Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help


  • This topic is locked This topic is locked
18 replies to this topic

#1 computergenzius11

computergenzius11

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:37 PM

Posted 28 December 2007 - 11:51 PM

hi my name kia and i need help on trying to any spyware or viruses on my computer so here is a hijackthis log of my computer and let me know if you find anything or think that anything is wrong thank you!!! :thumbsup:





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:18 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kia Petty\My Documents\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\WINDOWS\ietorrntplug.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MECA] C:\Program Files\Meca\MECA.EXE
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179112007515
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Edited by computergenzius11, 29 December 2007 - 11:19 PM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 29 December 2007 - 07:25 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum computergenzius11
My name is Richie and i'll be helping you to fix your problems.

You have Avast4 and AVG7 installed.
Its definitely not a good idea to have more than one antivirus program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.
You should uninstall one of them now,then restart your pc.


Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix and save to your desktop:
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 TonyKlein

TonyKlein

  • Malware Response Team
  • 437 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 AM

Posted 29 December 2007 - 07:42 AM

Also, and my apologies for gatecrashing this thread, there's a file we'd like to have a closer look at:

C:\WINDOWS\ietorrntplug.dll

It looks to be a new parasite, so we'd like to receive a sample for analysis!

Please go to This Site and upload that C:\WINDOWS\ietorrntplug.dll file for the contents to be analyzed.

After that I'll be happy to leave you in RichieUK's most capable hands.

Much appreciated! :thumbsup:

#4 computergenzius11

computergenzius11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:37 PM

Posted 29 December 2007 - 11:15 PM

thanks youre not interupting anything. thanks 4 the information i submitted the file.

#5 computergenzius11

computergenzius11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:37 PM

Posted 29 December 2007 - 11:18 PM

thankz richieuk it really helped.

#6 TonyKlein

TonyKlein

  • Malware Response Team
  • 437 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 AM

Posted 30 December 2007 - 03:35 AM

thanks youre not interupting anything. thanks 4 the information i submitted the file.


Thank you for your cooperation! It is is malware indeed: a new "WebDir" adware variant.

Richie will help you get rid of it.

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 30 December 2007 - 07:08 AM

Many thanks Tony,and thank you computergenzius11 :blink:

computergenzius11,please now follow my instructions above and we'll make a start :thumbsup:

Edited by RichieUK, 30 December 2007 - 07:09 AM.

Posted Image
Posted Image

#8 computergenzius11

computergenzius11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:37 PM

Posted 31 December 2007 - 01:55 AM

hey i think its off. i updated my log and download the pack from google.com and it came with norton security scan and spyware doctor and when i ran both of them it both found something. a downloader (a high risk) and some cookies (norton). and spyware doctor found a website that was bad (a high risk) and some cookies. so look at the log i think its good now. :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:46 AM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\Explorer.EXE
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kia Petty\My Documents\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Vling] C:\Program Files\EarthLink\Vling\Vling.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179112007515
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Edited by computergenzius11, 31 December 2007 - 01:59 AM.


#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 31 December 2007 - 08:53 AM

Please follow the Combofix instructions.
Posted Image
Posted Image

#10 computergenzius11

computergenzius11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:37 PM

Posted 31 December 2007 - 05:02 PM

ok i did it and these are the results


ComboFix 07-12-31.4 - Kia Petty 2007-12-31 15:33:54.1 - NTFSx86
Running from: C:\Documents and Settings\Kia Petty\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
.

2007-12-31 15:30 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2007-12-31 02:20 . 2007-12-31 02:20 <DIR> d----c--- C:\Documents and Settings\Kia Petty\Application Data\Talkback
2007-12-31 01:50 . 2007-12-31 01:50 1,158 --a--c--- C:\WINDOWS\mozver.dat
2007-12-31 00:35 . 2007-12-31 00:35 <DIR> d----c--- C:\Documents and Settings\Mel Edwards\Application Data\Talkback
2007-12-30 20:24 . 2007-12-31 03:22 <DIR> d----c--- C:\Program Files\Spyware Doctor
2007-12-30 20:24 . 2007-12-30 20:24 <DIR> d----c--- C:\Documents and Settings\Mel Edwards\Application Data\PC Tools
2007-12-30 20:16 . 2007-12-30 20:54 <DIR> d----c--- C:\Program Files\Common Files\Symantec Shared
2007-12-30 20:14 . 2007-12-30 20:15 <DIR> d----c--- C:\Program Files\Picasa2
2007-12-30 20:10 . 2007-12-30 20:54 <DIR> d----c--- C:\Program Files\Norton Security Scan
2007-12-30 20:10 . 2007-12-30 20:10 <DIR> d----c--- C:\Program Files\Common Files\SYMANT~1
2007-12-30 20:08 . 2007-12-31 13:00 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-30 19:38 . 2007-12-31 12:47 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2007-12-30 19:38 . 2007-12-30 19:38 1,409 --a--c--- C:\WINDOWS\QTFont.for
2007-12-30 19:29 . 2007-12-30 19:29 <DIR> d----c--- C:\WINDOWS\system32\windows media
2007-12-30 03:08 . 2007-12-30 19:29 <DIR> d----c--- C:\Program Files\DivX
2007-12-30 00:41 . 2007-12-30 00:41 <DIR> d----c--- C:\Program Files\Windows Media Components
2007-12-29 23:29 . 2004-10-12 14:40 2,255,360 --a--c--- C:\WINDOWS\system32\libavcodec.dll
2007-12-29 23:29 . 2004-10-12 14:46 1,761,280 --a--c--- C:\WINDOWS\system32\ffdshow.ax
2007-12-29 23:29 . 2004-10-05 16:16 395,776 --a--c--- C:\WINDOWS\system32\libmplayer.dll
2007-12-29 23:29 . 2003-03-30 20:08 372,736 --a--c--- C:\WINDOWS\system32\xvid.ax
2007-12-29 23:29 . 2004-10-12 14:42 262,144 --a--c--- C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-12-29 23:29 . 2004-10-04 01:50 112,640 --a--c--- C:\WINDOWS\system32\libmpeg2_ff.dll
2007-12-29 23:29 . 2004-09-10 13:50 34,820 --a--c--- C:\WINDOWS\system32\ffdshow.reg
2007-12-29 22:03 . 2007-09-24 23:31 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl
2007-12-29 22:01 . 2007-12-30 19:28 <DIR> d----c--- C:\Program Files\Common Files\Java
2007-12-29 19:23 . 2007-08-01 22:47 102,664 --a--c--- C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-28 22:55 . 2007-12-29 01:21 <DIR> d----c--- C:\Documents and Settings\Kia Petty\.housecall6.6
2007-12-27 22:08 . 2007-12-27 22:11 <DIR> d----c--- C:\Program Files\QuickTime
2007-12-27 21:26 . 2007-12-27 21:38 <DIR> d----c--- C:\5234f9ebbd33c740dcdf0d
2007-12-26 16:02 . 2007-05-14 15:24 394,240 --a--c--- C:\WINDOWS\system32\Smab.dll
2007-12-26 16:01 . 2004-02-22 10:11 719,872 --a--c--- C:\WINDOWS\system32\devil.dll
2007-12-26 16:01 . 2006-10-07 17:43 502,784 --a--c--- C:\WINDOWS\x2.64.exe
2007-12-26 16:01 . 2007-05-17 17:30 318,976 --a--c--- C:\WINDOWS\system32\avisynth.dll
2007-12-26 16:01 . 2005-02-28 13:16 240,128 --a--c--- C:\WINDOWS\system32\x.264.exe
2007-12-26 16:01 . 2006-04-12 09:47 217,073 --a--c--- C:\WINDOWS\meta4.exe
2007-12-26 16:01 . 2004-01-25 00:00 70,656 --a--c--- C:\WINDOWS\system32\yv12vfw.dll
2007-12-26 16:01 . 2004-01-25 00:00 70,656 --a--c--- C:\WINDOWS\system32\i420vfw.dll
2007-12-26 16:01 . 2006-04-05 08:09 66,560 --a--c--- C:\WINDOWS\MOTA113.exe
2007-12-26 16:01 . 2005-07-14 12:31 27,648 --a--c--- C:\WINDOWS\system32\AVSredirect.dll
2007-12-26 15:56 . 2005-02-12 17:00 186,880 -r-hsc--- C:\WINDOWS\system32\RLOgg.ax
2007-12-26 15:56 . 2005-01-17 17:26 179,200 -r-hsc--- C:\WINDOWS\system32\DiracSplitter.ax
2007-12-26 15:56 . 2006-08-16 08:53 175,104 -r-hsc--- C:\WINDOWS\system32\CoreAAC.ax
2007-12-26 15:56 . 2005-02-05 17:00 92,672 -r-hsc--- C:\WINDOWS\system32\RLVorbisDec.ax
2007-12-26 15:56 . 2005-02-22 10:55 81,920 -r-hsc--- C:\WINDOWS\system32\aac_parser.ax
2007-12-26 15:56 . 2005-02-12 17:00 67,584 -r-hsc--- C:\WINDOWS\system32\RLTheoraDec.ax
2007-12-26 15:56 . 2005-02-12 17:00 51,712 -r-hsc--- C:\WINDOWS\system32\RLSpeexDec.ax
2007-12-26 01:34 . 2007-12-26 18:47 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Napster
2007-12-26 01:30 . 2007-12-26 01:30 <DIR> d----c--- C:\Program Files\Sony
2007-12-26 01:27 . 2007-12-26 01:30 <DIR> d----c--- C:\Program Files\Common Files\Sony Shared
2007-12-25 21:13 . 2007-12-26 13:31 <DIR> d----c--- C:\Documents and Settings\Kia Petty\Application Data\DivX
2007-12-25 18:51 . 2007-12-25 19:50 <DIR> d----c--- C:\Documents and Settings\Kia Petty\Application Data\Disney Mix It Plug-in
2007-12-25 16:38 . 2007-12-25 16:51 <DIR> d----c--- C:\Program Files\iDump
2007-12-25 15:17 . 2007-12-25 15:17 0 --ah-c--- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-25 15:17 . 2007-12-25 15:17 0 --ah-c--- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-12-25 15:14 . 2007-12-25 15:23 <DIR> d----c--- C:\Program Files\Zune
2007-12-25 13:46 . 2007-12-25 13:56 <DIR> d----c--- C:\9a3496619bce3abcfa7fee
2007-12-25 11:28 . 2007-12-25 11:28 <DIR> d----c--- C:\Documents and Settings\Mel Edwards\Application Data\SiteAdvisor
2007-12-25 11:27 . 2007-12-25 11:27 <DIR> d----c--- C:\Documents and Settings\Mel Edwards\Application Data\Sunbelt Software
2007-12-25 02:00 . 2007-12-25 02:00 0 --a--c--- C:\WINDOWS\system32\SBRC.dat
2007-12-25 02:00 . 2007-12-25 02:00 0 --a--c--- C:\WINDOWS\system32\SBFC.dat
2007-12-25 00:38 . 2007-12-25 00:38 <DIR> d----c--- C:\Documents and Settings\Kadeesha Petty\Application Data\Sunbelt Software
2007-12-24 18:04 . 2007-12-24 18:04 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\HipSoft
2007-12-23 21:32 . 2007-12-23 21:32 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MostFun
2007-12-23 21:30 . 2007-12-23 21:30 <DIR> d----c--- C:\Program Files\MostFun
2007-12-23 14:18 . 2007-12-23 14:25 <DIR> d----c--- C:\Documents and Settings\Kia Petty\Application Data\FrostWire
2007-12-23 13:59 . 2007-12-23 14:09 <DIR> d----c--- C:\Documents and Settings\Kia Petty\Application Data\iMP3Tunes
2007-12-23 02:21 . 2007-12-24 01:28 <DIR> d----c--- C:\Program Files\MSN Games
2007-12-21 11:28 . 2007-12-21 11:28 <DIR> d----c--- C:\Documents and Settings\Antwan\Application Data\Sunbelt Software
2007-12-20 17:35 . 2007-12-20 17:36 <DIR> d----c--- C:\Program Files\iTunes
2007-12-20 14:42 . 2007-12-20 14:47 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-12-20 13:02 . 2007-12-20 13:02 <DIR> d----c--- C:\Documents and Settings\Kia Petty\Application Data\Sunbelt Software
2007-12-20 11:52 . 2007-12-20 12:38 <DIR> d----c--- C:\Program Files\CA Yahoo! Anti-Spy
2007-12-20 09:56 . 2007-12-04 08:04 837,496 --a--c--- C:\WINDOWS\system32\aswBoot.exe
2007-12-20 09:56 . 2004-01-09 05:13 380,928 --a--c--- C:\WINDOWS\system32\actskin4.ocx
2007-12-20 09:56 . 2007-12-04 07:54 95,608 --a--c--- C:\WINDOWS\system32\AvastSS.scr
2007-12-20 09:56 . 2007-12-04 09:55 94,544 --a--c--- C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-20 09:56 . 2007-12-04 09:56 93,264 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-20 09:56 . 2007-12-04 09:51 42,912 --a--c--- C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-20 09:56 . 2007-12-04 09:49 26,624 --a--c--- C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-20 09:56 . 2007-12-04 09:53 23,152 --a--c--- C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-20 09:55 . 2007-12-20 09:55 <DIR> d----c--- C:\Program Files\Alwil Software
2007-12-20 03:27 . 2007-12-20 03:27 <DIR> d----c--- C:\Program Files\MSXML 6.0
2007-12-20 03:08 . 2007-12-20 03:08 <DIR> d----c--- C:\Program Files\MSXML 4.0
2007-12-11 17:32 . 2007-12-11 17:32 156,992 --a--c--- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a--c--- C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a--c--- C:\WINDOWS\system32\QuickTime.qts
2007-11-29 17:30 . 2007-11-29 17:30 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2007-11-29 17:30 . 2007-11-29 17:30 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
2007-11-15 21:51 . 2007-11-15 21:51 245,664 --a------ C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2007-11-15 21:51 . 2007-11-15 21:51 155,552 --a--c--- C:\WINDOWS\system32\ZuneMTPZ.dll
2007-11-15 21:51 . 2007-11-15 21:51 80,288 --a--c--- C:\WINDOWS\system32\ZuneIpTransport.dll
2007-11-15 21:51 . 2007-11-15 21:51 72,608 --a--c--- C:\WINDOWS\system32\ZuneUsbTransport.dll
2007-11-15 21:51 . 2007-11-15 21:51 59,296 --a------ C:\WINDOWS\system32\ZuneBusEnum.exe
2007-11-15 21:51 . 2007-11-15 21:51 45,472 --a--c--- C:\WINDOWS\system32\ZuneUsbConnection.dll
2007-11-15 21:38 . 2007-11-15 21:38 40,832 --a--c--- C:\WINDOWS\system32\drivers\zumbus.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 17:50 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-31 01:52 --------- dc----w C:\Program Files\Common Files\Adobe
2007-12-31 01:21 --------- dc----w C:\Program Files\Google
2007-12-31 00:29 --------- dc----w C:\Program Files\Yahoo!
2007-12-31 00:29 --------- dc----w C:\Documents and Settings\All Users\Application Data\YAHOO
2007-12-31 00:25 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 03:03 --------- dc----w C:\Program Files\Java
2007-12-30 00:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-28 01:43 --------- dc----w C:\Program Files\a-squared Free
2007-12-27 04:48 --------- dc----w C:\Documents and Settings\Kia Petty\Application Data\Simple Star
2007-12-26 23:47 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-12-26 15:23 --------- dc----w C:\Documents and Settings\Kadeesha Petty\Application Data\Yahoo!
2007-12-25 16:26 --------- dc----w C:\Documents and Settings\Mel Edwards\Application Data\Yahoo!
2007-12-25 08:36 --------- dc----w C:\Documents and Settings\Antwan\Application Data\MusicNet
2007-12-25 05:40 --------- dc----w C:\Documents and Settings\Kadeesha Petty\Application Data\SiteAdvisor
2007-12-23 17:22 --------- dc----w C:\Program Files\SiteAdvisor
2007-12-23 17:19 --------- dc----w C:\Documents and Settings\Kia Petty\Application Data\SiteAdvisor
2007-12-23 16:44 --------- dc----w C:\Documents and Settings\Antwan\Application Data\SiteAdvisor
2007-12-21 16:31 --------- dc----w C:\Documents and Settings\Antwan\Application Data\Yahoo!
2007-12-21 15:56 --------- dc----w C:\Program Files\Apple Software Update
2007-12-20 22:35 --------- dc----w C:\Program Files\iPod
2007-12-20 18:41 --------- dc----w C:\Program Files\Rhapsody
2007-12-20 16:52 --------- dc----w C:\Program Files\Common Files\Scanner
2007-12-20 16:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-20 16:26 --------- dc----w C:\Program Files\Winamp
2007-12-20 16:10 --------- dc----w C:\Documents and Settings\Kia Petty\Application Data\Yahoo!
2007-12-20 14:50 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-11 22:34 129,784 -c----w C:\WINDOWS\system32\PxAFS.DLL
2007-12-11 22:34 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2007-11-13 10:25 20,480 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 -c--a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 18:09 1,419,232 -c--a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-09-28 18:42 2,790,976 -c--a-w C:\WINDOWS\system32\GPhotos.scr
2007-06-27 21:01 80 -csh--r C:\WINDOWS\system32\10696223D8.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MECA"="C:\Program Files\Meca\MECA.EXE" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-10 13:32 655360]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-16 14:51 180269]
"LayoutM"="KLayMgr.exe" [2004-08-26 14:17 45056 C:\WINDOWS\KLayMgr.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-10-10 17:14 28672]
"BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" [ ]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 10:42 36904]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 21:51 166304]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

C:\Documents and Settings\Kia Petty\Start Menu\Programs\Startup\
MostFun.lnk - C:\Program Files\MostFun\Bin\MostFun.exe [2007-08-28 17:47:20]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-30 20:08:58]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R2 Ndismeetro;Meetro NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\ndismeetro.sys [2007-01-16 12:11]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 17:36]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 08:28]
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys []
S3 HPKBCCID;HP Keyboard Smart Card Driver;C:\WINDOWS\system32\DRIVERS\HPKBCCID.sys [2005-08-04 04:30]
S3 STC2DFU;STCII DFU Adapter;C:\WINDOWS\system32\DRIVERS\Stc2Dfu.SYS [2004-10-25 00:04]
S3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter;C:\WINDOWS\system32\DRIVERS\USB100M.SYS [2001-09-13 21:35]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-27 20:03:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-31 01:10:51 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 15:43:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MECA = C:\Program Files\Meca\MECA.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 15:47:40
.
2007-12-26 05:16:23 --- E O F ---











you also said do another hijackthis log so i did and here it is



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:29 PM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kia Petty\My Documents\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MECA] C:\Program Files\Meca\MECA.EXE
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179112007515
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 31 December 2007 - 08:21 PM

Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\5234f9ebbd33c740dcdf0d
C:\9a3496619bce3abcfa7fee


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

I now need you to do the following if you will:
First enable the viewing of hidden files and folders,reverse the process once you've done below:
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\10696223D8.dll
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply.

If Jotti's too busy,try here:
http://www.virustotal.com/en/virustotalf.html
Click on the 'Analysis' tab.
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\10696223D8.dll
Then click on 'Send File'.
Post the results into your next reply.
Posted Image
Posted Image

#12 computergenzius11

computergenzius11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:37 PM

Posted 31 December 2007 - 10:42 PM

this is the otmoveit2 log


C:\5234f9ebbd33c740dcdf0d\update moved successfully.
C:\5234f9ebbd33c740dcdf0d moved successfully.
C:\9a3496619bce3abcfa7fee\packages moved successfully.
C:\9a3496619bce3abcfa7fee\fr-FR moved successfully.
C:\9a3496619bce3abcfa7fee\es-ES moved successfully.
C:\9a3496619bce3abcfa7fee\en-US moved successfully.
C:\9a3496619bce3abcfa7fee moved successfully.

Created on 12312007_213523

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 01 January 2008 - 06:28 AM

Post the file scan results please.
Posted Image
Posted Image

#14 computergenzius11

computergenzius11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:37 PM

Posted 02 January 2008 - 04:35 PM

here is the results of virus scan:



Scan taken on 02 Jan 2008 21:32:01 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 02 January 2008 - 04:42 PM

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.

Posted Image

Please double-click OTMoveIt.exe again to run it.
Click on the 'Cleanup' button Posted Image
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.


Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Edited by RichieUK, 02 January 2008 - 04:43 PM.

Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users