Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans Family


  • This topic is locked This topic is locked
17 replies to this topic

#1 HIGHTOWER

HIGHTOWER

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 30 November 2007 - 05:11 PM

here is the logfile lads and i hope i have done this correct but if i havent please tell me cheers
Micro HijackThis v2.0.2
Scan saved at 22:04:07, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\DLBTPSWX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1475859870-1791034012-3205403019-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'lorraine')
O4 - HKUS\S-1-5-21-1475859870-1791034012-3205403019-1006\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (User 'lorraine')
O4 - HKUS\S-1-5-21-1475859870-1791034012-3205403019-1006\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (User 'lorraine')
O4 - HKUS\S-1-5-21-1475859870-1791034012-3205403019-1006\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'lorraine')
O4 - HKUS\S-1-5-21-1475859870-1791034012-3205403019-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'lorraine')
O4 - HKUS\S-1-5-21-1475859870-1791034012-3205403019-1006\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'lorraine')
O4 - HKUS\S-1-5-21-1475859870-1791034012-3205403019-1006\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon (User 'lorraine')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20Case%20Files%20-%20Ravenhearst/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Hide%20&%20Secret/Images/stg_drm.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153938927562
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32

Edited by HIGHTOWER, 30 November 2007 - 05:11 PM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 01 December 2007 - 10:15 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum HIGHTOWER
My name is Richie and i'll be helping you to fix your problems.

If you have previously downloaded ComboFix,please delete that version now.

*Warning*
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could lead to your system becoming unusable.

Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 01 December 2007 - 09:49 PM

richie thanks for the help mate and here is my log from combofix
007-12-02 1:56:10.1 - NTFSx86
Running from: C:\Documents and Settings\gavin\Local Settings\Temporary Internet Files\Content.IE5\5ILA3AAX\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\darren\Application Data\macromedia\Flash Player\#SharedObjects\DXQX8DB5\www.broadcaster.com
C:\Documents and Settings\darren\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\darren\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\lorraine\Application Data\macromedia\Flash Player\#SharedObjects\8H545FQ5\iforex.com
C:\Documents and Settings\lorraine\Application Data\macromedia\Flash Player\#SharedObjects\8H545FQ5\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\lorraine\Application Data\macromedia\Flash Player\#SharedObjects\8H545FQ5\www.broadcaster.com
C:\Documents and Settings\lorraine\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\lorraine\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\lorraine\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\lorraine\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\ricki\Application Data\FunWebProducts
C:\Documents and Settings\ricki\Application Data\FunWebProducts\Data\ricki\avatar.dat
C:\Documents and Settings\ricki\Application Data\macromedia\Flash Player\#SharedObjects\FC37MVFH\www.broadcaster.com
C:\Documents and Settings\ricki\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\ricki\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\drvcumr.dll
C:\WINDOWS\system32\drvjuvr.dll
C:\WINDOWS\system32\drvpejr.dll
C:\WINDOWS\system32\drvsazr.dll
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini2
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\winpsa32.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-02 00:50 . 2007-12-02 00:50 102,912 --a------ C:\WINDOWS\system32\drvjuv.dll
2007-12-01 20:38 . 2007-12-01 21:03 <DIR> d-------- C:\Program Files\Fab Fashion
2007-11-30 22:03 . 2007-11-30 22:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-29 19:20 . 2007-11-29 19:20 335,968 --a------ C:\WINDOWS\system32\pmkhg.dll
2007-11-28 18:17 . 2007-11-29 15:18 <DIR> d-------- C:\Program Files\Alawar
2007-11-28 16:11 . 2007-11-28 16:11 23,696 --a------ C:\WINDOWS\system32\nnnmjgh.dll
2007-11-28 16:05 . 2007-11-28 16:05 23,696 --a------ C:\WINDOWS\system32\jkkkjii.dll
2007-11-28 15:39 . 2007-11-28 15:39 23,696 --a------ C:\WINDOWS\system32\fccywvs.dll
2007-11-26 18:25 . 2007-11-26 18:25 <DIR> d-------- C:\Program Files\Atari
2007-11-25 17:04 . 2007-11-25 18:41 <DIR> d-------- C:\Program Files\Bonnie's Bookstore
2007-11-25 13:21 . 2007-11-25 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville
2007-11-25 13:20 . 2007-11-25 18:41 <DIR> d-------- C:\Program Files\Christmasville
2007-11-23 21:27 . 2007-11-23 21:27 <DIR> d-------- C:\Program Files\Most Popular Solitaire
2007-11-23 21:25 . 2007-11-23 21:25 <DIR> d-------- C:\Program Files\goodsol
2007-11-23 21:05 . 2007-11-23 21:05 <DIR> d-------- C:\Program Files\SolSuite
2007-11-23 21:05 . 2007-11-23 21:11 <DIR> d-------- C:\Documents and Settings\lorraine\Application Data\SolSuite
2007-11-23 21:05 . 2007-11-23 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TreeCardGames
2007-11-23 19:32 . 2007-12-02 02:30 22,179,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-23 19:32 . 2007-12-02 02:30 253,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-23 19:25 . 2007-11-23 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-22 18:31 . 2007-11-22 18:34 <DIR> d-------- C:\Program Files\Absolutist.com
2007-11-22 16:04 . 2007-11-22 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2007-11-20 19:10 . 2007-11-20 19:10 <DIR> d-------- C:\Documents and Settings\lorraine\Application Data\Sony
2007-11-20 17:37 . 2007-11-20 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Reflexive
2007-11-20 11:15 . 2007-11-23 11:57 <DIR> d-------- C:\Program Files\Avanquest update
2007-11-20 11:15 . 2007-11-20 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-20 11:14 . 2007-11-20 11:14 <DIR> d-------- C:\Documents and Settings\ricki\Application Data\InstallShield
2007-11-20 11:14 . 2007-11-20 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-11-20 11:11 . 2007-11-20 11:11 <DIR> d-------- C:\Documents and Settings\ricki\Application Data\Sony
2007-11-20 11:11 . 2007-11-20 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2007-11-20 11:07 . 2007-11-20 11:14 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-11-19 14:20 . 2007-11-19 14:20 <DIR> d-------- C:\Documents and Settings\lorraine\Application Data\GamesForOne
2007-11-19 14:20 . 2007-11-19 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GamesForOne
2007-11-19 10:31 . 2007-11-19 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Win
2007-11-16 20:39 . 2007-11-16 21:44 <DIR> d-------- C:\Program Files\Gamesville
2007-11-16 20:33 . 2007-11-22 18:15 <DIR> d-------- C:\Program Files\Hardwood Solitaire III
2007-11-15 23:39 . 2007-11-15 23:39 <DIR> d-------- C:\Documents and Settings\gavin\Application Data\ErrorKiller
2007-11-15 23:16 . 2007-11-29 00:29 <DIR> d-------- C:\Program Files\RegistryFix
2007-11-15 23:13 . 2007-11-29 23:16 <DIR> d-------- C:\Program Files\ErrorKiller
2007-11-15 23:13 . 2007-11-15 23:15 <DIR> d-------- C:\Documents and Settings\darren\Application Data\ErrorKiller
2007-11-12 21:46 . 2007-11-12 21:46 <DIR> d-------- C:\Documents and Settings\lorraine\Application Data\Oberon Media
2007-11-10 19:43 . 2007-11-10 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2007-11-03 20:40 . 2007-11-06 14:08 <DIR> d-------- C:\Program Files\Hawaiian Explorer Pearl Harbor
2007-11-03 20:15 . 2007-11-25 14:40 <DIR> d-------- C:\Program Files\iWin.com
2007-11-03 18:56 . 2007-11-03 20:05 <DIR> d-------- C:\Program Files\Digital Smoke
2007-11-03 12:12 . 2007-11-03 17:24 <DIR> d-------- C:\Program Files\1503 AD Demo
2007-11-02 19:29 . 2007-11-02 19:29 <DIR> d-------- C:\Program Files\Activision Value
2007-11-02 19:24 . 2007-11-03 12:25 <DIR> d-------- C:\Documents and Settings\darren\Application Data\GetRightToGo
2007-11-02 17:30 . 2007-11-02 19:03 <DIR> d-------- C:\Program Files\El Dorado Quest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 02:33 --------- d-----w C:\Program Files\Dl_cats
2007-12-01 20:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-01 20:32 --------- d-----w C:\Program Files\Virgin Media Games
2007-12-01 01:13 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 22:53 --------- d-----w C:\Documents and Settings\gavin\Application Data\AVG7
2007-11-30 18:00 --------- d-----w C:\Documents and Settings\lorraine\Application Data\PlayFirst
2007-11-30 11:27 --------- d-----w C:\Documents and Settings\lorraine\Application Data\AVG7
2007-11-30 08:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-30 00:21 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-29 21:57 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-29 16:33 --------- d-----w C:\Program Files\MSN Games
2007-11-29 00:05 --------- d-----w C:\Program Files\SpywareGuard
2007-11-28 21:36 --------- d-----w C:\Documents and Settings\darren\Application Data\uTorrent
2007-11-28 20:10 --------- d-----w C:\Documents and Settings\darren\Application Data\AVG7
2007-11-28 19:37 --------- d-----w C:\Program Files\Sports Interactive
2007-11-27 19:11 --------- d-----w C:\Documents and Settings\lorraine\Application Data\uTorrent
2007-11-27 17:47 --------- d-----w C:\Program Files\Oberon Media
2007-11-26 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 15:21 --------- d-----w C:\Program Files\Common Files\Real
2007-11-24 22:53 --------- d-----w C:\Documents and Settings\darren\Application Data\Sports Interactive
2007-11-13 17:35 --------- d-----w C:\Program Files\Games
2007-11-12 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Media
2007-11-11 22:24 22,017,865 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-05 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-04 21:26 --------- d-----w C:\Program Files\Activision
2007-11-03 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\iWin Games
2007-10-31 16:47 --------- d-----w C:\Documents and Settings\lorraine\Application Data\EleFun Games
2007-10-31 16:15 --------- d-----w C:\Program Files\MSN Messenger
2007-10-29 20:55 --------- d-----w C:\Program Files\Hoyle Miami Soliaire
2007-10-28 17:32 --------- d-----w C:\Documents and Settings\lorraine\Application Data\GameHouse
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 13:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeptunesAdve
2007-10-24 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2007-10-22 20:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-22 20:29 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-21 10:41 --------- d-----w C:\Program Files\BFG
2007-10-19 16:37 --------- d-----w C:\Program Files\Jewel Craft
2007-10-17 13:50 --------- d-----w C:\Program Files\ReflexiveArcade
2007-10-15 15:34 --------- d-----w C:\Documents and Settings\lorraine\Application Data\Abra Academy2
2007-10-14 14:22 --------- d-----w C:\Program Files\RealArcade
2007-10-14 13:28 --------- d-----w C:\Documents and Settings\lorraine\Application Data\Pogo Games
2007-10-10 18:31 --------- d-----w C:\Documents and Settings\lorraine\Application Data\Legends of pirates
2007-10-09 11:39 --------- d-----w C:\Documents and Settings\lorraine\Application Data\funkitron
2007-10-09 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\eGames
2007-10-09 09:12 --------- d-----w C:\Documents and Settings\lorraine\Application Data\eGames
2007-10-07 10:15 --------- d-----w C:\Program Files\Java
2007-10-05 15:39 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-10-05 15:39 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-10-05 15:39 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-10-04 18:09 --------- d-----w C:\Documents and Settings\lorraine\Application Data\ForgottenRiddles
2007-10-03 17:57 --------- d-----w C:\Program Files\Macrogaming
2007-10-02 22:33 --------- d-----w C:\Documents and Settings\gavin\Application Data\VideoEgg
2007-09-06 16:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 16:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-08-05 10:12 18,119,542 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_05_04_41_40_full.dmp.zip
2007-08-05 10:11 93,726 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_05_04_41_48_small.dmp.zip
2007-08-05 10:11 121,259 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_05_05_42_28_small.dmp.zip
2007-08-05 10:11 119,644 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_05_04_36_12_small.dmp.zip
2007-08-05 10:11 113,594 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_05_06_20_47_small.dmp.zip
2007-03-24 08:01 39,705,952 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_03_23_20_37_20_full.dmp.zip
2007-03-24 07:55 40,693,034 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_03_23_20_35_48_full.dmp.zip
2007-03-17 00:51 2,062,665 ----a-w C:\Program Files\spywareguardsetup.exe
2007-03-17 00:28 370,312 ----a-w C:\Program Files\jre-6-windows-i586-iftw.exe
2007-03-16 23:57 39,994,008 ----a-w C:\Program Files\zlsSetup_70_302_000_en.exe
2006-12-27 11:18 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-09-21 20:21 1,493,848 ----a-w C:\Program Files\ccsetup133.exe
2006-09-21 19:25 13,714,856 ----a-w C:\Program Files\zlsSetup_65_737_000_en.exe
2006-08-17 13:09 746,600 ----a-w C:\Documents and Settings\lorraine\GDSSetup.exe
2006-08-17 13:09 558,248 ----a-w C:\Documents and Settings\lorraine\GoogleToolbarInstaller.exe
2006-03-16 19:23 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-12-30 20:16 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2002-07-01 14:13 218 --sha-w C:\Documents and Settings\All Users\Application Data\databack.dat
2007-03-08 16:49 739,263 --sha-w C:\WINDOWS\system32\jjllm.bak1
2005-11-24 16:21 544,768 --sha-r C:\WINDOWS\system32\pcpevoke.exe
2007-03-12 19:01 708,642 --sha-w C:\WINDOWS\system32\xybeg.bak1
2007-03-15 19:02 760,611 --sha-w C:\WINDOWS\system32\xybeg.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D96FC58-CF1C-491B-964B-F6CA7D8EE569}]
2007-11-29 19:20 335968 --a------ C:\WINDOWS\system32\pmkhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2007-11-28 16:05 23696 --a------ C:\WINDOWS\system32\jkkkjii.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74D11412-E762-4313-B75F-33A41FFF1683}]
C:\WINDOWS\system32\ddcya.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-28 19:49]
"msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 05:42]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 15:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 23:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 23:30]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 12:45]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 21:41]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 02:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-24 10:19]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-24 10:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 10:19]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 08:48 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\darren\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2006-08-04 21:07:13]

C:\Documents and Settings\gavin\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\jkkkjii.dll [2007-11-28 16:05 23696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkjii]
jkkkjii.dll 2007-11-28 16:05 23696 C:\WINDOWS\system32\jkkkjii.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmjgh]
nnnmjgh.dll 2007-11-28 16:11 23696 C:\WINDOWS\system32\nnnmjgh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkhg.dll

S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
S3 memsysdrv;Memory System;\??\C:\WINDOWS\system32\drivers\memsysdrv.sys
S3 s117bus;Sony Ericsson Device 117 driver (WDM);C:\WINDOWS\system32\DRIVERS\s117bus.sys
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s117mdfl.sys
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s117mdm.sys
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s117mgmt.sys
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS);C:\WINDOWS\system32\DRIVERS\s117nd5.sys
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s117obex.sys
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM);C:\WINDOWS\system32\DRIVERS\s117unic.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 20:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-12-02 02:40:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-15 23:40:19 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.exe
- C:\Program Files\ErrorKiller
"2007-12-02 00:46:06 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EB691369-3B7E-4FEC-8DBD-E4F5DBADAE91}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-11-30 16:00:00 C:\WINDOWS\Tasks\{01446432-928B-40A1-908E-9BDB3AB85981}_D6MMGY1J_darren.job"
- C:\WINDOWS\system32\mobsync.exe
"2007-11-30 16:00:00 C:\WINDOWS\Tasks\{273B9BE8-93E9-474D-A04C-41E352062AAC}_D6MMGY1J_darren.job"
- C:\WINDOWS\system32\mobsync.exe
"2007-11-30 09:00:05 C:\WINDOWS\Tasks\{AB731211-4554-43DF-9378-5E2E867C2726}_D6MMGY1J_darren.job"
- C:\WINDOWS\system32\mobsync.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 02:37:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

Edited by HIGHTOWER, 02 December 2007 - 02:12 PM.


#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 02 December 2007 - 05:32 AM

Click Start/Control Panel/Add or Remove Programs and remove ErrorKiller and iWin if present,then restart your pc.

Please disable Spybot S&Dís protection,or it will interfere.
You can enable it after you're clean.

Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Reboot the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm

Disable Spywareguard or it will interfere.
Right click the running icon of Spywareguard in the system tray to open the program.
Then go to Menu/File,choose Exit.
It will automatically restart at next boot.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\drvjuv.dll
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\nnnmjgh.dll
C:\WINDOWS\system32\jkkkjii.dll
C:\WINDOWS\system32\fccywvs.dll
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\pcpevoke.exe
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job
C:\Documents and Settings\darren\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Folder::
C:\Program Files\iWin.com
C:\Documents and Settings\All Users\Application Data\Win
C:\Documents and Settings\All Users\Application Data\iWin Games
C:\Documents and Settings\gavin\Application Data\ErrorKiller
C:\Program Files\ErrorKiller
C:\Documents and Settings\darren\Application Data\ErrorKiller
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D96FC58-CF1C-491B-964B-F6CA7D8EE569}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74D11412-E762-4313-B75F-33A41FFF1683}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkjii]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmjgh]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0
Service::
Boonty Games

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#5 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 02 December 2007 - 02:06 PM

Hello richie am sorry its taken so long but i have been trying work things out so hopefully i have now mate :thumbsup:
ComboFix 07-12-02.5 - gavin 2007-12-02 18:22:48.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.137 [GMT 0:00]
Running from: C:\Documents and Settings\gavin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\gavin\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\Documents and Settings\darren\Start Menu\Programs\Startup\PowerReg Scheduler.exe
C:\WINDOWS\system32\drvjuv.dll
C:\WINDOWS\system32\fccywvs.dll
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jkkkjii.dll
C:\WINDOWS\system32\nnnmjgh.dll
C:\WINDOWS\system32\pcpevoke.exe
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\iWin Games
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17032704-0510-0876-8932-28640F0FF0IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17033405-0293-0928-1131-05110F0FF8IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17033605-0710-0968-3562-10280F0FF0IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17035303-0361-0921-6251-43300F0FF9IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17035403-0479-0330-2602-60950F0FF0IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17035404-0603-0683-0962-60730F0FF0IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17035506-0588-0019-9212-07570F0FF1IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17035600-0635-0406-9452-35840F0FF2IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17035605-0583-0213-4312-94460F0FF2IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17135418-6717-0884-2812-36088F0FF2IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17333768-0154-0324-7263-42450F0FF0EB}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17333856-9739-0629-4363-26241F0FF0IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17335009-6008-0564-3511-69495F0FF9IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17335529-3345-0789-3812-61173F0FF6IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data\{17335633-6331-0981-8902-72805F0FF8IW}.dta
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1732745108768932864_TriPeaks.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1733452939281130511_WorldClassSolitaire.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1733657109683561028_hoyle_miami_solitaire.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1733781543247264245_JewelQuest2.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1733867396294362624_Ravenhearst.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1734218006490304541_fgt_nt.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1734224644795941692_Secrets.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1734297371309165884_academy.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1735090085643516949_Lottso2.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1735333619216254330_Hawaiian Explorer Pearl Harbor.exe.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1735434793302606095_Pirateville.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1735446036830966073_ac.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1735487178842813608_BurgerShop.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1735565880199210757_Hidden Relics.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1735593457893816117_FashionFits.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1735606354069453584_AmazingAdventures.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1735606375412066066_AbraAcademy2.ifn.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1735633319818907280_Finders Keepers.exe.stdat
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\drm_1735655832134319446_BabySittingMania.ifn.stdat
C:\Documents and Settings\All Users\Application Data\Win
C:\Documents and Settings\All Users\Application Data\Win\Amazing Adventures\highscore.mse
C:\Documents and Settings\All Users\Application Data\Win\Amazing Adventures\lolly.mse
C:\Documents and Settings\All Users\Application Data\Win\Amazing Adventures\options.mso
C:\Documents and Settings\All Users\Application Data\Win\Amazing Adventures\players.mse
C:\Documents and Settings\darren\Application Data\ErrorKiller
C:\Documents and Settings\darren\Application Data\ErrorKiller\Log\2007 Nov 15 - 11_13_53 PM_968.log
C:\Documents and Settings\darren\Application Data\ErrorKiller\Log\2007 Nov 15 - 11_13_58 PM_875.log
C:\Documents and Settings\darren\Application Data\ErrorKiller\Registry Backups\2007-11-15_23-15-33.reg
C:\Documents and Settings\darren\Start Menu\Programs\Startup\PowerReg Scheduler.exe
C:\Documents and Settings\gavin\Application Data\ErrorKiller
C:\Documents and Settings\gavin\Application Data\ErrorKiller\Log\2007 Nov 15 - 11_39_53 PM_906.log
C:\Documents and Settings\gavin\Application Data\ErrorKiller\Log\2007 Nov 15 - 11_40_17 PM_250.log
C:\Program Files\ErrorKiller
C:\Program Files\ErrorKiller\Errors.stg
C:\Program Files\ErrorKiller\Log\log_2007_11_29_21_50_02.eklog
C:\Program Files\ErrorKiller\Log\log_2007_11_29_21_50_06.eklog
C:\Program Files\ErrorKiller\Log\log_2007_11_29_22_02_18.eklog
C:\Program Files\ErrorKiller\Log\log_2007_11_29_22_02_26.eklog
C:\Program Files\ErrorKiller\Log\log_2007_11_29_22_02_53.eklog
C:\Program Files\ErrorKiller\Log\log_2007_11_29_22_02_59.eklog
C:\Program Files\ErrorKiller\Log\log_2007_11_29_22_53_14.eklog
C:\Program Files\ErrorKiller\Log\log_2007_11_29_23_15_14.eklog
C:\Program Files\ErrorKiller\Registry Backups\2007-11-29_21-57-49.reg
C:\Program Files\iWin.com
C:\Program Files\iWin.com\Babysitting Mania\GLWorker.exe
C:\Program Files\iWin.com\Hidden Relics\GameLauncher.exe
C:\Program Files\iWin.com\Hoyle Miami Solitaire\GameLauncher.exe
C:\Program Files\iWin.com\Tri-Peaks Solitaire To Go\GameLauncher.exe
C:\WINDOWS\system32\fccywvs.dll
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jkkkjii.dll
C:\WINDOWS\system32\nnnmjgh.dll
C:\WINDOWS\system32\pcpevoke.exe
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job

.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-02 02:38 . 2007-12-02 18:33 323,650 --ahs---- C:\WINDOWS\system32\ghkmp.ini2
2007-12-02 02:38 . 2007-12-02 18:35 323,650 --ahs---- C:\WINDOWS\system32\ghkmp.ini
2007-12-01 20:38 . 2007-12-01 21:03 <DIR> d-------- C:\Program Files\Fab Fashion
2007-11-30 22:03 . 2007-11-30 22:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-28 18:17 . 2007-11-29 15:18 <DIR> d-------- C:\Program Files\Alawar
2007-11-26 18:25 . 2007-11-26 18:25 <DIR> d-------- C:\Program Files\Atari
2007-11-25 17:04 . 2007-11-25 18:41 <DIR> d-------- C:\Program Files\Bonnie's Bookstore
2007-11-25 13:21 . 2007-11-25 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville
2007-11-25 13:20 . 2007-11-25 18:41 <DIR> d-------- C:\Program Files\Christmasville
2007-11-23 21:27 . 2007-11-23 21:27 <DIR> d-------- C:\Program Files\Most Popular Solitaire
2007-11-23 21:25 . 2007-11-23 21:25 <DIR> d-------- C:\Program Files\goodsol
2007-11-23 21:05 . 2007-11-23 21:05 <DIR> d-------- C:\Program Files\SolSuite
2007-11-23 21:05 . 2007-11-23 21:11 <DIR> d-------- C:\Documents and Settings\lorraine\Application Data\SolSuite
2007-11-23 21:05 . 2007-11-23 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TreeCardGames
2007-11-23 19:32 . 2007-12-02 18:41 22,179,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-23 19:32 . 2007-12-02 18:41 254,684 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-23 19:25 . 2007-11-23 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-22 18:31 . 2007-11-22 18:34 <DIR> d-------- C:\Program Files\Absolutist.com
2007-11-22 16:04 . 2007-11-22 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2007-11-20 19:10 . 2007-11-20 19:10 <DIR> d-------- C:\Documents and Settings\lorraine\Application Data\Sony
2007-11-20 17:37 . 2007-11-20 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Reflexive
2007-11-20 11:15 . 2007-11-23 11:57 <DIR> d-------- C:\Program Files\Avanquest update
2007-11-20 11:15 . 2007-11-20 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-20 11:14 . 2007-11-20 11:14 <DIR> d-------- C:\Documents and Settings\ricki\Application Data\InstallShield
2007-11-20 11:14 . 2007-11-20 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-11-20 11:11 . 2007-11-20 11:11 <DIR> d-------- C:\Documents and Settings\ricki\Application Data\Sony
2007-11-20 11:11 . 2007-11-20 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2007-11-20 11:07 . 2007-11-20 11:14 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-11-19 14:20 . 2007-11-19 14:20 <DIR> d-------- C:\Documents and Settings\lorraine\Application Data\GamesForOne
2007-11-19 14:20 . 2007-11-19 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GamesForOne
2007-11-16 20:39 . 2007-11-16 21:44 <DIR> d-------- C:\Program Files\Gamesville
2007-11-16 20:33 . 2007-11-22 18:15 <DIR> d-------- C:\Program Files\Hardwood Solitaire III
2007-11-15 23:16 . 2007-11-29 00:29 <DIR> d-------- C:\Program Files\RegistryFix
2007-11-12 21:46 . 2007-11-12 21:46 <DIR> d-------- C:\Documents and Settings\lorraine\Application Data\Oberon Media
2007-11-10 19:43 . 2007-11-10 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2007-11-03 20:40 . 2007-11-06 14:08 <DIR> d-------- C:\Program Files\Hawaiian Explorer Pearl Harbor
2007-11-03 18:56 . 2007-11-03 20:05 <DIR> d-------- C:\Program Files\Digital Smoke
2007-11-03 12:12 . 2007-11-03 17:24 <DIR> d-------- C:\Program Files\1503 AD Demo
2007-11-02 19:29 . 2007-11-02 19:29 <DIR> d-------- C:\Program Files\Activision Value
2007-11-02 19:24 . 2007-11-03 12:25 <DIR> d-------- C:\Documents and Settings\darren\Application Data\GetRightToGo
2007-11-02 17:30 . 2007-11-02 19:03 <DIR> d-------- C:\Program Files\El Dorado Quest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 15:32 --------- d-----w C:\Program Files\Dl_cats
2007-12-01 20:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-01 20:32 --------- d-----w C:\Program Files\Virgin Media Games
2007-12-01 01:13 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 22:53 --------- d-----w C:\Documents and Settings\gavin\Application Data\AVG7
2007-11-30 18:00 --------- d-----w C:\Documents and Settings\lorraine\Application Data\PlayFirst
2007-11-30 11:27 --------- d-----w C:\Documents and Settings\lorraine\Application Data\AVG7
2007-11-30 08:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-30 00:21 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-29 21:57 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-29 16:33 --------- d-----w C:\Program Files\MSN Games
2007-11-29 00:05 --------- d-----w C:\Program Files\SpywareGuard
2007-11-28 21:36 --------- d-----w C:\Documents and Settings\darren\Application Data\uTorrent
2007-11-28 20:10 --------- d-----w C:\Documents and Settings\darren\Application Data\AVG7
2007-11-28 19:37 --------- d-----w C:\Program Files\Sports Interactive
2007-11-27 19:11 --------- d-----w C:\Documents and Settings\lorraine\Application Data\uTorrent
2007-11-27 17:47 --------- d-----w C:\Program Files\Oberon Media
2007-11-26 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-26 15:21 --------- d-----w C:\Program Files\Common Files\Real
2007-11-24 22:53 --------- d-----w C:\Documents and Settings\darren\Application Data\Sports Interactive
2007-11-13 17:35 --------- d-----w C:\Program Files\Games
2007-11-12 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Media
2007-11-11 22:24 22,017,865 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-05 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-04 21:26 --------- d-----w C:\Program Files\Activision
2007-10-31 16:47 --------- d-----w C:\Documents and Settings\lorraine\Application Data\EleFun Games
2007-10-31 16:15 --------- d-----w C:\Program Files\MSN Messenger
2007-10-29 20:55 --------- d-----w C:\Program Files\Hoyle Miami Soliaire
2007-10-28 17:32 --------- d-----w C:\Documents and Settings\lorraine\Application Data\GameHouse
2007-10-25 13:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeptunesAdve
2007-10-24 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2007-10-22 20:29 --------- d--h--w C:\Program Files\Zero G Registry
2007-10-21 10:41 --------- d-----w C:\Program Files\BFG
2007-10-19 16:37 --------- d-----w C:\Program Files\Jewel Craft
2007-10-17 13:50 --------- d-----w C:\Program Files\ReflexiveArcade
2007-10-15 15:34 --------- d-----w C:\Documents and Settings\lorraine\Application Data\Abra Academy2
2007-10-14 14:22 --------- d-----w C:\Program Files\RealArcade
2007-10-14 13:28 --------- d-----w C:\Documents and Settings\lorraine\Application Data\Pogo Games
2007-10-10 18:31 --------- d-----w C:\Documents and Settings\lorraine\Application Data\Legends of pirates
2007-10-09 11:39 --------- d-----w C:\Documents and Settings\lorraine\Application Data\funkitron
2007-10-09 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\eGames
2007-10-09 09:12 --------- d-----w C:\Documents and Settings\lorraine\Application Data\eGames
2007-10-07 10:15 --------- d-----w C:\Program Files\Java
2007-10-04 18:09 --------- d-----w C:\Documents and Settings\lorraine\Application Data\ForgottenRiddles
2007-10-03 17:57 --------- d-----w C:\Program Files\Macrogaming
2007-10-02 22:33 --------- d-----w C:\Documents and Settings\gavin\Application Data\VideoEgg
2007-09-06 16:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-08-05 10:12 18,119,542 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_05_04_41_40_full.dmp.zip
2007-08-05 10:11 93,726 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_05_04_41_48_small.dmp.zip
2007-08-05 10:11 121,259 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_05_05_42_28_small.dmp.zip
2007-08-05 10:11 119,644 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_05_04_36_12_small.dmp.zip
2007-08-05 10:11 113,594 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_05_06_20_47_small.dmp.zip
2007-03-24 08:01 39,705,952 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_03_23_20_37_20_full.dmp.zip
2007-03-24 07:55 40,693,034 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_03_23_20_35_48_full.dmp.zip
2007-03-17 00:51 2,062,665 ----a-w C:\Program Files\spywareguardsetup.exe
2007-03-17 00:28 370,312 ----a-w C:\Program Files\jre-6-windows-i586-iftw.exe
2007-03-16 23:57 39,994,008 ----a-w C:\Program Files\zlsSetup_70_302_000_en.exe
2006-12-27 11:18 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-09-21 20:21 1,493,848 ----a-w C:\Program Files\ccsetup133.exe
2006-09-21 19:25 13,714,856 ----a-w C:\Program Files\zlsSetup_65_737_000_en.exe
2006-08-17 13:09 746,600 ----a-w C:\Documents and Settings\lorraine\GDSSetup.exe
2006-08-17 13:09 558,248 ----a-w C:\Documents and Settings\lorraine\GoogleToolbarInstaller.exe
2006-03-16 19:23 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-12-30 20:16 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2002-07-01 14:13 218 --sha-w C:\Documents and Settings\All Users\Application Data\databack.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-28 19:49]
"msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 05:42]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 15:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 23:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 23:30]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2005-04-22 12:45]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 21:41]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 02:24]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-24 10:19]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-24 10:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 10:19]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 08:48 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\gavin\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkhg.dll

S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
S3 memsysdrv;Memory System;\??\C:\WINDOWS\system32\drivers\memsysdrv.sys
S3 s117bus;Sony Ericsson Device 117 driver (WDM);C:\WINDOWS\system32\DRIVERS\s117bus.sys
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s117mdfl.sys
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s117mdm.sys
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s117mgmt.sys
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS);C:\WINDOWS\system32\DRIVERS\s117nd5.sys
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s117obex.sys
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM);C:\WINDOWS\system32\DRIVERS\s117unic.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 20:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-12-02 18:40:15 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-02 00:46:06 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EB691369-3B7E-4FEC-8DBD-E4F5DBADAE91}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2007-11-30 16:00:00 C:\WINDOWS\Tasks\{01446432-928B-40A1-908E-9BDB3AB85981}_D6MMGY1J_darren.job"
- C:\WINDOWS\system32\mobsync.exe
"2007-11-30 16:00:00 C:\WINDOWS\Tasks\{273B9BE8-93E9-474D-A04C-41E352062AAC}_D6MMGY1J_darren.job"
- C:\WINDOWS\system32\mobsync.exeD /Schedule=
"2007-11-30 09:00:05 C:\WINDOWS\Tasks\{AB731211-4554-43DF-9378-5E2E867C2726}_D6MMGY1J_darren.job"
- C:\WINDOWS\system32\mobsync.exe

Edited by HIGHTOWER, 02 December 2007 - 02:11 PM.


#6 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 02 December 2007 - 02:10 PM

HERE IS THE HIJACK THIS LOG ASWELL
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:25, on 02/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20Case%20Files%20-%20Ravenhearst/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Hide%20&%20Secret/Images/stg_drm.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153938927562
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.ex

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 02 December 2007 - 06:02 PM

First make sure Spybot S&Dís protection is still disabled,or it will interfere.

Copy and paste the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktopPosted Image
You'll see a black screen flash,thats normal.

@echo off
sc stop BOONTY
sc delete BOONTY

Restart your pc.

Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\ghkmp.ini

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge the imformation into the registry,then restart your pc.

REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0


Have Hijack This fix the following if still present,by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Restart your pc.

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#8 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 02 December 2007 - 07:12 PM

i am struggling here mate so bare with me as this isnt a strong point but this may be the results your looking for :thumbsup:
File/Folder C:\WINDOWS\system32\ghkmp.ini2 not found.
File/Folder C:\WINDOWS\system32\ghkmp.ini not found.

Created on 12/03/2007 00:04:51
File/Folder C:\avenger.zip not found.
File/Folder C:\Avenger not found.
File/Folder C:\avenger.txt not found.
File/Folder C:\bfu.zip not found.
File/Folder C:\BFU not found.
File/Folder C:\combofix.exe not found.
File/Folder C:\QooBox not found.
C:\ComboFix*.txt moved successfully.
C:\ComboFix*.txt moved successfully.
C:\Documents and Settings\gavin\Desktop\ComboFix*.txt moved successfully.
C:\WINDOWS\ComboFix*.txt moved successfully.
C:\WINDOWS\system32\ComboFix*.txt moved successfully.
C:\WINDOWS\system32\drivers\ComboFix*.txt moved successfully.
File/Folder C:\catchme.exe not found.
File/Folder C:\nircmd.exe not found.
File/Folder C:\swreg.exe not found.
File/Folder C:\Swxcacls.exe not found.
File/Folder C:\Swsc.exe not found.
File/Folder C:\dss.exe not found.
File/Folder C:\Deckard not found.
File/Folder C:\FindAWF.exe not found.
File/Folder C:\AWF.txt not found.
File/Folder C:\fixwareout.exe not found.
File/Folder C:\fixwareout not found.
File/Folder C:\fsbl.exe not found.
C:\fsbl*.log moved successfully.
C:\fsbl*.log moved successfully.
C:\Documents and Settings\gavin\Desktop\fsbl*.log moved successfully.
C:\WINDOWS\fsbl*.log moved successfully.
C:\WINDOWS\system32\fsbl*.log moved successfully.
C:\WINDOWS\system32\drivers\fsbl*.log moved successfully.
File/Folder C:\gmer.exe not found.
File/Folder C:\gmer.dll not found.
File/Folder C:\gmer.ini not found.
File/Folder C:\gmer.log not found.
File/Folder C:\gmer_uninstall.cmd not found.
File/Folder C:\gmer.sys not found.
Unable to delete service gmer.
File/Folder C:\haxfix.exe not found.
File/Folder C:\haxfix.txt not found.
File/Folder C:\killbox.exe not found.
File/Folder C:\!Killbox not found.
File/Folder C:\NoLop.exe not found.
File/Folder C:\NoLop.txt not found.
File/Folder C:\NoLopOLD.txt not found.
File/Folder C:\delete.bat not found.
File move failed. C:\Documents and Settings\gavin\Desktop\OTMoveIt.exe scheduled to be moved on reboot.
File/Folder C:\_OTMoveIt not found.
File/Folder C:\rustbfix.exe not found.
File/Folder C:\Rustbfix not found.
File/Folder C:\sdfix.exe not found.
File/Folder C:\SDFix not found.
File/Folder C:\SmitfraudFix.exe not found.
File/Folder C:\SmitfraudFix not found.
File/Folder C:\rapport.txt not found.
File/Folder C:\SysInsite not found.
File/Folder C:\VundoFix.exe not found.
File/Folder C:\VundoFix Backups not found.
File/Folder C:\vundofix.txt not found.
File/Folder C:\win32delfkil.exe not found.
File/Folder C:\_backupD not found.
File/Folder C:\windelf.txt not found.
File/Folder C:\winpfind.exe not found.
File/Folder C:\WinPfind not found.
File/Folder C:\winpfind3u.exe not found.
File/Folder C:\WinPFind3u not found.
C:\cleanup.txt moved successfully.
File move failed. C:\Documents and Settings\gavin\Desktop\OTMoveIt.exe scheduled to be moved on reboot.

#9 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 02 December 2007 - 07:37 PM

Here is my logfile mate and so far no threats and computer running ok :thumbsup:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:29:01, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20Case%20Files%20-%20Ravenhearst/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Hide%20&%20Secret/Images/stg_drm.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153938927562
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 03 December 2007 - 04:16 AM

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.

Run 'ESET Online Scanner' using Internet Explorer:
http://www.eset.com/onlinescan/
Place a check in the box 'YES,I accept the Terms of Use' after reading.
Then click 'Start'.
Allow the activex control to install.
Then click 'Start' in the 'ESET Online Scanner' window.
Place a check in the box 'Remove found threats'.
Leave the box 'Scan unwanted applications' blank.
Then press 'Scan'.
The scan will take up some time so please be patient.
Once the scan has finished,post the entire contents of the logfile:
C:\Program Files\EsetOnlineScanner\log.txt

Also post a new HijackThis log.
Posted Image
Posted Image

#11 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 03 December 2007 - 03:42 PM

here is the superantispyware log report ritchie
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/03/2007 at 08:23 PM

Application Version : 3.9.1008

Core Rules Database Version : 3353
Trace Rules Database Version: 1352

Scan type : Complete Scan
Total Scan Time : 01:28:42

Memory items scanned : 516
Memory threats detected : 0
Registry items scanned : 9510
Registry threats detected : 24
File items scanned : 58994
File threats detected : 235

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{A6FEA4FF-5A52-4EA0-9159-3CAC8A79F246}
HKCR\CLSID\{A6FEA4FF-5A52-4EA0-9159-3CAC8A79F246}
HKCR\CLSID\{A6FEA4FF-5A52-4EA0-9159-3CAC8A79F246}\InprocServer32
HKCR\CLSID\{A6FEA4FF-5A52-4EA0-9159-3CAC8A79F246}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\AWVTU.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{AB859EC8-32C2-462C-BA18-C9F99EBF7B2A}
HKCR\CLSID\{AB859EC8-32C2-462C-BA18-C9F99EBF7B2A}
HKCR\CLSID\{AB859EC8-32C2-462C-BA18-C9F99EBF7B2A}\InprocServer32
HKCR\CLSID\{AB859EC8-32C2-462C-BA18-C9F99EBF7B2A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKHFG.DLL
HKLM\Software\Classes\CLSID\{FB6F127D-32EC-46A8-9DFE-EC881D081187}
HKCR\CLSID\{FB6F127D-32EC-46A8-9DFE-EC881D081187}
HKCR\CLSID\{FB6F127D-32EC-46A8-9DFE-EC881D081187}\InprocServer32
HKCR\CLSID\{FB6F127D-32EC-46A8-9DFE-EC881D081187}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GEBCA.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{1EB27C5E-3DF4-41E2-B51A-D80F812D561D}

Adware.Tracking Cookie
C:\Documents and Settings\gavin\Cookies\gavin@ad.yieldmanager[1].txt
C:\Documents and Settings\gavin\Cookies\gavin@mediaservices.myspace[1].txt
C:\Documents and Settings\gavin\Cookies\gavin@ads.addynamix[1].txt
C:\Documents and Settings\gavin\Cookies\gavin@ad.uk.tangozebra[1].txt
C:\Documents and Settings\gavin\Cookies\gavin@videoegg.adbureau[1].txt
C:\Documents and Settings\gavin\Cookies\gavin@mediaplex[1].txt
C:\Documents and Settings\gavin\Cookies\gavin@virginmedia[2].txt
C:\Documents and Settings\gavin\Cookies\gavin@advertising[1].txt
C:\Documents and Settings\gavin\Cookies\gavin@www.virginmedia[1].txt
C:\Documents and Settings\gavin\Cookies\gavin@adopt.euroclick[2].txt
C:\Documents and Settings\gavin\Cookies\gavin@counter.hitslink[1].txt
C:\Documents and Settings\gavin\Cookies\gavin@tradedoubler[1].txt
C:\Documents and Settings\darren\Cookies\darren@2.adbrite[1].txt
C:\Documents and Settings\darren\Cookies\darren@2.marketbanker[2].txt
C:\Documents and Settings\darren\Cookies\darren@3.adbrite[2].txt
C:\Documents and Settings\darren\Cookies\darren@ad.yieldmanager[1].txt
C:\Documents and Settings\darren\Cookies\darren@ad1.clickhype[1].txt
C:\Documents and Settings\darren\Cookies\darren@ad1.singersroom[2].txt
C:\Documents and Settings\darren\Cookies\darren@adecn[2].txt
C:\Documents and Settings\darren\Cookies\darren@adopt.specificclick[2].txt
C:\Documents and Settings\darren\Cookies\darren@ads.adbrite[1].txt
C:\Documents and Settings\darren\Cookies\darren@ads.gamershell[2].txt
C:\Documents and Settings\darren\Cookies\darren@ads.gamesbannernet[1].txt
C:\Documents and Settings\darren\Cookies\darren@ads.monster[1].txt
C:\Documents and Settings\darren\Cookies\darren@adultadworld[1].txt
C:\Documents and Settings\darren\Cookies\darren@anat.tacoda[1].txt
C:\Documents and Settings\darren\Cookies\darren@atdmt[2].txt
C:\Documents and Settings\darren\Cookies\darren@azjmp[2].txt
C:\Documents and Settings\darren\Cookies\darren@bs.serving-sys[1].txt
C:\Documents and Settings\darren\Cookies\darren@burstnet[1].txt
C:\Documents and Settings\darren\Cookies\darren@clickaider[1].txt
C:\Documents and Settings\darren\Cookies\darren@clicksor[2].txt
C:\Documents and Settings\darren\Cookies\darren@clicktorrent[1].txt
C:\Documents and Settings\darren\Cookies\darren@cpvfeed[1].txt
C:\Documents and Settings\darren\Cookies\darren@date.ventivmedia[1].txt
C:\Documents and Settings\darren\Cookies\darren@doubleclick[1].txt
C:\Documents and Settings\darren\Cookies\darren@eyewonder[1].txt
C:\Documents and Settings\darren\Cookies\darren@forums.govteen[2].txt
C:\Documents and Settings\darren\Cookies\darren@h.starware[1].txt
C:\Documents and Settings\darren\Cookies\darren@i.screensavers[1].txt
C:\Documents and Settings\darren\Cookies\darren@imrworldwide[2].txt
C:\Documents and Settings\darren\Cookies\darren@interclick[1].txt
C:\Documents and Settings\darren\Cookies\darren@littleteensuckers[1].txt
C:\Documents and Settings\darren\Cookies\darren@mediamgr.ugo[2].txt
C:\Documents and Settings\darren\Cookies\darren@mediamgr.ugo[3].txt
C:\Documents and Settings\darren\Cookies\darren@mediaplex[1].txt
C:\Documents and Settings\darren\Cookies\darren@porno-shack[1].txt
C:\Documents and Settings\darren\Cookies\darren@questionmarket[1].txt
C:\Documents and Settings\darren\Cookies\darren@screensavers[1].txt
C:\Documents and Settings\darren\Cookies\darren@server.cpmstar[1].txt
C:\Documents and Settings\darren\Cookies\darren@server.lon.liveperson[1].txt
C:\Documents and Settings\darren\Cookies\darren@server.lon.liveperson[3].txt
C:\Documents and Settings\darren\Cookies\darren@serving-sys[2].txt
C:\Documents and Settings\darren\Cookies\darren@stat.4u[1].txt
C:\Documents and Settings\darren\Cookies\darren@stats.adbrite[2].txt
C:\Documents and Settings\darren\Cookies\darren@superstats[1].txt
C:\Documents and Settings\darren\Cookies\darren@toplist[1].txt
C:\Documents and Settings\darren\Cookies\darren@trackit.space150[2].txt
C:\Documents and Settings\darren\Cookies\darren@tradedoubler[1].txt
C:\Documents and Settings\darren\Cookies\darren@try.screensavers[1].txt
C:\Documents and Settings\darren\Cookies\darren@try.starware[2].txt
C:\Documents and Settings\darren\Cookies\darren@videoegg.adbureau[2].txt
C:\Documents and Settings\darren\Cookies\darren@www.adultrental[1].txt
C:\Documents and Settings\darren\Cookies\darren@www.burstbeacon[1].txt
C:\Documents and Settings\darren\Cookies\darren@www.googleadservices[1].txt
C:\Documents and Settings\darren\Cookies\darren@www.googleadservices[3].txt
C:\Documents and Settings\darren\Cookies\darren@www.googleadservices[4].txt
C:\Documents and Settings\darren\Cookies\darren@www.googleadservices[5].txt
C:\Documents and Settings\darren\Cookies\darren@www.pstats[1].txt
C:\Documents and Settings\darren\Cookies\darren@www.warezquality[2].txt
C:\Documents and Settings\darren\Cookies\darren@www3.addfreestats[2].txt
C:\Documents and Settings\darren\Cookies\darren@www5.addfreestats[1].txt
C:\Documents and Settings\darren\Cookies\darren@xiti[1].txt
C:\Documents and Settings\darren\Cookies\darren@yadro[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@112.2o7[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@2o7[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@3.adbrite[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@a.websponsors[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@ad.uk.tangozebra[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@ad.yieldmanager[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@ad.zanox[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@ad1.clickhype[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@adecn[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@adopt.specificclick[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@ads.adbrite[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@ads.aol.co[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@ads.gamershell[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@ads.gamesbannernet[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@ads.pointroll[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@ads.revsci[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@adserver.virginmedia[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@adultfriendfinder[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@advertising[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@allyours.virginmedia[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@amlocalhost.trymedia[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@anad.tacoda[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@anat.tacoda[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@aoluk.122.2o7[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@atdmt[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@atwola[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@boards.virginmedia[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@bs.serving-sys[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@burstnet[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@clickaider[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@clicktorrent[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@crackmuzik-gfx-elite[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@cz5.clickzs[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@date.ventivmedia[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@doubleclick[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@eas.apm.emediate[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@edge.ru4[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@enhance[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@exitexchange[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@forums.virginmedia[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@gamecenter.oberon-media[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@gostats[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@h.starware[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@help2.virginmedia[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@hornymatches[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@imrworldwide[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@inrihcmedia[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@interclick[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@ipt.advertserve[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@login.tracking101[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@m1.webstats.motigo[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@mediamax[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@mediaplex[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@playgames.virginmedia[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@porno-shack[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@reduxads.valuead[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@richmedia.yahoo[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@rss1.mediafed[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@search.virginmedia[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@server.cpmstar[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@server.lon.liveperson[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@server.lon.liveperson[3].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@serving-sys[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@smartweb.advertserve[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@soaps.virginmedia[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@statcounter[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@stats.channel4[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@stats2.reliablestats[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@statsgod[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@toplist[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@tracking.summitmedia.co[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@tradedoubler[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@try.starware[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@tvguide.virginmedia[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@usenext[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@videoegg.adbureau[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@virginmedia.uk.shopping[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@virginmedia[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@windowsmedia[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.3dstats[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.addfreestats[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.burstbeacon[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.clash-media[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.clickxchange[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.football.virginmedia[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.gamesbanner[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.googleadservices[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.googleadservices[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.googleadservices[3].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.googleadservices[4].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.googleadservices[5].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.googleadservices[6].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.googleadservices[9].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.virginmedia[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www.zanox-affiliate[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www3.addfreestats[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@www4.addfreestats[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@xiti[1].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@yadro[2].txt
C:\Documents and Settings\lorraine\Cookies\lorraine@zedo[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@ad.zanox[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@adecn[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@ads.adbrite[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@ads.mand8[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@adultadworld[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@advertlets[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@azjmp[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@click.payserve[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@clickthrough.wegcash[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@counter.surfcounters[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@cz4.clickzs[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@free.wegcash[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@hotteensclub[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@hqxxxp[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@image.masterstats[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@imrworldwide[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@myfirstsexteacher[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@newmediadriver[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@porno-shack[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@pornstarslikeitbig[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@precisionclick[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@secure.dhdmedia[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@server.cpmstar[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@sexintheuk[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@smileycentral[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@stat.easydate[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@stats.rabilix[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@stats4.clicktracks[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@tizer.mediarotator[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@tour.pornstarslikeitbig[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@uporn[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@windowsmedia[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.adultrental[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.bravoteens[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.bravoteens[3].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.clash-media[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.finalteens[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.googleadservices[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.googleadservices[5].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.hqxxxp[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.sa-sex[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.sexintheuk[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.sexool[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.teenshunter[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.teensjob[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@www.xxxpanded[2].txt
C:\Documents and Settings\ricki\Cookies\ricki@www3.addfreestats[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@xiti[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@xxxpanded[1].txt
C:\Documents and Settings\ricki\Cookies\ricki@yadro[2].txt

Adware.180solutions/ZangoSearch
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SAIX.dll#{DECEAAA2-370A-49BB-9362-68C3A58DDC62}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\SAIX.dll [  ]

Adware.Zango Toolbar/Hb
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\InprocServer32
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\InprocServer32#ThreadingModel
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\ProgID
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\Programmable
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\TypeLib
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}\VersionIndependentProgID

Adware.IWinGames
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP273\A0245448.DLL

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP277\A0249934.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0253513.DLL

Trojan.Downloader-Gen/BigTkt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP280\A0252337.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP280\A0252338.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP280\A0252339.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP280\A0252340.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\XYBEG.I

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 03 December 2007 - 05:52 PM

Thanks,now carry on at the ESET Online Scanner instructions please.
Posted Image
Posted Image

#13 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 03 December 2007 - 07:27 PM

Here is hijack this logfile mate
gfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:22:07, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20Case%20Files%20-%20Ravenhearst/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Hide%20&%20Secret/Images/stg_drm.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153938927562
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13315 bytes

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 03 December 2007 - 08:18 PM

I got your PM,please run the following:
Please run this online virus scan:Activescan using Internet Explorer.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes,click the See Report button, then Save Report, and save it to your desktop.
Copy and paste the contents of that report in your next reply.
Posted Image
Posted Image

#15 HIGHTOWER

HIGHTOWER
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 04 December 2007 - 05:34 PM

Here is the activescan log report mate
Incident Status Location

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\darren\Cookies\darren@888[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\darren\Cookies\darren@errorsafe[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\darren\Cookies\darren@www.errorsafe[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\gavin\Cookies\gavin@ad.yieldmanager[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\gavin\Cookies\gavin@advertising[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\gavin\Cookies\gavin@statcounter[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\gavin\Cookies\gavin@tradedoubler[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\lorraine\Cookies\lorraine@112.2o7[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\lorraine\Cookies\lorraine@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\lorraine\Cookies\lorraine@ad.yieldmanager[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\lorraine\Cookies\lorraine@advertising[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\lorraine\Cookies\lorraine@anm.co[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\lorraine\Cookies\lorraine@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\lorraine\Cookies\lorraine@doubleclick[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\lorraine\Cookies\lorraine@int.sitestat[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\lorraine\Cookies\lorraine@int.sitestat[3].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\lorraine\Cookies\lorraine@web.tickle[1].txt
Hacktool:HackTool/KillProcWin.A Not disinfected C:\Documents and Settings\lorraine\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat[simple_killw.exe]
Spyware:Cookie/217.73.66.16 Not disinfected C:\Documents and Settings\ricki\Cookies\ricki@217.73.66[2].txt
Adware:Adware/SweetBar Not disinfected C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
Virus:Trj/Keylog.LH




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users