Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost Infected By Worm.agent.bx


  • This topic is locked This topic is locked
25 replies to this topic

#1 JK888

JK888

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 11 January 2008 - 05:20 AM

It started when i switched on my computer (im on my laptop posting this) AVG Anti-Spyware found a Malware can be seen in the first attachment, so i clicked the recommended option and then i got a pop up saying that the computer will restart in 1 minute so it restarted and then i get an error message Titled HP AiO Device Object Server "RegisterClassObjects failed: hRes = 0x800706BA. The RPC server is unavailable. Maximum retry retry attempts exceeded." Now my computer does not function properly such as the internet each time i try to open an IE it shuts down by itself when i check my network connections i get an error message attached on the third document. I tried to do a System Restore but get an error message attached on the last document. I am really unhappy cause i just cleaned up my computer because internet wasnt working but after cleaning got it working fine and now this happens. Please some help me. I included a Logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:41 PM, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Utopia\Angel\Angel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://games.swirve.com/utopia/login.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\qgcuucbt\csrss.ex
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Spooler Subsystem Application] smss.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas153.exe" /minimize
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas153.exe" /minimize (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2000478354-1123561945-725345543-1004 Startup: csrss.lnk = ? (User '?')
O4 - S-1-5-21-2000478354-1123561945-725345543-1004 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User '?')
O4 - S-1-5-21-2000478354-1123561945-725345543-1004 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User '?')
O4 - Startup: csrss.lnk = ?
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ImageUploader - http://www.zorpia.com/ImageUploader.cab
O16 - DPF: mplay - http://prismix.tv/mplay.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1642804A-BF4B-485B-9CDF-B941F6E49A0E} (BIZPIO_GSP Control) - http://qroqro.bizpio.com/global/gmexec/BIZPIO_GSP.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.53.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161474068000
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8AB8BEAA-001B-4F5E-AB26-46D5611B10DE} (CM9ActiveX Object) - http://httppang.playolive.com/joyonpang/fu...r/M9ActiveX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.belairresort.com.au/virtual-tou...abs/svideo3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/eng/soccer_2_0_0_7.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: aawservice - Unknown owner - C:\WINDOWS\TEMP\132375.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe
O23 - Service: clr_optimization_v2.0.50215_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe
O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\TEMP\129265.exe (file missing)
O23 - Service: CVPND - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dmadmin - Unknown owner - C:\WINDOWS\TEMP\134203.exe (file missing)
O23 - Service: FastUserSwitchingCompatibility - Unknown owner - C:\WINDOWS\TEMP\129828.exe (file missing)
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: ImapiService - Unknown owner - C:\WINDOWS\TEMP\129390.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe
O23 - Service: Nla - Unknown owner - C:\WINDOWS\TEMP\132078.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RasMan - Unknown owner - C:\WINDOWS\TEMP\131031.exe (file missing)
O23 - Service: RDSessMgr - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RichVideo - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: rpcapd - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe
O23 - Service: RSVP - Unknown owner - C:\WINDOWS\System32\rsvp.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Spooler - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TapiSrv - Unknown owner - C:\WINDOWS\TEMP\138359.exe (file missing)
O23 - Service: TrkWks - Unknown owner - C:\WINDOWS\TEMP\129125.exe (file missing)
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe
O23 - Service: usprserv - Unknown owner - C:\WINDOWS\TEMP\133125.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VSS - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\system32\MsPMSPSv.exe (file missing)
O23 - Service: WmiApSrv - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 20450 bytes

Attached Files


Edited by JK888, 11 January 2008 - 05:22 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:10 PM

Posted 11 January 2008 - 07:22 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 JK888

JK888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 11 January 2008 - 09:06 AM

Hey Sam thanks for spending your time helping i really appreciate it here is the log file ComboFix produced

ComboFix 08-01-10.2 - Debbie 2008-01-11 23:11:31.1 - NTFSx86
Running from: M:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Debbie\g2mdlhlpx.exe
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe
C:\WINDOWS\Downloaded Program Files\rave
C:\WINDOWS\Downloaded Program Files\rave\avirexe.vdm
C:\WINDOWS\Downloaded Program Files\rave\avirscr.vdm
C:\WINDOWS\Downloaded Program Files\rave\base.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdt
C:\WINDOWS\Downloaded Program Files\rave\filters.vdm
C:\WINDOWS\Downloaded Program Files\rave\kernel.vdk
C:\WINDOWS\Downloaded Program Files\rave\keyring.vdk
C:\WINDOWS\Downloaded Program Files\rave\mapi_vdm.vdm
C:\WINDOWS\Downloaded Program Files\rave\modules.vdk
C:\WINDOWS\Downloaded Program Files\rave\rav8def.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufs.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufsplg.vdm
C:\WINDOWS\Downloaded Program Files\rave\unarch.vdm
C:\WINDOWS\Downloaded Program Files\rave\unmail.vdm
C:\WINDOWS\Downloaded Program Files\rave\unpack.vdm
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\drivers\Bfj61.sys
C:\WINDOWS\system32\drivers\Pux72.sys
C:\WINDOWS\system32\drivers\smtpdrv.sys
C:\WINDOWS\Temp\126140.exe
C:\WINDOWS\Temp\126171.exe
C:\WINDOWS\Temp\128531.exe
C:\WINDOWS\Temp\131781.exe
C:\WINDOWS\Temp\134125.exe
C:\WINDOWS\Temp\134312.exe
C:\WINDOWS\Temp\135156.exe
C:\WINDOWS\Temp\135500.exe
C:\WINDOWS\Temp\159218.exe
C:\WINDOWS\Temp\170203.exe
C:\WINDOWS\Temp\174750.exe
C:\WINDOWS\Temp\1806531.exe
C:\WINDOWS\Temp\181421.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_BFJ61
-------\LEGACY_PUX72
-------\LEGACY_RUNTIME
-------\LEGACY_SMTPDRV
-------\Bfj61
-------\Pux72
-------\runtime
-------\smtpdrv


((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-11 23:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 21:03 . 2008-01-10 21:03 0 --a------ C:\F7.tmp
2008-01-10 21:03 . 2008-01-10 21:03 0 --a------ C:\F6.tmp
2008-01-10 21:03 . 2008-01-10 21:03 0 --a------ C:\F5.tmp
2008-01-10 21:03 . 2008-01-10 21:03 0 --a------ C:\F4.tmp
2008-01-10 21:03 . 2008-01-10 21:03 0 --a------ C:\F3.tmp
2008-01-10 21:03 . 2008-01-10 21:03 0 --a------ C:\F2.tmp
2008-01-10 21:02 . 2008-01-10 21:02 0 --a------ C:\F1.tmp
2008-01-10 21:02 . 2008-01-10 21:02 0 --a------ C:\F0.tmp
2008-01-10 21:02 . 2008-01-10 21:02 0 --a------ C:\EF.tmp
2008-01-10 21:02 . 2008-01-10 21:02 0 --a------ C:\EE.tmp
2008-01-10 21:01 . 2008-01-10 21:01 0 --a------ C:\ED.tmp
2008-01-10 21:01 . 2008-01-10 21:01 0 --a------ C:\EC.tmp
2008-01-10 21:01 . 2008-01-10 21:01 0 --a------ C:\EB.tmp
2008-01-10 21:01 . 2008-01-10 21:01 0 --a------ C:\EA.tmp
2008-01-10 21:01 . 2008-01-10 21:01 0 --a------ C:\E9.tmp
2008-01-10 21:01 . 2008-01-10 21:01 0 --a------ C:\E4.tmp
2008-01-10 20:55 . 2008-01-10 20:55 14,336 --a------ C:\WINDOWS\system32\svchost.exe
2008-01-10 20:46 . 2008-01-10 20:46 0 --a------ C:\E8.tmp
2008-01-10 20:46 . 2008-01-10 20:46 0 --a------ C:\E7.tmp
2008-01-10 20:46 . 2008-01-10 20:46 0 --a------ C:\E6.tmp
2008-01-10 20:45 . 2008-01-10 20:45 0 --a------ C:\E5.tmp
2008-01-10 20:44 . 2008-01-10 20:44 0 --a------ C:\E3.tmp
2008-01-10 20:44 . 2008-01-10 20:44 0 --a------ C:\E2.tmp
2008-01-10 20:44 . 2008-01-10 20:44 0 --a------ C:\E1.tmp
2008-01-10 20:44 . 2008-01-10 20:44 0 --a------ C:\E0.tmp
2008-01-10 17:11 . 2008-01-10 17:11 0 --a------ C:\DF.tmp
2008-01-10 17:11 . 2008-01-10 17:11 0 --a------ C:\DE.tmp
2008-01-10 17:11 . 2008-01-10 17:11 0 --a------ C:\DD.tmp
2008-01-10 17:11 . 2008-01-10 17:11 0 --a------ C:\DC.tmp
2008-01-10 17:10 . 2008-01-10 17:10 0 --a------ C:\DB.tmp
2008-01-10 17:10 . 2008-01-10 17:10 0 --a------ C:\DA.tmp
2008-01-10 17:10 . 2008-01-10 17:10 0 --a------ C:\D9.tmp
2008-01-10 17:10 . 2008-01-10 17:10 0 --a------ C:\D8.tmp
2008-01-10 17:10 . 2008-01-10 17:10 0 --a------ C:\D7.tmp
2008-01-10 17:10 . 2008-01-10 17:10 0 --a------ C:\D6.tmp
2008-01-10 17:10 . 2008-01-10 17:10 0 --a------ C:\D5.tmp
2008-01-10 17:10 . 2008-01-10 17:10 0 --a------ C:\D4.tmp
2008-01-10 17:09 . 2008-01-10 17:09 0 --a------ C:\D3.tmp
2008-01-10 17:09 . 2008-01-10 17:09 0 --a------ C:\D2.tmp
2008-01-10 17:09 . 2008-01-10 17:09 0 --a------ C:\C2.tmp
2008-01-10 17:09 . 2008-01-10 17:09 0 --a------ C:\C1.tmp
2008-01-10 12:25 . 2008-01-10 12:25 0 --a------ C:\D1.tmp
2008-01-10 12:25 . 2008-01-10 12:25 0 --a------ C:\D0.tmp
2008-01-10 12:25 . 2008-01-10 12:25 0 --a------ C:\CF.tmp
2008-01-10 12:24 . 2008-01-10 12:24 0 --a------ C:\CE.tmp
2008-01-10 12:24 . 2008-01-10 12:24 0 --a------ C:\CD.tmp
2008-01-10 12:24 . 2008-01-10 12:24 0 --a------ C:\CC.tmp
2008-01-10 12:24 . 2008-01-10 12:24 0 --a------ C:\CB.tmp
2008-01-10 12:24 . 2008-01-10 12:24 0 --a------ C:\CA.tmp
2008-01-10 12:24 . 2008-01-10 12:24 0 --a------ C:\C9.tmp
2008-01-10 12:24 . 2008-01-10 12:24 0 --a------ C:\C8.tmp
2008-01-10 12:23 . 2008-01-10 12:23 0 --a------ C:\C7.tmp
2008-01-10 12:23 . 2008-01-10 12:23 0 --a------ C:\C6.tmp
2008-01-10 12:23 . 2008-01-10 12:23 0 --a------ C:\C5.tmp
2008-01-10 12:23 . 2008-01-10 12:23 0 --a------ C:\C0.tmp
2008-01-10 12:22 . 2008-01-10 12:22 0 --a------ C:\B9.tmp
2008-01-10 12:22 . 2008-01-10 12:22 0 --a------ C:\B8.tmp
2008-01-09 21:52 . 2008-01-09 21:52 0 --a------ C:\C4.tmp
2008-01-09 21:51 . 2008-01-09 21:51 0 --a------ C:\C3.tmp
2008-01-09 21:51 . 2008-01-09 21:51 0 --a------ C:\BF.tmp
2008-01-09 21:51 . 2008-01-09 21:51 0 --a------ C:\BE.tmp
2008-01-09 21:51 . 2008-01-09 21:51 0 --a------ C:\BD.tmp
2008-01-09 21:50 . 2008-01-09 21:50 0 --a------ C:\BC.tmp
2008-01-09 21:50 . 2008-01-09 21:50 0 --a------ C:\BB.tmp
2008-01-09 21:50 . 2008-01-09 21:50 0 --a------ C:\BA.tmp
2008-01-09 21:49 . 2008-01-09 21:49 0 --a------ C:\B7.tmp
2008-01-09 21:49 . 2008-01-09 21:49 0 --a------ C:\B6.tmp
2008-01-09 21:49 . 2008-01-09 21:49 0 --a------ C:\B5.tmp
2008-01-09 21:49 . 2008-01-09 21:49 0 --a------ C:\B4.tmp
2008-01-09 21:48 . 2008-01-09 21:48 0 --a------ C:\B3.tmp
2008-01-09 21:48 . 2008-01-09 21:48 0 --a------ C:\B2.tmp
2008-01-09 21:48 . 2008-01-09 21:48 0 --a------ C:\B1.tmp
2008-01-09 21:48 . 2008-01-09 21:48 0 --a------ C:\B0.tmp
2008-01-09 19:55 . 2008-01-09 19:55 0 --a------ C:\AF.tmp
2008-01-09 19:55 . 2008-01-09 19:55 0 --a------ C:\AE.tmp
2008-01-09 19:54 . 2008-01-09 19:54 0 --a------ C:\AD.tmp
2008-01-09 19:54 . 2008-01-09 19:54 0 --a------ C:\AC.tmp
2008-01-09 19:54 . 2008-01-09 19:54 0 --a------ C:\AB.tmp
2008-01-09 19:54 . 2008-01-09 19:54 0 --a------ C:\A5.tmp
2008-01-09 19:53 . 2008-01-09 19:53 0 --a------ C:\A4.tmp
2008-01-09 19:53 . 2008-01-09 19:53 0 --a------ C:\A3.tmp
2008-01-09 08:43 . 2008-01-09 08:43 0 --a------ C:\AA.tmp
2008-01-09 08:43 . 2008-01-09 08:43 0 --a------ C:\A9.tmp
2008-01-09 08:42 . 2008-01-09 08:42 0 --a------ C:\A8.tmp
2008-01-09 08:42 . 2008-01-09 08:42 0 --a------ C:\A7.tmp
2008-01-09 08:42 . 2008-01-09 08:42 0 --a------ C:\A6.tmp
2008-01-09 08:42 . 2008-01-09 08:42 0 --a------ C:\A2.tmp
2008-01-09 08:41 . 2008-01-09 08:41 0 --a------ C:\A1.tmp
2008-01-09 08:41 . 2008-01-09 08:41 0 --a------ C:\A0.tmp
2008-01-08 20:25 . 2008-01-08 20:25 0 --a------ C:\9F.tmp
2008-01-08 20:24 . 2008-01-08 20:24 0 --a------ C:\9E.tmp
2008-01-08 20:24 . 2008-01-08 20:24 0 --a------ C:\9D.tmp
2008-01-08 20:24 . 2008-01-08 20:24 0 --a------ C:\9C.tmp
2008-01-08 20:24 . 2008-01-08 20:24 0 --a------ C:\9B.tmp
2008-01-08 20:24 . 2008-01-08 20:24 0 --a------ C:\9A.tmp
2008-01-08 20:23 . 2008-01-08 20:23 0 --a------ C:\99.tmp
2008-01-08 20:23 . 2008-01-08 20:23 0 --a------ C:\8E.tmp
2008-01-08 20:09 . 2008-01-08 20:09 0 --a------ C:\98.tmp
2008-01-08 20:09 . 2008-01-08 20:09 0 --a------ C:\97.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 00:31 --------- d-----w C:\Program Files\GetRight
2008-01-10 09:05 --------- d-----w C:\Program Files\FlashGet
2008-01-10 07:14 --------- d-----w C:\Documents and Settings\Debbie\Application Data\Skype
2007-12-30 07:34 --------- d-----w C:\Program Files\Lavasoft
2007-12-27 07:48 --------- d-----w C:\Program Files\DriftCity
2007-12-18 14:24 --------- d-----w C:\Documents and Settings\Debbie\Application Data\dvdcss
2007-12-12 05:25 --------- d-----w C:\Documents and Settings\Debbie\Application Data\Lavasoft
2007-11-23 11:05 --------- d-----w C:\Program Files\EasyZip
2007-11-18 11:55 --------- d-----w C:\Program Files\Picasa2
2007-11-17 07:52 --------- d-----w C:\Program Files\LimeWire
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-13 08:27 31,584 ----a-w C:\Documents and Settings\Debbie\Application Data\GDIPFONTCACHEV1.DAT
2007-01-09 06:22 92,064 ----a-w C:\Documents and Settings\Debbie\mqdmmdm.sys
2007-01-09 06:22 9,232 ----a-w C:\Documents and Settings\Debbie\mqdmmdfl.sys
2007-01-09 06:22 79,328 ----a-w C:\Documents and Settings\Debbie\mqdmserd.sys
2007-01-09 06:22 66,656 ----a-w C:\Documents and Settings\Debbie\mqdmbus.sys
2007-01-09 06:22 6,208 ----a-w C:\Documents and Settings\Debbie\mqdmcmnt.sys
2007-01-09 06:22 5,936 ----a-w C:\Documents and Settings\Debbie\mqdmwhnt.sys
2007-01-09 06:22 4,048 ----a-w C:\Documents and Settings\Debbie\mqdmcr.sys
2007-01-09 06:22 25,600 ----a-w C:\Documents and Settings\Debbie\usbsermptxp.sys
2007-01-09 06:22 22,768 ----a-w C:\Documents and Settings\Debbie\usbsermpt.sys
2005-09-18 15:01 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-03-08 09:41 560 ----a-w C:\Program Files\Global.sw
2004-08-29 01:10 1,592 ----a-w C:\Program Files\INSTALL.LOG
2004-07-22 00:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 12:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 12:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 04:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-08 23:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-08 23:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-08 18:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-08 18:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-08 17:03 62,976 ----a-w C:\Program Files\DSETUP.dll
2004-06-09 06:04 299,624 ----a-w C:\Program Files\dxwebsetup.exe
2004-05-10 14:06 40,120 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"Utopia Angel"="C:\Utopia\Angel\Angel.exe" [2008-01-07 00:20 3545600]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-21 13:06 20036648]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24 1694208]
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\cdas153.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2005-01-13 13:40 93863]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 09:15 366400]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-05-01 16:00 126976]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-05-01 15:59 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-17 21:12 180269]
"Spooler Subsystem Application"="smss.exe" [2004-08-04 17:56 50688 C:\WINDOWS\system32\smss.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-30 19:49 579072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 17:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-30 19:49 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pux72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"NISUM"=2 (0x2)
"navapsvc"=3 (0x3)
"MDM"=2 (0x2)
"ccPxySvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6beecabb-2403-11db-8ea3-000f3da59ca6}]
\Shell\AutoRun\command - F:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2005-03-16 09:06:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1099373564.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 23:40:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 23:53:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-11 13:52:56
.
2008-01-09 00:11:28 --- E O F ---

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:10 PM

Posted 11 January 2008 - 09:13 AM

Do you see all those tmp files listed in your log, similar to these...

2008-01-10 21:03 . 2008-01-10 21:03 0 --a------ C:\F6.tmp
2008-01-10 21:03 . 2008-01-10 21:03 0 --a------ C:\F5.tmp
2008-01-10 21:03 . 2008-01-10 21:03 0 --a------ C:\F4.tmp
2008-01-10 21:03 . 2008-01-10 21:03 0 --a------ C:\F3.tmp

Go to your C:\ drive and delete all of those .tmp files.
Be careful only to delete tmp files and don't delete any folders.


==============



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


==============



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 JK888

JK888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 11 January 2008 - 09:47 AM

Hey i've deleted all the temp files specified (but there are a few temp files that have not been specified and are still there) and have runned the ATF-Cleaner but my comp does not allow me to get on the internet as stated on my very first post each time i try to open an Internet Explorer it closes automatically. Here is a fresh Log without the Kaspersky Scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:43 AM, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Utopia\Angel\Angel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://games.swirve.com/utopia/login.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Spooler Subsystem Application] smss.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas153.exe" /minimize
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas153.exe" /minimize (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2000478354-1123561945-725345543-1004 Startup: csrss.lnk = ? (User '?')
O4 - S-1-5-21-2000478354-1123561945-725345543-1004 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User '?')
O4 - S-1-5-21-2000478354-1123561945-725345543-1004 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User '?')
O4 - Startup: csrss.lnk = ?
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ImageUploader - http://www.zorpia.com/ImageUploader.cab
O16 - DPF: mplay - http://prismix.tv/mplay.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1642804A-BF4B-485B-9CDF-B941F6E49A0E} (BIZPIO_GSP Control) - http://qroqro.bizpio.com/global/gmexec/BIZPIO_GSP.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.53.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161474068000
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8AB8BEAA-001B-4F5E-AB26-46D5611B10DE} (CM9ActiveX Object) - http://httppang.playolive.com/joyonpang/fu...r/M9ActiveX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.belairresort.com.au/virtual-tou...abs/svideo3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/eng/soccer_2_0_0_7.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: aawservice - Unknown owner - C:\WINDOWS\TEMP\132375.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe
O23 - Service: clr_optimization_v2.0.50215_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe
O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\TEMP\129265.exe (file missing)
O23 - Service: CVPND - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dmadmin - Unknown owner - C:\WINDOWS\TEMP\134203.exe (file missing)
O23 - Service: FastUserSwitchingCompatibility - Unknown owner - C:\WINDOWS\TEMP\129828.exe (file missing)
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: ImapiService - Unknown owner - C:\WINDOWS\TEMP\129390.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe
O23 - Service: Nla - Unknown owner - C:\WINDOWS\TEMP\132078.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RasMan - Unknown owner - C:\WINDOWS\TEMP\131031.exe (file missing)
O23 - Service: RDSessMgr - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RichVideo - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: rpcapd - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe
O23 - Service: RSVP - Unknown owner - C:\WINDOWS\System32\rsvp.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Spooler - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TapiSrv - Unknown owner - C:\WINDOWS\TEMP\138359.exe (file missing)
O23 - Service: TrkWks - Unknown owner - C:\WINDOWS\TEMP\129125.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe
O23 - Service: usprserv - Unknown owner - C:\WINDOWS\TEMP\133125.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VSS - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\system32\MsPMSPSv.exe (file missing)
O23 - Service: WmiApSrv - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 19601 bytes

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:10 PM

Posted 11 January 2008 - 10:00 AM

How are you posting here if you can't connect?
Are you using a different computer?


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Spooler Subsystem Application] smss.exe
O4 - Startup: csrss.lnk = ?
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\aspnet_state.exe (file missing)
O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\TEMP\129265.exe (file missing)
O23 - Service: dmadmin - Unknown owner - C:\WINDOWS\TEMP\134203.exe (file missing)
O23 - Service: FastUserSwitchingCompatibility - Unknown owner - C:\WINDOWS\TEMP\129828.exe (file missing)
O23 - Service: ImapiService - Unknown owner - C:\WINDOWS\TEMP\129390.exe (file missing)
O23 - Service: Nla - Unknown owner - C:\WINDOWS\TEMP\132078.exe (file missing)
O23 - Service: RasMan - Unknown owner - C:\WINDOWS\TEMP\131031.exe (file missing)
O23 - Service: Spooler - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: TapiSrv - Unknown owner - C:\WINDOWS\TEMP\138359.exe (file missing)
O23 - Service: TrkWks - Unknown owner - C:\WINDOWS\TEMP\129125.exe (file missing)
O23 - Service: usprserv - Unknown owner - C:\WINDOWS\TEMP\133125.exe (file missing)



================


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 JK888

JK888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 11 January 2008 - 11:33 AM

Yea i am using my laptop to post and a USB to transfer logs and such, internet(wireless) is fine just not on my PC, i have done the Fixes on HJT sorry to take so long to reply i forgot i was meant to reboot it normally after going into Safe Mode. Here is the Report and a fresh Log


SDFix: Version 1.125

Run by Debbie on Sat 12/01/2008 at 01:45 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\10.TMP - Deleted
C:\12.TMP - Deleted
C:\14.TMP - Deleted
C:\17.TMP - Deleted
C:\19.TMP - Deleted
C:\1B.TMP - Deleted
C:\1C.TMP - Deleted
C:\1E.TMP - Deleted
C:\20.TMP - Deleted
C:\22.TMP - Deleted
C:\23.TMP - Deleted
C:\24.TMP - Deleted
C:\26.TMP - Deleted
C:\28.TMP - Deleted
C:\2A.TMP - Deleted
C:\2C.TMP - Deleted
C:\3D.TMP - Deleted
C:\3F.TMP - Deleted
C:\41.TMP - Deleted
C:\43.TMP - Deleted
C:\45.TMP - Deleted
C:\47.TMP - Deleted
C:\49.TMP - Deleted
C:\4B.TMP - Deleted
C:\4D.TMP - Deleted
C:\4F.TMP - Deleted
C:\51.TMP - Deleted
C:\53.TMP - Deleted
C:\54.TMP - Deleted
C:\55.TMP - Deleted
C:\56.TMP - Deleted
C:\57.TMP - Deleted
C:\58.TMP - Deleted
C:\59.TMP - Deleted
C:\5A.TMP - Deleted
C:\5B.TMP - Deleted
C:\5C.TMP - Deleted
C:\5D.TMP - Deleted
C:\5E.TMP - Deleted
C:\5F.TMP - Deleted
C:\60.TMP - Deleted
C:\61.TMP - Deleted
C:\62.TMP - Deleted
C:\63.TMP - Deleted
C:\64.TMP - Deleted
C:\65.TMP - Deleted
C:\66.TMP - Deleted
C:\67.TMP - Deleted
C:\68.TMP - Deleted
C:\69.TMP - Deleted
C:\6A.TMP - Deleted
C:\6B.TMP - Deleted
C:\6C.TMP - Deleted
C:\6D.TMP - Deleted
C:\6E.TMP - Deleted
C:\6F.TMP - Deleted
C:\70.TMP - Deleted
C:\71.TMP - Deleted
C:\72.TMP - Deleted
C:\73.TMP - Deleted
C:\74.TMP - Deleted
C:\75.TMP - Deleted
C:\76.TMP - Deleted
C:\77.TMP - Deleted
C:\78.TMP - Deleted
C:\79.TMP - Deleted
C:\7A.TMP - Deleted
C:\7B.TMP - Deleted
C:\7C.TMP - Deleted
C:\7D.TMP - Deleted
C:\7E.TMP - Deleted
C:\7F.TMP - Deleted
C:\80.TMP - Deleted
C:\81.TMP - Deleted
C:\82.TMP - Deleted
C:\83.TMP - Deleted
C:\84.TMP - Deleted
C:\85.TMP - Deleted
C:\86.TMP - Deleted
C:\87.TMP - Deleted
C:\88.TMP - Deleted
C:\89.TMP - Deleted
C:\8A.TMP - Deleted
C:\8B.TMP - Deleted
C:\8C.TMP - Deleted
C:\8D.TMP - Deleted
C:\8F.TMP - Deleted
C:\9.TMP - Deleted
C:\90.TMP - Deleted
C:\91.TMP - Deleted
C:\92.TMP - Deleted
C:\93.TMP - Deleted
C:\94.TMP - Deleted
C:\95.TMP - Deleted
C:\96.TMP - Deleted
C:\B.TMP - Deleted
C:\D.TMP - Deleted
C:\F.TMP - Deleted
C:\2F.TMP - Deleted
C:\33.TMP - Deleted
C:\35.TMP - Deleted
C:\3B.TMP - Deleted
C:\5.TMP - Deleted
C:\7.TMP - Deleted
C:\A.tmp - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

=========================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:37 AM, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Utopia\Angel\Angel.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\SpywareGuard\sgbhp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://games.swirve.com/utopia/login.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas153.exe" /minimize
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas153.exe" /minimize (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2000478354-1123561945-725345543-1004 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User '?')
O4 - S-1-5-21-2000478354-1123561945-725345543-1004 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User '?')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ImageUploader - http://www.zorpia.com/ImageUploader.cab
O16 - DPF: mplay - http://prismix.tv/mplay.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shiz...pside_web18.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1642804A-BF4B-485B-9CDF-B941F6E49A0E} (BIZPIO_GSP Control) - http://qroqro.bizpio.com/global/gmexec/BIZPIO_GSP.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab30149.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.53.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161474068000
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8AB8BEAA-001B-4F5E-AB26-46D5611B10DE} (CM9ActiveX Object) - http://httppang.playolive.com/joyonpang/fu...r/M9ActiveX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.belairresort.com.au/virtual-tou...abs/svideo3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/eng/soccer_2_0_0_7.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: aawservice - Unknown owner - C:\WINDOWS\TEMP\132375.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe
O23 - Service: clr_optimization_v2.0.50215_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe
O23 - Service: CVPND - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe
O23 - Service: Nla - Unknown owner - C:\WINDOWS\TEMP\132078.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RDSessMgr - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RichVideo - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: rpcapd - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe
O23 - Service: RSVP - Unknown owner - C:\WINDOWS\System32\rsvp.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VSS - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\system32\MsPMSPSv.exe (file missing)
O23 - Service: WmiApSrv - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 18562 bytes

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:10 PM

Posted 11 January 2008 - 12:24 PM

Fix these lines with Hijackthis.

O23 - Service: aawservice - Unknown owner - C:\WINDOWS\TEMP\132375.exe (file missing)
O23 - Service: Nla - Unknown owner - C:\WINDOWS\TEMP\132078.exe (file missing)


You should also review all of the 016 lines in your log and remove any of these that you don't absolutely need or use all the time. These are all optional and can be easily restored the next time you visit that site. However you do have an excessive amount.


Download Firefox to use as an alternate browser on the infected computer. It should work if you have a live connection.
http://www.mozilla.com/en-US/firefox/


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

Please post the log from DrWeb and a new hijackthis log.
Let me know if you are able to get connected with Firefox.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 JK888

JK888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 12 January 2008 - 02:22 AM

Hey i cant connect to the internet at all :thumbsup: Here are the logs

05020500.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
09139015.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
11744359.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
13278468.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
22950109.FIL;C:\$VAULT$.AVG;Trojan.Rntm;Deleted.;
22993593.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
23001312.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
23006609.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
23013609.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
23651468.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
23671500.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
23697062.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
23700812.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
23704468.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
23709812.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
23716203.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
23719453.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
23722671.FIL;C:\$VAULT$.AVG;BackDoor.Bulknet.112;Deleted.;
23727687.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
23802718.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
24999125.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36698453.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36703468.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36729718.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36737000.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36743312.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36747375.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36752375.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36756421.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36759171.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36774390.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36777437.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36785265.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36810921.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36819031.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36828250.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.360;Deleted.;
36890671.FIL;C:\$VAULT$.AVG;Trojan.NtRootKit.497;Deleted.;
Process.exe;C:\Documents and Settings\Debbie\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Debbie\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.;
EN_AU-ie.reg;C:\hp\region;Trojan.StartPage.1505;Deleted.;
EN_NZ-ie.reg;C:\hp\region;Trojan.StartPage.1505;Deleted.;
Pux72.sys.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers;Trojan.DownLoader.39204;Deleted.;
smtpdrv.sys.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\drivers;Trojan.NtRootKit.360;Deleted.;
126140.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\Temp;BackDoor.Bulknet.112;Deleted.;
126171.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\Temp;BackDoor.Bulknet.112;Deleted.;
128531.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\Temp;BackDoor.Bulknet.112;Deleted.;
135156.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\Temp;BackDoor.Bulknet.112;Deleted.;
170203.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\Temp;BackDoor.Bulknet.112;Deleted.;
174750.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\Temp;BackDoor.Bulknet.112;Deleted.;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
A0075546.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP342;BackDoor.Bulknet.112;Deleted.;
A0075579.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP343;BackDoor.Bulknet.112;Deleted.;
A0075595.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP344;BackDoor.Bulknet.112;Deleted.;
A0075610.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP344;BackDoor.Bulknet.112;Deleted.;
A0075727.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP345;BackDoor.Bulknet.112;Deleted.;
A0075743.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP345;BackDoor.Bulknet.112;Deleted.;
A0075785.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP345;BackDoor.Bulknet.112;Deleted.;
A0075832.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP345;BackDoor.Bulknet.112;Deleted.;
A0076115.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084177.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084204.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084235.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084266.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084303.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084359.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084382.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084410.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084445.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084476.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084509.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084530.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084553.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084577.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084601.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084622.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP347;BackDoor.Bulknet.112;Deleted.;
A0084706.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP348;BackDoor.Bulknet.112;Deleted.;
A0084743.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP348;BackDoor.Bulknet.112;Deleted.;
A0084759.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP348;BackDoor.Bulknet.112;Deleted.;
A0084839.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP349;BackDoor.Bulknet.112;Deleted.;
A0084858.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP349;BackDoor.Bulknet.112;Deleted.;
A0084868.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP349;BackDoor.Bulknet.112;Deleted.;
A0084883.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP349;BackDoor.Bulknet.112;Deleted.;
A0084901.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP349;BackDoor.Bulknet.112;Deleted.;
A0085024.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP351;BackDoor.Bulknet.112;Deleted.;
A0085081.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP352;Trojan.NtRootKit.360;Deleted.;
A0085108.exe;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP352;Trojan.Proxy.2071;Deleted.;
A0085144.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP353;Trojan.NtRootKit.360;Deleted.;
A0085166.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP353;Trojan.NtRootKit.360;Deleted.;
A0086165.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP354;Trojan.NtRootKit.360;Deleted.;
A0086182.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP354;Trojan.NtRootKit.360;Deleted.;
A0086208.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP354;Trojan.NtRootKit.360;Deleted.;
A0086224.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP355;Trojan.NtRootKit.360;Deleted.;
A0087223.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP355;Trojan.NtRootKit.360;Deleted.;
A0087257.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP355;Trojan.NtRootKit.360;Deleted.;
A0087272.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP355;Trojan.NtRootKit.360;Deleted.;
A0087288.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP355;Trojan.NtRootKit.360;Deleted.;
A0087312.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP356;Trojan.NtRootKit.360;Deleted.;
A0087352.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP357;Trojan.NtRootKit.360;Deleted.;
A0087369.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP357;Trojan.NtRootKit.360;Deleted.;
A0087382.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP357;Trojan.NtRootKit.360;Deleted.;
A0087412.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP357;Trojan.NtRootKit.360;Deleted.;
A0087429.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP358;Trojan.NtRootKit.360;Deleted.;
A0087444.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP358;Trojan.NtRootKit.360;Deleted.;
A0087460.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP358;Trojan.NtRootKit.360;Deleted.;
A0087485.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP358;Trojan.NtRootKit.360;Deleted.;
A0087535.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Trojan.NtRootKit.360;Deleted.;
A0087544.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Trojan.NtRootKit.360;Deleted.;
A0087563.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Trojan.NtRootKit.360;Deleted.;
A0087584.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Trojan.DownLoader.39204;Deleted.;
A0087593.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Trojan.NtRootKit.360;Deleted.;
A0088616.exe;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Tool.Prockill;Incurable.Moved.;
A0088712.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Trojan.NtRootKit.360;Deleted.;
A0088716.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Trojan.DownLoader.39204;Deleted.;
A0088743.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Trojan.NtRootKit.360;Deleted.;
A0088749.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Trojan.DownLoader.39204;Deleted.;
A0088762.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Trojan.NtRootKit.360;Deleted.;
A0088836.sys;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Trojan.DownLoader.39204;Deleted.;
A0089982.reg;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Trojan.StartPage.1505;Deleted.;
A0089983.reg;C:\System Volume Information\_restore{9B88B1E9-C879-4DDB-9A95-726DBBEAC04C}\RP360;Trojan.StartPage.1505;Deleted.;
Bfj61.sys;C:\WINDOWS;BackDoor.Bulknet.112;Deleted.;

=============================================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:57 PM, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Utopia\Angel\Angel.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://games.swirve.com/utopia/login.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas153.exe" /minimize
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas153.exe" /minimize (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2000478354-1123561945-725345543-1004 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User '?')
O4 - S-1-5-21-2000478354-1123561945-725345543-1004 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User '?')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ImageUploader - http://www.zorpia.com/ImageUploader.cab
O16 - DPF: mplay - http://prismix.tv/mplay.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1642804A-BF4B-485B-9CDF-B941F6E49A0E} (BIZPIO_GSP Control) - http://qroqro.bizpio.com/global/gmexec/BIZPIO_GSP.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8AB8BEAA-001B-4F5E-AB26-46D5611B10DE} (CM9ActiveX Object) - http://httppang.playolive.com/joyonpang/fu...r/M9ActiveX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.belairresort.com.au/virtual-tou...abs/svideo3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe
O23 - Service: clr_optimization_v2.0.50215_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe
O23 - Service: CVPND - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RDSessMgr - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RichVideo - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: rpcapd - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe
O23 - Service: RSVP - Unknown owner - C:\WINDOWS\System32\rsvp.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VSS - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\system32\MsPMSPSv.exe (file missing)
O23 - Service: WmiApSrv - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 16550 bytes

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:10 PM

Posted 12 January 2008 - 10:29 AM

Download Sophos Anti-Rootkit & save it to your desktop after filling out the questionaire and reading the EULA.

Note: You will need to enter your name, e-mail address and location in order to access the download page.
  • Double-click sarsfx.exe to extract the files.
  • Click the Accept button at the EULA, then Install to the default directory
  • At the next prompt, click Yes to start the program
  • Make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click the "Start Scan" button.
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)
    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  • When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now

=================


Download and run this program.
http://www.majorgeeks.com/download4372.html

After running it, check your connection.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 JK888

JK888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 13 January 2008 - 01:03 AM

Hey Sam thanks again for spending your time helping me. I have run Sophos and it did not find anything, i also ran the second program and now i can sign into MSN, Mozilla worked for like 1 minute then it says page cannot be loaded. I still can't open up an Internet Explorer it closes itself automatically, I still get the error message HP AiO Device Object Server "RegisterClassObjects failed: hRes = 0x800706BA. The RPC server is unavailable. Maximum retry retry attempts exceeded." and when i go into My Network Connection it also gives me the same error message as before, I also constantly get an error message of where a program goes rong and it has to shutdown and you can report the problem to microsoft that pops up each time i start my computer for the program Skype, 1 more thing out the ordinary is down under the screen next to the start button there are usually tabs of what you have opend eg a Program, well on my comp it doesn't show anything. Here is a fresh HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:55 PM, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Utopia\Angel\Angel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://games.swirve.com/utopia/login.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas153.exe" /minimize
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas153.exe" /minimize (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1123561945-725345543-1004\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2000478354-1123561945-725345543-1004 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User '?')
O4 - S-1-5-21-2000478354-1123561945-725345543-1004 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User '?')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ImageUploader - http://www.zorpia.com/ImageUploader.cab
O16 - DPF: mplay - http://prismix.tv/mplay.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1642804A-BF4B-485B-9CDF-B941F6E49A0E} (BIZPIO_GSP Control) - http://qroqro.bizpio.com/global/gmexec/BIZPIO_GSP.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {8AB8BEAA-001B-4F5E-AB26-46D5611B10DE} (CM9ActiveX Object) - http://httppang.playolive.com/joyonpang/fu...r/M9ActiveX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.belairresort.com.au/virtual-tou...abs/svideo3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\aspnet_state.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe
O23 - Service: clr_optimization_v2.0.50215_32 - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe
O23 - Service: CVPND - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: gusvc - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: mnmsrvc - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RDSessMgr - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RichVideo - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: rpcapd - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe
O23 - Service: RSVP - Unknown owner - C:\WINDOWS\System32\rsvp.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VSS - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINDOWS\system32\MsPMSPSv.exe (file missing)
O23 - Service: WmiApSrv - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 16516 bytes

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:10 PM

Posted 13 January 2008 - 11:01 AM

A few questions...

Do you know what this is for? Did you install it?

O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti


===============


Are you using a firewall? I see signs of Zone Alarm, but it doesn't seem to be running.


===============


Do you have your Windows XP disc?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 JK888

JK888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 15 January 2008 - 02:15 AM

Hey, the Storm Codec I think was codecs that was downloaded for some video files to be bale to be played on my computer.

Previously i had some sort of problem with my internet but then i got Zone Alarm and my internet started working, i have turned it back on (not sure why it wasnt on) but its a trial vrsion and now i can be on the internet with Mozilla Firefox. I still can't open an Internet Explorer, as for the HP error msg i think all i need to do is reinstall the program for my printer.

I am not sure if I have the Windows XP disc.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:10 PM

Posted 15 January 2008 - 06:04 PM

So now you can get online with Firefox right?
Check through the settings of Zone Alarm to make sure that it doesn't have IE blocked.

I can't confirm that Storm Codec is bad, but unknown codecs are a favorite way of malware distributors to get their trojans installed onto your computer. If you can get by without, I'd uninstall/delete it from your computer.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 JK888

JK888
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 20 January 2008 - 04:42 AM

Hey very sorry for some of the late replies and Thank You for still helping me. Yes i can get on FireFox, i have checked the firewall of ZoneAlarm and it has allowed IE to work but it still does not work so i decided to check the windows Firewall and i got a message "Windows Firewall Settings cannot be displayed because the associated service is not running. Do you want to start the SharedAccess service?" this is the same message i got when running SafeMode, My computer still doesnt feel normal :thumbsup: is there any way of restoring it to a previous state before i got the error Msg from AVG of the SVCHOST? (Because this is what i think was the problem that started it all)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users