator.FRITZS\Application Data\Ahead
2007-11-23 19:22 <DIR> d-------- C:\VundoFix Backups
2007-11-23 11:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert
2007-11-22 18:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webshots
2007-11-22 13:58 97 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-22 10:27 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
2007-11-18 14:26 <DIR> d-------- C:\Program Files\Venturi2
2007-11-17 21:13 <DIR> d-------- C:\Program Files\iTunes
2007-11-17 21:13 <DIR> d-------- C:\Program Files\iPod
2007-11-17 21:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-17 21:12 <DIR> d-------- C:\Program Files\QuickTime
2007-11-17 21:12 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-17 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-17 21:11 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-17 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-10 17:06 42,112 --a------ C:\WINDOWS\system32\drivers\motodrv.sys
2007-11-10 17:06 23,680 --a------ C:\WINDOWS\system32\drivers\motport.sys
2007-11-10 17:05 <DIR> d-------- C:\Program Files\Motorola
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2007-11-10 16:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2007-11-10 16:08 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-11-10 16:08 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-11-10 16:08 17,920 --a------ C:\WINDOWS\system32\drivers\motccgp.sys
2007-11-10 16:08 7,680 --a------ C:\WINDOWS\system32\drivers\motccgpfl.sys
2007-11-10 16:08 6,400 --a------ C:\WINDOWS\system32\drivers\motswch.sys
2007-11-10 16:07 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2007-11-10 16:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-11-10 15:57 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2007-11-10 15:57 92,064 --a------ C:\Documents and Settings\Owner\mqdmmdm.sys
2007-11-10 15:57 79,328 --a------ C:\Documents and Settings\Owner\mqdmserd.sys
2007-11-10 15:57 66,656 --a------ C:\Documents and Settings\Owner\mqdmbus.sys
2007-11-10 15:57 25,600 --a------ C:\Documents and Settings\Owner\usbsermptxp.sys
2007-11-10 15:57 22,768 --a------ C:\Documents and Settings\Owner\usbsermpt.sys
2007-11-10 15:57 9,232 --a------ C:\Documents and Settings\Owner\mqdmmdfl.sys
2007-11-10 15:57 6,208 --a------ C:\Documents and Settings\Owner\mqdmcmnt.sys
2007-11-10 15:57 5,936 --a------ C:\Documents and Settings\Owner\mqdmwhnt.sys
2007-11-10 15:57 4,048 --a------ C:\Documents and Settings\Owner\mqdmcr.sys
2007-11-09 17:22 <DIR> d-------- C:\Program Files\LiveUpdate
2007-11-09 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-09 17:21 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-11-09 17:21 25,600 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2007-11-09 16:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-09 16:56 6,208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys
2007-11-09 16:56 5,936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys
2007-11-04 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\X10 Settings
2007-11-04 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2007-11-04 12:01 <DIR> d-------- C:\Program Files\Common Files\ATI
2007-11-04 12:01 <DIR> d-------- C:\Program Files\ATI Multimedia
2007-11-04 12:01 257,872 --a------ C:\WINDOWS\system32\drivers\atirwvd.sys
2007-11-04 12:01 9,091 --a------ C:\WINDOWS\system32\drivers\atirwrf.sys
2007-11-04 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-04 10:10 <DIR> d-------- C:\Program Files\Bonjour
2007-11-04 10:02 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-04 09:55 <DIR> d-------- C:\Photoshop 3
2007-11-03 13:24 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-11-02 20:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2007-11-02 19:36 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-02 19:36 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-10-31 18:49 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-31 18:49 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-31 18:49 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-10-31 18:49 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-31 18:49 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-31 18:49 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-31 18:49 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-31 18:49 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-31 18:49 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 01:08 --------- d-----w C:\Program Files\Java
2007-11-26 00:37 --------- d-----w C:\Program Files\WinMX
2007-11-26 00:35 --------- d-----w C:\Program Files\Kazaa Lite K++
2007-11-25 18:58 --------- d-----w C:\Program Files\Viewpoint
2007-11-25 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-24 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 00:55 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-23 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-18 20:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 21:58 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-07 21:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-11-03 19:05 --------- d-----w C:\Program Files\IncrediMail
2007-10-28 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-10-27 14:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gtek
2007-10-27 14:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\GTek
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Yahoo! Messenger
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\VERITAS
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Symantec
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Sonic
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Smith Micro
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Share-to-Web Upload Folder
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Roxio
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Motive
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Micrografx
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Leadertech
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Kazaa Lite
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\InterVideo
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\InterTrust
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Goodsol
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\GlobalSCAPE
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\DVD Shrink 3.0
2007-10-25 07:28 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\COREL
2007-10-25 07:27 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\BPFTP
2007-10-25 07:27 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\ArcSoft
2007-10-25 07:27 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Ahead
2007-10-25 05:36 --------- d-----w C:\Program Files\~NavNT
2007-10-25 05:35 --------- d-----w C:\Program Files\Yahoo!
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro V1.2 Build 220
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro V1.2 Build 216
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro V1.2 Build 204
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro V1.1 Build 154
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelPro SP2
2007-10-25 05:35 --------- d-----w C:\Program Files\Y!TunnelBasic V1.3 Build 244
2007-10-25 05:35 --------- d-----w C:\Program Files\Y-VoiceAlert
2007-10-25 05:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-10-25 05:34 --------- d-----w C:\Program Files\WinISO
2007-10-25 05:34 --------- d-----w C:\Program Files\Windows Media Connect
2007-10-25 05:34 --------- d-----w C:\Program Files\Windows Media Components
2007-10-25 05:34 --------- d-----w C:\Program Files\Windows Journal Viewer
2007-10-25 05:34 --------- d-----w C:\Program Files\WexTech
2007-10-25 05:33 --------- d-----w C:\Program Files\Western Digital
2007-10-25 05:33 --------- d-----w C:\Program Files\Veo Digital Studio
2007-10-25 05:31 --------- d-----w C:\Program Files\Veo Advanced Connect
2007-10-25 05:31 --------- d-----w C:\Program Files\VCDEasy
2007-10-25 05:30 --------- d-----w C:\Program Files\UselessCreations
2007-10-25 05:30 --------- d-----w C:\Program Files\TurboTax
2007-10-25 05:29 --------- d-----w C:\Program Files\Trymedia
2007-10-25 05:29 --------- d-----w C:\Program Files\Trivia Machine
2007-10-25 05:29 --------- d-----w C:\Program Files\Trillian
2007-10-25 05:29 --------- d-----w C:\Program Files\Thumbs4
2007-10-25 05:28 --------- d-----w C:\Program Files\TextAloud MP3
2007-10-25 05:28 --------- d-----w C:\Program Files\TaxCut03
2007-10-25 05:26 --------- d-----w C:\Program Files\Tax Table Library
2007-10-25 05:26 --------- d-----w C:\Program Files\Symantec
2007-10-25 05:26 --------- d-----w C:\Program Files\SureThing
2007-10-25 05:24 --------- d-----w C:\Program Files\Super DVD Ripper
2007-10-25 04:47 --------- d-----w C:\Program Files\StreamCast
2007-10-25 04:47 --------- d-----w C:\Program Files\Stomp RecordNow MAX
2007-10-25 04:47 --------- d-----w C:\Program Files\Stomp
2007-10-25 04:47 --------- d-----w C:\Program Files\Sqirlz Morph
2007-10-25 04:47 --------- d-----w C:\Program Files\SpywareBlaster
2007-10-25 04:47 --------- d-----w C:\Program Files\Sonic
2007-10-25 04:47 --------- d-----w C:\Program Files\SoftBusters
2007-10-25 04:47 --------- d-----w C:\Program Files\Smead
2007-10-25 04:47 --------- d-----w C:\Program Files\Smart Explorer
2007-10-25 04:46 --------- d-----w C:\Program Files\Skype
2007-10-25 04:45 --------- d-----w C:\Program Files\ScanSoft
2007-10-25 04:43 --------- d-----w C:\Program Files\Roxio
2007-10-25 04:43 --------- d-----w C:\Program Files\ReflexiveArcade
2007-10-25 04:43 --------- d-----w C:\Program Files\RecordNow MAX Platinum
2007-10-25 04:42 --------- d-----w C:\Program Files\Reality Fusion
2007-10-25 04:41 --------- d-----w C:\Program Files\Real
2007-10-25 04:41 --------- d-----w C:\Program Files\Ravisent
2007-10-25 04:41 --------- d-----w C:\Program Files\RADVideo
2007-10-25 04:41 --------- d-----w C:\Program Files\QUICKENW
2007-10-25 04:39 --------- d-----w C:\Program Files\Quicken Legal Products
2007-10-25 04:39 --------- d-----w C:\Program Files\Quicken Lawyer 2003 Business
2007-10-25 04:38 --------- d-----w C:\Program Files\QUICKEN Home
2007-10-25 04:37 --------- d-----w C:\Program Files\Quake III Arena
2007-10-25 04:36 --------- d-----w C:\Program Files\Pretty Good MahJongg
2007-10-25 04:35 --------- d-----w C:\Program Files\Pinnacle
2007-10-25 04:28 --------- d-----w C:\Program Files\Picasa
2007-10-25 04:28 --------- d-----w C:\Program Files\Photoshp
2007-10-25 04:28 --------- d-----w C:\Program Files\Photoshop
2007-10-25 04:28 --------- d-----w C:\Program Files\PC-Doctor for Windows XP
2007-10-25 04:26 --------- d-----w C:\Program Files\OfficeUpdate11
2007-10-25 04:25 --------- d-----w C:\Program Files\OfficeUpdate
2007-10-25 04:25 --------- d-----w C:\Program Files\Norton AntiVirus(2)
2007-10-25 04:25 --------- d-----w C:\Program Files\NETGEAR
2007-10-25 04:25 --------- d-----w C:\Program Files\NavNT
2003-06-09 19:03 32 --sha-w C:\windows\{D6352398-86DA-4E87-B5EC-10434E7826F4}.dat
2003-06-09 19:03 32 --sha-w C:\windows\system32\{7C2F35B1-3111-4391-85C5-969E7E83A501}.dat
.

((((((((((((((((((((((((((((( snapshot@2007-11-24_20.46.47.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-22 16:27:36 1,033,783 ------w C:\windows\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\windows\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\windows\explorer.exe.bak
- 2007-11-07 21:54:27 3,210 ----a-w C:\windows\mozver.dat
+ 2007-11-26 01:05:09 3,210 ----a-w C:\windows\mozver.dat
- 2007-09-25 03:30:28 135,168 ----a-w C:\windows\system32\java.exe
+ 2007-09-25 04:30:28 135,168 ----a-w C:\windows\system32\java.exe
- 2007-09-25 03:30:30 135,168 ----a-w C:\windows\system32\javaw.exe
+ 2007-09-25 04:30:30 135,168 ----a-w C:\windows\system32\javaw.exe
- 2007-09-25 04:31:42 139,264 ----a-w C:\windows\system32\javaws.exe
+ 2007-09-25 05:31:42 139,264 ----a-w C:\windows\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe" [2002-07-24 18:37]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 01:56]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2006-02-16 13:02]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"P2kAutostart"="C:\Documents and Settings\Owner\Desktop\P2kCommander-V3.3.0\P2kAutostart.exe" [2005-11-01 19:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-07-28 14:19 C:\WINDOWS\system32\nwiz.exe]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 00:11]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 22:56]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-19 00:39]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-05-15 04:29]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 04:20]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-06-14 17:39]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-22 00:28]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 00:18]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-23 21:12]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 02:49]
"LTMSG"="LTMSG.exe" [2003-07-14 09:52 C:\WINDOWS\ltmsg.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"vptray"="C:\PROGRA~1\~NavNT\vptray.exe" [2003-05-21 00:21]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-02-09 14:22:49]
CheckIt 86.lnk - C:\Program Files\CheckIt\86\CheckIt86.exe [2003-11-14 16:29:09]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
NETGEAR WG311T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2006-09-15 16:12:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
crehcjid.dll
C:\WINDOWS\system32\NavLogon.dll 2003-05-21 00:19 45056 C:\WINDOWS\system32\NavLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU

R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\windows\system32\drivers\DVDVRRdr_xp.sys
S3 JumpShot;Lexar Media USB Compact Flash Driver;C:\windows\system32\DRIVERS\LEXAR2K.SYS
S3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys
S3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys
S3 MotDev;Motorola Inc. USB Device;C:\windows\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\windows\system32\DRIVERS\motmodem.sys
S3 motport;Motorola USB Diagnostic Port;C:\windows\system32\DRIVERS\motport.sys
S3 mqdmbus;Motorola DM Composite Driver (WDM);C:\windows\system32\DRIVERS\mqdmbus.sys
S3 mqdmmdfl;Motorola USB Modem (Filter);C:\windows\system32\DRIVERS\mqdmmdfl.sys
S3 mqdmmdm;Motorola USB Modem;C:\windows\system32\DRIVERS\mqdmmdm.sys
S3 mqdmserd;Motorola USB Diag;C:\windows\system32\DRIVERS\mqdmserd.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\windows\system32\DRIVERS\sonypvs1.sys
S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\windows\system32\DRIVERS\ucdnt.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-29 09:00:00 C:\windows\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-11-28 21:14:00 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-29 22:07:26 C:\windows\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 16:07:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 16:12:06 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-28 19:30
C:\ComboFix3.txt ... 2007-11-27 23:08
.
--- E O F ---

#15 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 30 November 2007 - 04:01 PM

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users