Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Possibly Infected With Adware, Malware, And Other Viruses.


  • This topic is locked This topic is locked
28 replies to this topic

#1 Vile

Vile

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 23 December 2007 - 03:52 PM

Help would be greatly appreciated in minimalizing this problem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:32 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
F:\New Folder\Alcohol 120 -\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\service.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\DOCUME~1\DILLON~1\APPLIC~1\SSTEM~1\nopdb.exe
C:\Documents and Settings\Dillon Williams\Application Data\M?crosoft\ping.exe
C:\Program Files\Router\Router.exe
C:\Program Files\QdrPack\QdrPack11.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MTV Networks\VOpt\MTVOptTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MTV Networks\VOpt\MTVOptQueue.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/Login?partne...llsbc.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defa.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [b4bb10c4] rundll32.exe "C:\WINDOWS\system32\hpmvtxic.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [SpyDefender Shield] "C:\Program Files\SpyDefender Pro\SpyDefender.exe" --scan2
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\DILLON~1\APPLIC~1\SSTEM~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [Kgerrseh] "C:\Documents and Settings\Dillon Williams\Application Data\M?crosoft\ping.exe"
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MTV Networks Video Optimizer.lnk = C:\Program Files\MTV Networks\VOpt\MTVOptTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?ff93afadc6f7420a954ec6717d059d88
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?ff93afadc6f7420a954ec6717d059d88
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02b.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://streak.fimc.net:8000/Java/cfs31229.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2329c596b8a53e...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120946552093
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123968898653
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://hollagram.bet.com/hostClientIE.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ise/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.21.1/ttinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O16 - DPF: {F76DF680-EC17-4272-B1C7-CDB2641FA20B} (KB836528 Object) - http://microsoft.com/security/controls/DoomChk.CAB
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\New Folder\Alcohol 120 -\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\profsy.html

--
End of file - 13814 bytes



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:04 AM

Posted 24 December 2007 - 05:30 PM

Hello Vile

I am SifuMike and I will be helping you. :thumbsup:

Any idea where you go whataboutadog from?

Whether or not it's helpful, we're interested in knowing where it came from so that we can get it ourselves. We need to further analyze this infection. We've had reports of users becoming infected while looking for Vanessa Anne Hudgens pics.


Download FindAWF:
http://noahdfear.net/downloads/FindAWF.exe
Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced that we need to look at.
Please post it in your reply.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Vile

Vile
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 24 December 2007 - 10:30 PM

Not sure where I obtained whataboutadog from exactly. Anyway, as I had started the scan, I got a popup looking like this:

Posted Image


End Scan Report:

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Mon 12/24/2007
The current time is: 21:04:33.64


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report



#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:04 AM

Posted 24 December 2007 - 11:00 PM

Hi Vile,

You are probably missing the autoexec.nt in your system32 folder
There should be a copy in the C:\Windows\repair folder that can be copied and Pasted to c:\Windows\system32 folder.

Sometimes, config.nt will also be missing from the C:\Windows\system32 folder too.
There should be a copy of it in the C:\Windows\repair folder also.
If it too is missing, then copy and paste to your c:\Windows\system\32 folder.


Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders' and deselect (uncheck) 'hide protected operating system files (recommended)'.



After you copy and paste those two files into the c:\Windows\system\32, then run FindAWF with option 1 and it should work.

Edited by SifuMike, 24 December 2007 - 11:00 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Vile

Vile
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 24 December 2007 - 11:49 PM

Scan results:

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Mon 12/24/2007
The current time is: 22:18:19.37


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DIGSTR~1\BAK

05/18/2005 01:49 PM 282,624 digstream.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

10/18/2005 11:58 AM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

08/19/2003 04:43 AM 57,344 lxbkbmgr.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\MIFB84~1\BAK

06/03/2004 02:50 AM 204,800 point32.exe
1 File(s) 204,800 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/06/2005 03:55 PM 77,824 qttask.exe
1 File(s) 77,824 bytes

Directory of C:\PROGRA~1\WI4DF6~1\BAK

10/06/2005 06:12 PM 368,128 WMCCFG.exe
1 File(s) 368,128 bytes

Directory of C:\WINDOWS\KDX\BAK

01/20/2004 10:45 AM 1,757,184 KHost.exe
1 File(s) 1,757,184 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/14/2002 05:22 PM 28,672 DSentry.exe
08/20/2002 09:29 AM 40,960 ezSP_Px.exe
09/03/2002 10:39 AM 358,912 regscan.exe
3 File(s) 428,544 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

12/21/2004 02:26 PM 32,768 cli.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

07/19/2003 08:10 PM 335,872 atiptaxx.exe
1 File(s) 335,872 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

03/23/2006 03:43 PM 53,408 ccApp.exe
1 File(s) 53,408 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

07/26/2007 06:51 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\THEWEA~1\DESKTO~1\BAK

04/19/2006 08:30 AM 728,176 DesktopWeather.exe
1 File(s) 728,176 bytes

Directory of C:\PROGRA~1\VALVE\STEAM\BAK

10/21/2007 12:29 PM 1,271,032 Steam.exe
1 File(s) 1,271,032 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

12/26/2003 03:57 PM 1,531,904 ypager.exe
1 File(s) 1,531,904 bytes

Directory of C:\WINDOWS\IME\IMJP8_1\BAK

08/03/2004 11:31 PM 208,952 IMJPMIG.EXE
1 File(s) 208,952 bytes

Directory of C:\WINDOWS\IME\IMKR6_1\BAK

08/29/2002 04:00 AM 44,032 IMEKRMIG.EXE
1 File(s) 44,032 bytes

Directory of C:\PROGRA~1\COMMON~1\DELL\EUSW\BAK

06/24/2003 09:46 AM 245,760 Support.exe
1 File(s) 245,760 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

12/27/2004 04:24 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\CREATIVE\SBLIVE\DIAGNO~1\BAK

04/03/2002 12:01 AM 135,264 diagent.exe
1 File(s) 135,264 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~3.0_0\BIN\BAK

07/26/2006 02:03 AM 49,263 jusched.exe
1 File(s) 49,263 bytes


12/17/2002 11:28 AM 684,032 DirectCD.exe
1 File(s) 684,032 bytes

Directory of C:\PROGRA~1\SBCYAH~1\CONNEC~1\IPINSI~1\BAK

08/19/2002 10:12 AM 98,304 IPMon32.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\MSNAPP~1\UPDATER\010230~1.100\EN-US\BAK

08/13/2004 04:41 PM 86,016 msnappau.exe
1 File(s) 86,016 bytes

Directory of C:\DOCUME~1\USER~1\LOCALS~1\TEMP\SBCCMAN\SPRT\VAULT\NE\NETWOR~1.BAK

07/19/2002 12:12 AM 1,061 2196_556c29a5c_
1 File(s) 1,061 bytes

Directory of C:\DOCUME~1\USER~1\LOCALS~1\TEMP\SBCCMAN\SPRT\VAULT\WI\WIRING~1.BAK

07/19/2002 12:12 AM 125 40_5357ad65e_
07/19/2002 12:12 AM 128 41_5bc212c48_
2 File(s) 253 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

26636 Oct 21 2007 "C:\Program Files\DIGStream\digstream.exe"
282624 May 18 2005 "C:\Program Files\DIGStream\bak\digstream.exe"
26636 Oct 21 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Oct 18 2005 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
278528 Oct 18 2005 "C:\Documents and Settings\UserName\My Documents\iTunes\iTunesHelper.exe"
278528 Oct 18 2005 "F:\iTunes\iTunesHelper.exe"
26636 Oct 21 2007 "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
57344 Aug 19 2003 "C:\Program Files\Lexmark X1100 Series\bak\lxbkbmgr.exe"
26636 Oct 21 2007 "C:\Program Files\Microsoft IntelliPoint\point32.exe"
204800 Jun 3 2004 "C:\Program Files\Microsoft IntelliPoint\bak\point32.exe"
26636 Oct 21 2007 "C:\Program Files\QuickTime\qttask.exe"
77824 Dec 6 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
26636 Oct 21 2007 "C:\Program Files\Windows Media Connect 2\WMCCFG.exe"
368128 Oct 6 2005 "C:\Program Files\Windows Media Connect 2\bak\WMCCFG.exe"
26636 Oct 21 2007 "C:\WINDOWS\kdx\KHost.exe"
1757184 Jan 20 2004 "C:\WINDOWS\kdx\bak\KHost.exe"
26636 Oct 21 2007 "C:\WINDOWS\SYSTEM32\DSentry.exe"
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe"
40960 Aug 20 2002 "C:\WINDOWS\SYSTEM32\ezSP_Px.exe"
40960 Aug 20 2002 "C:\WINDOWS\SYSTEM32\bak\ezSP_Px.exe"
26636 Oct 21 2007 "C:\WINDOWS\SYSTEM32\regscan.exe"
358912 Sep 3 2002 "C:\WINDOWS\SYSTEM32\bak\regscan.exe"
26636 Oct 21 2007 "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"
32768 Dec 21 2004 "C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe"
26636 Oct 21 2007 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
335872 Jul 19 2003 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
53408 Mar 23 2006 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
52896 Jan 11 2006 "C:\Documents and Settings\UserName\Local Settings\Temp\NAV 12.2.0.13\Support\ccCommon\ccCommon\ccApp.exe"
52272 Feb 2 2007 "C:\Program Files\Google\googletoolbar4user.exe"
434241 Jun 25 2005 "C:\Program Files\Google\Google Earth Plus\GoogleEarth.exe"
27152 Oct 10 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
10562512 Jun 29 2005 "C:\Documents and Settings\UserName\My Documents\HTML\GoogleEarth.exe"
138168 Feb 2 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Jul 26 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
26636 Oct 21 2007 "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
728176 Apr 19 2006 "C:\Program Files\The Weather Channel FW\Desktop Weather\bak\DesktopWeather.exe"
26636 Oct 21 2007 "C:\Program Files\Valve\Steam\Steam.exe"
1271032 Oct 21 2007 "C:\Program Files\Valve\Steam\bak\Steam.exe"
1249280 Aug 12 2005 "F:\New Folder\Valve\Steam\Steam.exe"
27152 Oct 10 2007 "C:\Program Files\Yahoo!\Messenger\ypager.exe"
1531904 Dec 26 2003 "C:\Program Files\Yahoo!\Messenger\bak\ypager.exe"
208952 Aug 3 2004 "C:\WINDOWS\IME\IMJP8_1\imjpmig.exe"
208952 Aug 3 2004 "C:\WINDOWS\IME\IMJP8_1\bak\IMJPMIG.EXE"
44032 Aug 29 2002 "C:\WINDOWS\IME\IMKR6_1\imekrmig.exe"
44032 Aug 29 2002 "C:\WINDOWS\IME\IMKR6_1\bak\IMEKRMIG.EXE"
26636 Oct 21 2007 "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
77824 May 27 2004 "C:\Program Files\Dell\Support\bin\Support.exe"
245760 Jun 24 2003 "C:\Program Files\Common Files\Dell\EUSW\bak\Support.exe"
323584 May 27 2004 "C:\Documents and Settings\All Users\Application Data\Dell\Alert\492\Support.exe"
26636 Oct 21 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Dec 27 2004 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
26636 Oct 21 2007 "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe"
135264 Apr 3 2002 "C:\Program Files\Creative\SBLive\Diagnostics\bak\diagent.exe"
32881 Sep 28 2004 "C:\Facade\util\j2re1.4.2_06\bin\jusched.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
26636 Oct 21 2007 "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
49263 Jul 26 2006 "C:\Program Files\Java\jre1.5.0_08\bin\bak\jusched.exe"
26636 Oct 21 2007 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
684032 Dec 17 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
26636 Oct 21 2007 "C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\IPMon32.exe"
98304 Aug 19 2002 "C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak\IPMon32.exe"
26636 Oct 21 2007 "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
86016 Aug 13 2004 "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\bak\msnappau.exe"
1061 Jul 19 2002 "C:\Documents and Settings\UserName\Local Settings\Temp\SBCCMAN\SPRT\vault\ne\networkinterfacecardtestfailure.htm.bak\2196_556c29a5c_"
125 Jul 19 2002 "C:\Documents and Settings\UserName\Local Settings\Temp\SBCCMAN\SPRT\vault\wi\wiring.htm.bak\40_5357ad65e_"
124 Jul 19 2002 "C:\Documents and Settings\UserName\Local Settings\Temp\SBCCMAN\SPRT\vault\wi\wiring.htm\41_5bc212c48_"
128 Jul 19 2002 "C:\Documents and Settings\UserName\Local Settings\Temp\SBCCMAN\SPRT\vault\wi\wiring.htm.bak\41_5bc212c48_"


end of report



#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:04 AM

Posted 25 December 2007 - 12:49 AM

Hi Vile,

Looks like you have had this AWF infection for about two months.


Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\Program Files\DIGStream\bak\digstream.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Lexmark X1100 Series\bak\lxbkbmgr.exe"
"C:\Program Files\Microsoft IntelliPoint\bak\point32.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\Windows Media Connect 2\bak\WMCCFG.exe"
"C:\WINDOWS\kdx\bak\KHost.exe"
"C:\WINDOWS\SYSTEM32\bak\DSentry.exe"
"C:\WINDOWS\SYSTEM32\bak\ezSP_Px.exe"
"C:\WINDOWS\SYSTEM32\bak\regscan.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe"
"C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
"C:\Program Files\The Weather Channel FW\Desktop Weather\bak\DesktopWeather.exe"
"C:\Program Files\Valve\Steam\bak\Steam.exe"
"C:\Program Files\Yahoo!\Messenger\bak\ypager.exe"
"C:\WINDOWS\IME\IMJP8_1\bak\IMJPMIG.EXE"
"C:\WINDOWS\IME\IMKR6_1\bak\IMEKRMIG.EXE"
"C:\Program Files\Common Files\Dell\EUSW\bak\Support.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Creative\SBLive\Diagnostics\bak\diagent.exe"
"C:\Program Files\Java\jre1.5.0_08\bin\bak\jusched.exe"
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
"C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak\IPMon32.exe"
"C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\bak\msnappau.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please be patient, as it may take 15 or more minutes.

Please provide the new FindAWF log in your reply. Please do NOT put your logs in quote boxes as that makes them hard to read.

Edited by SifuMike, 25 December 2007 - 12:49 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Vile

Vile
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 25 December 2007 - 01:52 AM

Log:



Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Tue 12/25/2007
The current time is: 0:25:45.92


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DIGSTR~1\BAK

05/18/2005 01:49 PM 282,624 digstream.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

10/18/2005 11:58 AM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

08/19/2003 04:43 AM 57,344 lxbkbmgr.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\MIFB84~1\BAK

06/03/2004 02:50 AM 204,800 point32.exe
1 File(s) 204,800 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/06/2005 03:55 PM 77,824 qttask.exe
1 File(s) 77,824 bytes

Directory of C:\PROGRA~1\WI4DF6~1\BAK

10/06/2005 06:12 PM 368,128 WMCCFG.exe
1 File(s) 368,128 bytes

Directory of C:\WINDOWS\KDX\BAK

01/20/2004 10:45 AM 1,757,184 KHost.exe
1 File(s) 1,757,184 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/14/2002 05:22 PM 28,672 DSentry.exe
08/20/2002 09:29 AM 40,960 ezSP_Px.exe
09/03/2002 10:39 AM 358,912 regscan.exe
3 File(s) 428,544 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK

12/21/2004 02:26 PM 32,768 cli.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

07/19/2003 08:10 PM 335,872 atiptaxx.exe
1 File(s) 335,872 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

03/23/2006 03:43 PM 53,408 ccApp.exe
1 File(s) 53,408 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

07/26/2007 06:51 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\THEWEA~1\DESKTO~1\BAK

04/19/2006 08:30 AM 728,176 DesktopWeather.exe
1 File(s) 728,176 bytes

Directory of C:\PROGRA~1\VALVE\STEAM\BAK

10/21/2007 12:29 PM 1,271,032 Steam.exe
1 File(s) 1,271,032 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

12/26/2003 03:57 PM 1,531,904 ypager.exe
1 File(s) 1,531,904 bytes

Directory of C:\WINDOWS\IME\IMJP8_1\BAK

08/03/2004 11:31 PM 208,952 IMJPMIG.EXE
1 File(s) 208,952 bytes

Directory of C:\WINDOWS\IME\IMKR6_1\BAK

08/29/2002 04:00 AM 44,032 IMEKRMIG.EXE
1 File(s) 44,032 bytes

Directory of C:\PROGRA~1\COMMON~1\DELL\EUSW\BAK

06/24/2003 09:46 AM 245,760 Support.exe
1 File(s) 245,760 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

12/27/2004 04:24 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\CREATIVE\SBLIVE\DIAGNO~1\BAK

04/03/2002 12:01 AM 135,264 diagent.exe
1 File(s) 135,264 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~3.0_0\BIN\BAK

07/26/2006 02:03 AM 49,263 jusched.exe
1 File(s) 49,263 bytes


12/17/2002 11:28 AM 684,032 DirectCD.exe
1 File(s) 684,032 bytes

Directory of C:\PROGRA~1\SBCYAH~1\CONNEC~1\IPINSI~1\BAK

08/19/2002 10:12 AM 98,304 IPMon32.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\MSNAPP~1\UPDATER\010230~1.100\EN-US\BAK

08/13/2004 04:41 PM 86,016 msnappau.exe
1 File(s) 86,016 bytes

Directory of C:\DOCUME~1\USER~1\LOCALS~1\TEMP\SBCCMAN\SPRT\VAULT\NE\NETWOR~1.BAK

07/19/2002 12:12 AM 1,061 2196_556c29a5c_
1 File(s) 1,061 bytes

Directory of C:\DOCUME~1\USER~1\LOCALS~1\TEMP\SBCCMAN\SPRT\VAULT\WI\WIRING~1.BAK

07/19/2002 12:12 AM 125 40_5357ad65e_
07/19/2002 12:12 AM 128 41_5bc212c48_
2 File(s) 253 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

282624 May 18 2005 "C:\Program Files\DIGStream\digstream.exe"
282624 May 18 2005 "C:\Program Files\DIGStream\bak\digstream.exe"
278528 Oct 18 2005 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Oct 18 2005 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
278528 Oct 18 2005 "C:\Documents and Settings\UserName\My Documents\iTunes\iTunesHelper.exe"
278528 Oct 18 2005 "F:\iTunes\iTunesHelper.exe"
57344 Aug 19 2003 "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
57344 Aug 19 2003 "C:\Program Files\Lexmark X1100 Series\bak\lxbkbmgr.exe"
204800 Jun 3 2004 "C:\Program Files\Microsoft IntelliPoint\point32.exe"
204800 Jun 3 2004 "C:\Program Files\Microsoft IntelliPoint\bak\point32.exe"
77824 Dec 6 2005 "C:\Program Files\QuickTime\qttask.exe"
77824 Dec 6 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
368128 Oct 6 2005 "C:\Program Files\Windows Media Connect 2\WMCCFG.exe"
368128 Oct 6 2005 "C:\Program Files\Windows Media Connect 2\bak\WMCCFG.exe"
1757184 Jan 20 2004 "C:\WINDOWS\kdx\KHost.exe"
1757184 Jan 20 2004 "C:\WINDOWS\kdx\bak\KHost.exe"
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\DSentry.exe"
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe"
40960 Aug 20 2002 "C:\WINDOWS\SYSTEM32\ezSP_Px.exe"
40960 Aug 20 2002 "C:\WINDOWS\SYSTEM32\bak\ezSP_Px.exe"
358912 Sep 3 2002 "C:\WINDOWS\SYSTEM32\regscan.exe"
358912 Sep 3 2002 "C:\WINDOWS\SYSTEM32\bak\regscan.exe"
32768 Dec 21 2004 "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"
32768 Dec 21 2004 "C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe"
335872 Jul 19 2003 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
335872 Jul 19 2003 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
53408 Mar 23 2006 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
53408 Mar 23 2006 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
52896 Jan 11 2006 "C:\Documents and Settings\UserName\Local Settings\Temp\NAV 12.2.0.13\Support\ccCommon\ccCommon\ccApp.exe"
52272 Feb 2 2007 "C:\Program Files\Google\googletoolbar4user.exe"
434241 Jun 25 2005 "C:\Program Files\Google\Google Earth Plus\GoogleEarth.exe"
68856 Jul 26 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
10562512 Jun 29 2005 "C:\Documents and Settings\UserName\My Documents\HTML\GoogleEarth.exe"
138168 Feb 2 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Jul 26 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
728176 Apr 19 2006 "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
728176 Apr 19 2006 "C:\Program Files\The Weather Channel FW\Desktop Weather\bak\DesktopWeather.exe"
1271032 Oct 21 2007 "C:\Program Files\Valve\Steam\Steam.exe"
1271032 Oct 21 2007 "C:\Program Files\Valve\Steam\bak\Steam.exe"
1249280 Aug 12 2005 "F:\New Folder\Valve\Steam\Steam.exe"
1531904 Dec 26 2003 "C:\Program Files\Yahoo!\Messenger\ypager.exe"
1531904 Dec 26 2003 "C:\Program Files\Yahoo!\Messenger\bak\ypager.exe"
208952 Aug 3 2004 "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE"
208952 Aug 3 2004 "C:\WINDOWS\IME\IMJP8_1\bak\IMJPMIG.EXE"
44032 Aug 29 2002 "C:\WINDOWS\IME\IMKR6_1\IMEKRMIG.EXE"
44032 Aug 29 2002 "C:\WINDOWS\IME\IMKR6_1\bak\IMEKRMIG.EXE"
245760 Jun 24 2003 "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
77824 May 27 2004 "C:\Program Files\Dell\Support\bin\Support.exe"
245760 Jun 24 2003 "C:\Program Files\Common Files\Dell\EUSW\bak\Support.exe"
323584 May 27 2004 "C:\Documents and Settings\All Users\Application Data\Dell\Alert\492\Support.exe"
180269 Dec 27 2004 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Dec 27 2004 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
135264 Apr 3 2002 "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe"
135264 Apr 3 2002 "C:\Program Files\Creative\SBLive\Diagnostics\bak\diagent.exe"
32881 Sep 28 2004 "C:\Facade\util\j2re1.4.2_06\bin\jusched.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Jul 26 2006 "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
49263 Jul 26 2006 "C:\Program Files\Java\jre1.5.0_08\bin\bak\jusched.exe"
684032 Dec 17 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
684032 Dec 17 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe"
98304 Aug 19 2002 "C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\IPMon32.exe"
98304 Aug 19 2002 "C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak\IPMon32.exe"
86016 Aug 13 2004 "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
86016 Aug 13 2004 "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\bak\msnappau.exe"
1061 Jul 19 2002 "C:\Documents and Settings\UserName\Local Settings\Temp\SBCCMAN\SPRT\vault\ne\networkinterfacecardtestfailure.htm.bak\2196_556c29a5c_"
125 Jul 19 2002 "C:\Documents and Settings\UserName\Local Settings\Temp\SBCCMAN\SPRT\vault\wi\wiring.htm.bak\40_5357ad65e_"
124 Jul 19 2002 "C:\Documents and Settings\UserName\Local Settings\Temp\SBCCMAN\SPRT\vault\wi\wiring.htm\41_5bc212c48_"
128 Jul 19 2002 "C:\Documents and Settings\UserName\Local Settings\Temp\SBCCMAN\SPRT\vault\wi\wiring.htm.bak\41_5bc212c48_"


end of report

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:04 AM

Posted 25 December 2007 - 12:58 PM

Hi Vile,

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Reboot your computer <==== Important :blink:




Please double-click the FindAWF icon once again
This time we are going to remove some folders.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\DIGStream\bak
C:\Program Files\iTunes\bak
C:\Program Files\Lexmark X1100 Series\bak
C:\Program Files\Microsoft IntelliPoint\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Windows Media Connect 2\bak
C:\WINDOWS\kdx\bak
C:\WINDOWS\SYSTEM32\bak
C:\Program Files\ATI Technologies\ATI.ACE\bak
C:\Program Files\ATI Technologies\ATI Control Panel\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\The Weather Channel FW\Desktop Weather\bak
C:\Program Files\Valve\Steam\bak
C:\Program Files\Yahoo!\Messenger\bak
C:\WINDOWS\IME\IMJP8_1\bak
C:\WINDOWS\IME\IMKR6_1\bak
C:\Program Files\Common Files\Dell\EUSW\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Creative\SBLive\Diagnostics\bak
C:\Program Files\Java\jre1.5.0_08\bin\bak
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak
C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log in your reply. Please do not attach the log, as that makes it hard to read.

Merry Christmas! :thumbsup:

Edited by SifuMike, 25 December 2007 - 12:59 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Vile

Vile
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 25 December 2007 - 02:02 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Tue 12/25/2007
The current time is: 12:46:50.57


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/14/2002 05:22 PM 28,672 DSentry.exe
1 File(s) 28,672 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\DSentry.exe"
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe"


end of report

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:04 AM

Posted 25 December 2007 - 02:17 PM

Hi Vile,

Still have one file to get rid of. :thumbsup:

Please double-click the FindAWF icon once again
This time we are going to remove some folders.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\WINDOWS\SYSTEM32\bak

Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log in your reply. Please do not attach the log, as that makes it hard to read.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Vile

Vile
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 25 December 2007 - 02:50 PM

Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Tue 12/25/2007
The current time is: 13:38:18.31


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/14/2002 05:22 PM 28,672 DSentry.exe
1 File(s) 28,672 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\DSentry.exe"
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe"


end of report



Merry Christmas to you too, Mike.

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:04 AM

Posted 25 December 2007 - 02:53 PM

Hi Vile,

We will have to remove the file manually. :blink:

Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders' and deselect (uncheck) 'hide protected operating system files (recommended)'.


C:\WINDOWS\SYSTEM32\bak <== folder Be very careful to only remove the bak folder.

Run FindAWF with option 1 and post the log. Hopefully the bak folder will be gone. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 Vile

Vile
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 25 December 2007 - 03:08 PM

Find AWF report by noahdfear 2006
Version 1.40

The current date is: Tue 12/25/2007
The current time is: 14:03:28.64


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:04 AM

Posted 25 December 2007 - 03:25 PM

Hi Vile,

Double-click the FindAWF icon once again.
Use the following option: Press 4 then Enter to reset domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

Looks like the AWF infection is gone, but you are still infected with other malware.



Let's run ComboFix.

Are your running an Antivirus program? If so then please disable it, as ComboFix will not run properly if you have it enables.
If you dont have an antivirus, then see the last paragraph below.


I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer during HijackThis Cleanup
When everything is done and your log is clean again, you can enable it again.

Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.



You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


If you have used Combofix before, please delete the version you have and redownload it again, because Combofix is being updated everyday.

Disconnect from the Internet while running ComboFix.

Temporarily disable any anti-virus and anti-malware real-time protection before performing a scan.
They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.



1. Download this file - combofix.exe to your Desktop.
Note:
It is important that it is saved directly to your desktop

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post the ComboFix log and a fresh Hijackthis log in your next reply.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
Do NOT run ComboFix more than once.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Do not run Combofix more than once.
In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.



If you dont have an antivirus program then download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

Edited by SifuMike, 25 December 2007 - 03:34 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 Vile

Vile
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 25 December 2007 - 04:45 PM

I did run the scan, but I unfortunately didn't see your snippet about Teatimer. Here are the results:

ComboFix 07-12-21.4 - UserName 2007-12-25 14:36:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1230 [GMT -6:00]
Running from: C:\Documents and Settings\UserName\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\UserName\Application Data\MCROSO~1
C:\Documents and Settings\UserName\Application Data\MCROSO~1\ping.exe
C:\Documents and Settings\UserName\Application Data\SSTEM~1
C:\Documents and Settings\UserName\Application Data\SSTEM~1\nopdb.exe
C:\Documents and Settings\UserName\Application Data\SSTEM~1\s?stem\
C:\Documents and Settings\UserName\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\UserName\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\UserName\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\UserName\Start Menu\Programs\Outerinfo
C:\Documents and Settings\UserName\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\UserName\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Messenger\profsy.html
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive8.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack11.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1193953507.old
C:\Program Files\WinBudget\bin\crap.1194734167.old
C:\Program Files\WinBudget\bin\crap.1195952375.old
C:\Program Files\WinBudget\bin\crap.1197771435.old
C:\Program Files\WinBudget\bin\crap.1198384962.old
C:\Program Files\WinBudget\bin\matrix.dat
C:\Program Files\WinBudget\bin\matrix.dll
C:\Program Files\WinBudget\bin\matrix.dll.1194734165.old
C:\Program Files\WinBudget\bin\matrix.dll.1195952374.old
C:\Program Files\WinBudget\bin\matrix.dll.1197771434.old
C:\Program Files\WinBudget\bin\matrix.dll.1198384961.old
C:\WINDOWS\b111.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\system32\~.exe
C:\WINDOWS\SYSTEM32\cixtvmph.ini
C:\WINDOWS\system32\ddvvmhir.dll
C:\WINDOWS\SYSTEM32\hhhkj.ini
C:\WINDOWS\SYSTEM32\hhhkj.ini2
C:\WINDOWS\system32\hpmvtxic.dll
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\jknfbfkv.dll
C:\WINDOWS\system32\lhwbwvvt.dll
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\regscan.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\ugtsklqv.dll
C:\WINDOWS\system32\wtssvtr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 )))))))))))))))))))))))))))))))
.

2007-12-24 22:17 . 2002-08-29 04:00 1,688 --a------ C:\WINDOWS\SYSTEM32\AUTOEXEC.NT
2007-12-24 21:06 . 2007-12-24 21:06 <DIR> d-------- C:\Documents and Settings\UserName\Application Data\Yahoo!
2007-12-23 14:36 . 2007-12-23 14:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-23 14:13 . 2007-12-25 15:16 606,240 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2007-12-23 14:13 . 2007-12-25 15:13 9,176 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2007-12-23 14:11 . 2007-12-23 14:11 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2007-12-23 14:08 . 2007-12-23 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-23 14:08 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-12-23 14:08 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll
2007-12-23 14:08 . 2007-12-23 14:11 4,212 --ah----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2007-12-23 14:06 . 2007-12-25 15:09 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-12-22 20:12 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\RkPavProc.sys
2007-12-22 19:57 . 2007-12-22 20:12 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-22 19:57 . 2007-12-22 19:57 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-12-22 19:57 . 2007-12-22 19:57 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-22 19:57 . 2007-12-22 19:57 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-22 13:31 . 2007-12-22 13:31 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-22 13:31 . 2007-12-22 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-22 13:29 . 2007-12-22 13:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-22 13:23 . 2007-12-22 13:23 4,286 --a------ C:\WINDOWS\SYSTEM32\everybodybets.32x32.4.ico
2007-12-21 18:11 . 2007-12-22 18:15 990,810 --ahs---- C:\WINDOWS\SYSTEM32\dikpdqcn.ini
2007-12-16 22:50 . 2007-12-16 22:50 <DIR> d-------- C:\Program Files\Router
2007-12-16 22:42 . 2007-12-16 22:42 4,286 --a------ C:\WINDOWS\SYSTEM32\MobileSidewalk.ico
2007-12-16 22:35 . 2007-12-21 18:10 991,602 --ahs---- C:\WINDOWS\SYSTEM32\jglarkkl.ini
2007-12-16 03:12 . 2007-12-16 03:12 118 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2007-12-15 21:12 . 2007-12-15 21:12 15 --a------ C:\WINDOWS\AED7-8F85-C34E-8F4F.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 18:46 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-25 18:46 --------- d-----w C:\Program Files\QuickTime
2007-12-25 18:46 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-12-25 18:46 --------- d-----w C:\Program Files\Lexmark X1100 Series
2007-12-25 18:46 --------- d-----w C:\Program Files\iTunes
2007-12-25 18:46 --------- d-----w C:\Program Files\DIGStream
2007-12-25 18:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-25 08:34 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-23 04:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-23 02:25 --------- d-----w C:\Program Files\Symantec
2007-12-23 02:25 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-23 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-23 02:19 --------- d-----w C:\Documents and Settings\UserName\Application Data\Symantec
2007-11-15 01:05 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 22:27 87,952 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{961CA8C0-DAE4-4422-9905-0B9A578E53FD}]
C:\Program Files\Online Services\hokenowa24418.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C288FC10-32AE-470D-D828-3BE676810EC2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e83165f6-f126-4ccc-b873-c1ce5e84417a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-23 14:11 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4D64CCE-AE49-4766-8FB1-C40222796656}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-23 14:11 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2006-04-19 08:30]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2007-10-21 12:29]
"SpyDefender Shield"="C:\Program Files\SpyDefender Pro\SpyDefender.exe" []
"Kgerrseh"="C:\Documents and Settings\UserName\Application Data\M?crosoft\ping.exe" []
"QdrModule10"="C:\Program Files\QdrModule\QdrModule10.exe" []
"Router"="C:\Program Files\Router\Router.exe" [2007-12-16 22:50]
"QdrPack11"="C:\Program Files\QdrPack\QdrPack11.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2003-06-24 09:46]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 09:29]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-21 14:26]
"msnappau"="C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" [2004-08-13 16:41]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 04:43]
"kdx"="C:\WINDOWS\kdx\KHost.exe" [2004-01-20 10:45]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2002-08-19 10:12]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:31]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 04:00]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 17:22]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 13:49]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 20:10]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-27 16:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 02:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-06 15:55]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2005-10-06 18:12]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 02:50]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 00:01]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2004-12-21 14:26]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2004-12-21 14:26:10]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-07-20 12:27:32]
Microsoft Office.lnk - F:\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56]
MTV Networks Video Optimizer.lnk - C:\Program Files\MTV Networks\VOpt\MTVOptTray.exe [2005-04-01 11:19:34]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-12-31 13:36:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnnkl]
qomnnkl.dll

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-11-12 16:27]
S2 .NET Connection Service;.NET Framework Service;C:\WINDOWS\svchost.exe []
S3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 15:17:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-25 15:25:09 - machine was rebooted
.
2007-12-25 08:34:27 --- E O F ---


HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:57 PM, on 12/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
F:\New Folder\Alcohol 120 -\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Router\Router.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MTV Networks\VOpt\MTVOptTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MTV Networks\VOpt\MTVOptQueue.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/Login?partne...llsbc.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defa.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_7_0.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {961CA8C0-DAE4-4422-9905-0B9A578E53FD} - C:\Program Files\Online Services\hokenowa24418.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C288FC10-32AE-470D-D828-3BE676810EC2} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [SpyDefender Shield] "C:\Program Files\SpyDefender Pro\SpyDefender.exe" --scan2
O4 - HKCU\..\Run: [Kgerrseh] "C:\Documents and Settings\UserName\Application Data\M?crosoft\ping.exe"
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MTV Networks Video Optimizer.lnk = C:\Program Files\MTV Networks\VOpt\MTVOptTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?ff93afadc6f7420a954ec6717d059d88
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?ff93afadc6f7420a954ec6717d059d88
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02b.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://streak.fimc.net:8000/Java/cfs31229.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/2329c596b8a53e...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120946552093
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123968898653
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://hollagram.bet.com/hostClientIE.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ise/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.21.1/ttinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O16 - DPF: {F76DF680-EC17-4272-B1C7-CDB2641FA20B} (KB836528 Object) - http://microsoft.com/security/controls/DoomChk.CAB
O16 - DPF: {FCEAE646-DCF9-4D59-B994-6BD30A315139} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: qomnnkl - qomnnkl.dll (file missing)
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\New Folder\Alcohol 120 -\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 15206 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users