Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log For Supergirthuk


  • This topic is locked This topic is locked
8 replies to this topic

#1 Supergirthuk

Supergirthuk

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 24 January 2008 - 01:31 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:19:16, on 24/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\wltrysvc.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\cisvc.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wltray.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Windows\system32\cidaemon.exe
C:\Windows\system32\cidaemon.exe
C:\Windows\system32\cidaemon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Stan\My Documents\stinger3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [wltray.exe] C:\Windows\system32\wltray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150957972690
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124115997968
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://www.parquesantiago.com/camaras/AMC.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: req - C:\Windows\
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
O22 - SharedTaskScheduler: {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - cholecyst - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\wltrysvc.exe

--
End of file - 9696 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:59 PM

Posted 25 January 2008 - 08:14 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Supergirthuk

Supergirthuk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 25 January 2008 - 11:25 AM

ComboFix 08-01-23.1C - Stan 2008-01-25 15:51:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.621 [GMT 0:00]
Running from: C:\Documents and Settings\Stan\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\install.exe
C:\Windows\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\Iprip




((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.

2008-01-25 14:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 19:09 . 2008-01-23 19:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 06:59 . 2008-01-23 17:43 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-19 12:37 . 2008-01-19 12:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 12:37 . 2008-01-19 12:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-19 10:40 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2008-01-19 10:40 . 2002-11-06 15:12 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2008-01-19 10:40 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-01-19 10:40 . 2001-08-08 21:00 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
2008-01-19 10:39 . 2008-01-19 10:45 <DIR> d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2008-01-19 10:39 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-15 23:12 . 2008-01-15 23:12 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-15 05:43 . 2008-01-15 05:43 <DIR> d-------- C:\Program Files\SonicWallES
2008-01-15 01:03 . 2008-01-25 01:51 805 --a------ C:\rollback.ini
2008-01-15 00:45 . 2008-01-15 00:45 59 --a------ C:\WINDOWS\wininit.ini
2008-01-15 00:36 . 2008-01-25 15:59 17,269,536 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-15 00:36 . 2008-01-25 15:59 231,320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-15 00:19 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-01-15 00:17 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-01-14 18:08 . 2006-11-11 03:43 933,536 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-01-14 18:08 . 2006-11-11 03:47 527,136 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2008-01-14 18:08 . 2006-11-11 03:44 264,992 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2008-01-14 18:08 . 2006-11-11 03:47 211,744 -ra------ C:\WINDOWS\system32\LVUI2.dll
2008-01-14 18:08 . 2006-11-11 03:45 121,632 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2008-01-14 18:08 . 2006-11-11 02:31 42,594 -ra------ C:\WINDOWS\system32\lvcoinst.ini
2008-01-14 18:08 . 2006-11-11 03:48 40,352 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-01-14 18:08 . 2006-11-11 03:43 13,344 -ra------ C:\WINDOWS\system32\drivers\lv302af.sys
2008-01-14 18:08 . 2006-11-11 02:30 7,734 -ra------ C:\WINDOWS\system32\Repository.reg
2008-01-14 18:03 . 2008-01-14 18:03 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-01-14 17:28 . 2007-10-26 11:20 4,124,352 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-14 17:28 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-01-14 17:27 . 2008-01-14 17:28 <DIR> d-------- C:\Program Files\Realtek AC97
2008-01-14 17:27 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-01-14 17:27 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-01-14 17:27 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-01-14 17:27 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-01-14 17:27 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-01-14 17:27 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-01-14 17:27 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-01-13 23:40 . 2008-01-13 23:40 <DIR> d-------- C:\Program Files\RubyMicro Software
2008-01-13 23:19 . 2008-01-13 23:19 <DIR> d-------- C:\Program Files\SymplisIT
2008-01-13 16:52 . 2008-01-13 18:14 <DIR> d-------- C:\Program Files\RegistryFix
2008-01-11 14:36 . 2008-01-11 14:36 1,409 --a------ C:\WINDOWS\system32\tmp895B8.FOT
2008-01-11 14:36 . 2008-01-11 14:36 1,409 --a------ C:\WINDOWS\system32\tmp456B8.FOT
2008-01-09 18:44 . 2008-01-10 19:46 512 --a------ C:\WINDOWS\_delis32.ini
2008-01-09 18:25 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-09 18:25 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-01-09 18:23 . 2006-10-03 14:35 249,856 --a------ C:\WINDOWS\system32\vsnp2std.dll
2008-01-09 18:11 . 2006-08-17 12:28 721,920 --------- C:\WINDOWS\system32\lsasrv.dll
2008-01-09 18:11 . 2006-10-16 19:03 359,808 --------- C:\WINDOWS\system32\drivers\tcpip.sys
2008-01-08 19:21 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
2008-01-08 17:13 . 2008-01-08 17:13 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-08 17:03 . 2008-01-13 16:16 <DIR> d-------- C:\Program Files\Windows Live
2008-01-08 17:03 . 2008-01-08 17:05 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 19:24 . 2008-01-05 19:24 1,409 --a------ C:\WINDOWS\system32\tmp2BBF1.FOT
2008-01-05 19:24 . 2008-01-05 19:24 1,409 --a------ C:\WINDOWS\system32\tmp02CF1.FOT
2008-01-04 23:49 . 2008-01-05 12:28 <DIR> d-------- C:\Program Files\uTorrent
2008-01-02 17:44 . 2008-01-02 17:44 1,409 --a------ C:\WINDOWS\system32\tmp65DA9.FOT
2008-01-02 17:44 . 2008-01-02 17:44 1,409 --a------ C:\WINDOWS\system32\tmp20EA9.FOT
2008-01-01 23:42 . 2008-01-01 23:42 1,409 --a------ C:\WINDOWS\system32\tmp8435C.FOT
2008-01-01 23:41 . 2008-01-01 23:41 1,409 --a------ C:\WINDOWS\system32\tmpC604C.FOT
2008-01-01 22:54 . 2008-01-01 22:54 1,409 --a------ C:\WINDOWS\system32\tmpB1BF8.FOT
2008-01-01 22:54 . 2008-01-01 22:54 1,409 --a------ C:\WINDOWS\system32\tmp68EF8.FOT
2008-01-01 22:54 . 2008-01-01 22:54 24 --a------ C:\WINDOWS\AM_D8.PRF
2008-01-01 22:45 . 2008-01-01 22:45 <DIR> d-------- C:\Program Files\Ubi Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 23:11 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-15 00:45 --------- d-----w C:\Program Files\MSN Messenger
2008-01-14 18:05 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-14 18:03 --------- d-----w C:\Program Files\Logitech
2008-01-14 17:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 15:41 --------- d-----w C:\Program Files\Realtek
2007-12-19 21:30 --------- d-----w C:\Program Files\Google
2007-12-18 18:16 17,801 ----a-w C:\Windows\system32\drivers\AegisP.sys
2007-12-18 18:14 --------- d-----w C:\Program Files\BT Voyager
2007-12-16 21:27 --------- d-----w C:\Program Files\DivX
2007-12-11 19:46 43,528 ------w C:\Windows\system32\drivers\pxhelp20.sys
2007-12-10 23:26 --------- d-----w C:\Program Files\Roxio
2007-12-10 23:18 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-12-10 18:42 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-08 10:04 --------- d-----w C:\Program Files\Trust
2007-12-08 10:02 646,400 ------w C:\Windows\system32\drivers\CnxEtU.sys
2007-12-08 10:02 60,288 ------w C:\Windows\system32\drivers\CnxEtP.sys
2007-12-08 10:02 108,771 ------w C:\Windows\system32\drivers\CnxTgN.sys
2007-11-28 20:42 --------- d-----w C:\Program Files\Microsoft Games
2007-11-27 19:45 --------- d-----w C:\Program Files\Java
2007-11-27 19:43 --------- d-----w C:\Program Files\Common Files\Java
2007-11-26 13:16 --------- d-----w C:\Program Files\Full Marks
2007-11-25 23:58 315,392 ----a-w C:\Windows\HideWin.exe
2004-07-19 13:21 0 -c--a-w C:\Program Files\Global.sw
1998-06-10 08:27 351 -c--a-w C:\Program Files\EuroSatssci14.del
1998-06-09 15:39 351 -c--a-w C:\Program Files\EuroSatsMaths14.del
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [2006-02-28 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"wltray.exe"="C:\Windows\system32\wltray.exe" [2005-01-29 02:09 696422]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 08:01 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\req]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\Windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stan^Start Menu^Programs^Startup^ubisoft register.lnk]
backup=C:\Windows\pss\ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 10:29 220544 g:\Program Files\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atomfork]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
--a------ 2007-12-08 10:02 462848 C:\Program Files\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--------- 2006-02-28 12:00 15360 C:\Windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus D68 Series]
--------- 2005-01-25 04:00 98304 C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-11-21 23:56 120320 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a--c--- 2006-10-26 23:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HardwareMonitor]
--a------ 2003-08-08 10:55 204800 C:\Program Files\AOpen\SilentTek\RegInformation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iHP-100]
--a------ 2003-08-25 18:08 28672 C:\Program Files\iRiver\iHP100\iHPDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]
--a------ 2004-07-01 21:20 212992 C:\Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_15174078]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_175870859]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_196437]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_1982843]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_2575312]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_307500]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_43851593]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_574171]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_62765781]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_63615343]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_6644531]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_972625]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 16:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
-----c--- 2005-04-14 15:56 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--------- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
--------- 1998-07-03 11:51 25088 d:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2005-10-28 18:08 335872 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-11-22 05:02 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
--a------ 2007-04-14 01:23 393728 C:\Program Files\Registry Clean Expert\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCDEmuApp.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a------ 2002-07-12 10:15 106496 C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\slide.exe]
--------- 2007-06-08 11:47 37760 c:\program files\slide\slide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wltray.exe]
--a------ 2005-01-29 02:09 696422 C:\Windows\system32\wltray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2006-02-28 12:00]
R3 DtvAudio;DtvAudio;C:\Windows\system32\DRIVERS\DtvAudio.sys [2004-02-26 01:42]
R3 DtvVideo;DtvVideo;C:\Windows\system32\DRIVERS\DtvVideo.sys [2004-02-26 02:27]
S2 Ca533av;DV Series Video Capture;C:\Windows\system32\Drivers\Ca533av.sys [2002-10-21 10:37]
S3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;C:\Windows\system32\DRIVERS\CnxEtP.sys [2007-12-08 10:02]
S3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;C:\Windows\system32\DRIVERS\CnxEtU.sys [2007-12-08 10:02]
S3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;C:\Windows\system32\DRIVERS\CnxTgN.sys [2007-12-08 10:02]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2007-11-18 01:12]
S3 p2pgasvc;Peer Networking Group Authentication;C:\Windows\system32\svchost.exe [2006-02-28 12:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\system32\svchost.exe [2006-02-28 12:00]
S3 p2psvc;Peer Networking;C:\Windows\system32\svchost.exe [2006-02-28 12:00]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS [2005-09-07 16:37]
S3 PhilCam8116;Logitech QuickCam Pro 3000 (08B0);C:\Windows\system32\DRIVERS\CamDrO21.sys [2001-08-17 13:05]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\Windows\system32\svchost.exe [2006-02-28 12:00]
S3 RT2500PCI;802.11g Wireless LAN PCI;C:\Windows\system32\DRIVERS\RT2500.sys [2004-01-07 18:33]
S3 USBCamera;DV Series Digital Camera;C:\Windows\system32\Drivers\Bulk533.sys [2002-11-22 08:25]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\DRIVERS\usbprint.sys [2004-08-04 06:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2004-10-22 12:04:10 C:\Windows\Tasks\$$$ntbackup_temp$$$.job"
- C:\WINDOWS\system32\ntbackup.exe
"2004-10-22 08:00:00 C:\Windows\Tasks\2210040900.job"
- C:\WINDOWS\system32\ntbackup.exe÷backup
"2008-01-25 15:00:00 C:\Windows\Tasks\A76C9994911B0A44.job"
- c:\docume~1\stan\applic~1\barbme~1\realspamchic.exe
"2008-01-25 15:25:02 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-25 13:28:00 C:\Windows\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-01-21 12:59:03 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-01-25 16:05:15 C:\Windows\Tasks\User_Feed_Synchronization-{4758456B-E43F-48E6-971C-89A19BB9560E}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 16:06:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-25 16:12:38 - machine was rebooted [Stan]
ComboFix-quarantined-files.txt 2008-01-25 16:12:05
.
2008-01-15 23:12:12 --- E O F ---

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:59 PM

Posted 25 January 2008 - 05:40 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
O22 - SharedTaskScheduler: {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - cholecyst - (no file)



==============


Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
c:\docume~1\stan\applic~1\barbme~1

File::
C:\Windows\Tasks\A76C9994911B0A44.job

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atomfork]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\req]

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.


============



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Supergirthuk

Supergirthuk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 26 January 2008 - 06:38 PM

ComboFix 08-01-23.1C - Stan 2008-01-26 14:52:15.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.548 [GMT 0:00]
Running from: C:\Documents and Settings\Stan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Windows\Tasks\A76C9994911B0A44.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Tasks\A76C9994911B0A44.job

.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-25 14:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 19:09 . 2008-01-23 19:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 06:59 . 2008-01-23 17:43 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-19 12:37 . 2008-01-19 12:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 12:37 . 2008-01-19 12:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-19 10:40 . 2002-11-13 11:14 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2008-01-19 10:40 . 2002-11-06 15:12 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2008-01-19 10:40 . 2002-09-06 11:36 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-01-19 10:40 . 2001-08-08 21:00 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
2008-01-19 10:39 . 2008-01-19 10:45 <DIR> d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2008-01-19 10:39 . 2002-06-13 13:50 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-15 23:12 . 2008-01-15 23:12 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-15 05:43 . 2008-01-15 05:43 <DIR> d-------- C:\Program Files\SonicWallES
2008-01-15 01:03 . 2008-01-26 13:51 805 --a------ C:\rollback.ini
2008-01-15 00:45 . 2008-01-15 00:45 59 --a------ C:\WINDOWS\wininit.ini
2008-01-15 00:36 . 2008-01-26 15:00 17,269,536 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-15 00:36 . 2008-01-26 15:00 242,144 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-15 00:19 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-01-15 00:17 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-01-14 18:08 . 2006-11-11 03:43 933,536 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-01-14 18:08 . 2006-11-11 03:47 527,136 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2008-01-14 18:08 . 2006-11-11 03:44 264,992 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2008-01-14 18:08 . 2006-11-11 03:47 211,744 -ra------ C:\WINDOWS\system32\LVUI2.dll
2008-01-14 18:08 . 2006-11-11 03:45 121,632 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2008-01-14 18:08 . 2006-11-11 02:31 42,594 -ra------ C:\WINDOWS\system32\lvcoinst.ini
2008-01-14 18:08 . 2006-11-11 03:48 40,352 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-01-14 18:08 . 2006-11-11 03:43 13,344 -ra------ C:\WINDOWS\system32\drivers\lv302af.sys
2008-01-14 18:08 . 2006-11-11 02:30 7,734 -ra------ C:\WINDOWS\system32\Repository.reg
2008-01-14 18:03 . 2008-01-14 18:03 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-01-14 17:28 . 2007-10-26 11:20 4,124,352 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-14 17:28 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-01-14 17:27 . 2008-01-14 17:28 <DIR> d-------- C:\Program Files\Realtek AC97
2008-01-14 17:27 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-01-14 17:27 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-01-14 17:27 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-01-14 17:27 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-01-14 17:27 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-01-14 17:27 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-01-14 17:27 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-01-13 23:40 . 2008-01-13 23:40 <DIR> d-------- C:\Program Files\RubyMicro Software
2008-01-13 23:19 . 2008-01-13 23:19 <DIR> d-------- C:\Program Files\SymplisIT
2008-01-13 16:52 . 2008-01-13 18:14 <DIR> d-------- C:\Program Files\RegistryFix
2008-01-11 14:36 . 2008-01-11 14:36 1,409 --a------ C:\WINDOWS\system32\tmp895B8.FOT
2008-01-11 14:36 . 2008-01-11 14:36 1,409 --a------ C:\WINDOWS\system32\tmp456B8.FOT
2008-01-09 18:44 . 2008-01-10 19:46 512 --a------ C:\WINDOWS\_delis32.ini
2008-01-09 18:25 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-09 18:25 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-01-09 18:23 . 2006-10-03 14:35 249,856 --a------ C:\WINDOWS\system32\vsnp2std.dll
2008-01-09 18:11 . 2006-08-17 12:28 721,920 --------- C:\WINDOWS\system32\lsasrv.dll
2008-01-09 18:11 . 2006-10-16 19:03 359,808 --------- C:\WINDOWS\system32\drivers\tcpip.sys
2008-01-08 19:21 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
2008-01-08 17:13 . 2008-01-08 17:13 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-08 17:03 . 2008-01-13 16:16 <DIR> d-------- C:\Program Files\Windows Live
2008-01-08 17:03 . 2008-01-08 17:05 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 19:24 . 2008-01-05 19:24 1,409 --a------ C:\WINDOWS\system32\tmp2BBF1.FOT
2008-01-05 19:24 . 2008-01-05 19:24 1,409 --a------ C:\WINDOWS\system32\tmp02CF1.FOT
2008-01-04 23:49 . 2008-01-05 12:28 <DIR> d-------- C:\Program Files\uTorrent
2008-01-02 17:44 . 2008-01-02 17:44 1,409 --a------ C:\WINDOWS\system32\tmp65DA9.FOT
2008-01-02 17:44 . 2008-01-02 17:44 1,409 --a------ C:\WINDOWS\system32\tmp20EA9.FOT
2008-01-01 23:42 . 2008-01-01 23:42 1,409 --a------ C:\WINDOWS\system32\tmp8435C.FOT
2008-01-01 23:41 . 2008-01-01 23:41 1,409 --a------ C:\WINDOWS\system32\tmpC604C.FOT
2008-01-01 22:54 . 2008-01-01 22:54 1,409 --a------ C:\WINDOWS\system32\tmpB1BF8.FOT
2008-01-01 22:54 . 2008-01-01 22:54 1,409 --a------ C:\WINDOWS\system32\tmp68EF8.FOT
2008-01-01 22:54 . 2008-01-01 22:54 24 --a------ C:\WINDOWS\AM_D8.PRF
2008-01-01 22:45 . 2008-01-01 22:45 <DIR> d-------- C:\Program Files\Ubi Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 23:11 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-15 00:45 --------- d-----w C:\Program Files\MSN Messenger
2008-01-14 18:05 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-14 18:03 --------- d-----w C:\Program Files\Logitech
2008-01-14 17:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 15:41 --------- d-----w C:\Program Files\Realtek
2007-12-19 21:30 --------- d-----w C:\Program Files\Google
2007-12-18 18:16 17,801 ----a-w C:\Windows\system32\drivers\AegisP.sys
2007-12-18 18:14 --------- d-----w C:\Program Files\BT Voyager
2007-12-16 21:27 --------- d-----w C:\Program Files\DivX
2007-12-11 19:46 43,528 ------w C:\Windows\system32\drivers\pxhelp20.sys
2007-12-10 23:26 --------- d-----w C:\Program Files\Roxio
2007-12-10 23:18 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-12-10 18:42 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-12-08 10:04 --------- d-----w C:\Program Files\Trust
2007-12-08 10:02 646,400 ------w C:\Windows\system32\drivers\CnxEtU.sys
2007-12-08 10:02 60,288 ------w C:\Windows\system32\drivers\CnxEtP.sys
2007-12-08 10:02 108,771 ------w C:\Windows\system32\drivers\CnxTgN.sys
2007-11-28 20:42 --------- d-----w C:\Program Files\Microsoft Games
2007-11-27 19:45 --------- d-----w C:\Program Files\Java
2007-11-27 19:43 --------- d-----w C:\Program Files\Common Files\Java
2007-11-26 13:16 --------- d-----w C:\Program Files\Full Marks
2007-11-25 23:58 315,392 ----a-w C:\Windows\HideWin.exe
2004-07-19 13:21 0 -c--a-w C:\Program Files\Global.sw
1998-06-10 08:27 351 -c--a-w C:\Program Files\EuroSatssci14.del
1998-06-09 15:39 351 -c--a-w C:\Program Files\EuroSatsMaths14.del
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [2006-02-28 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"wltray.exe"="C:\Windows\system32\wltray.exe" [2005-01-29 02:09 696422]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 08:01 437160]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\Windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stan^Start Menu^Programs^Startup^ubisoft register.lnk]
backup=C:\Windows\pss\ubisoft register.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 10:29 220544 g:\Program Files\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
--a------ 2007-12-08 10:02 462848 C:\Program Files\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--------- 2006-02-28 12:00 15360 C:\Windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus D68 Series]
--------- 2005-01-25 04:00 98304 C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-11-21 23:56 120320 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a--c--- 2006-10-26 23:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HardwareMonitor]
--a------ 2003-08-08 10:55 204800 C:\Program Files\AOpen\SilentTek\RegInformation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iHP-100]
--a------ 2003-08-25 18:08 28672 C:\Program Files\iRiver\iHP100\iHPDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]
--a------ 2004-07-01 21:20 212992 C:\Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_15174078]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_175870859]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_196437]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_1982843]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_2575312]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_307500]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_43851593]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_574171]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_62765781]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_63615343]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_6644531]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_972625]
--a------ 2006-06-10 09:10 351000 D:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 16:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
-----c--- 2005-04-14 15:56 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--------- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
--------- 1998-07-03 11:51 25088 d:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2005-10-28 18:08 335872 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-11-22 05:02 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
--a------ 2007-04-14 01:23 393728 C:\Program Files\Registry Clean Expert\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCDEmuApp.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--a------ 2002-07-12 10:15 106496 C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\slide.exe]
--------- 2007-06-08 11:47 37760 c:\program files\slide\slide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wltray.exe]
--a------ 2005-01-29 02:09 696422 C:\Windows\system32\wltray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2006-02-28 12:00]
R3 DtvAudio;DtvAudio;C:\Windows\system32\DRIVERS\DtvAudio.sys [2004-02-26 01:42]
R3 DtvVideo;DtvVideo;C:\Windows\system32\DRIVERS\DtvVideo.sys [2004-02-26 02:27]
S2 Ca533av;DV Series Video Capture;C:\Windows\system32\Drivers\Ca533av.sys [2002-10-21 10:37]
S3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;C:\Windows\system32\DRIVERS\CnxEtP.sys [2007-12-08 10:02]
S3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;C:\Windows\system32\DRIVERS\CnxEtU.sys [2007-12-08 10:02]
S3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;C:\Windows\system32\DRIVERS\CnxTgN.sys [2007-12-08 10:02]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2007-11-18 01:12]
S3 p2pgasvc;Peer Networking Group Authentication;C:\Windows\system32\svchost.exe [2006-02-28 12:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\system32\svchost.exe [2006-02-28 12:00]
S3 p2psvc;Peer Networking;C:\Windows\system32\svchost.exe [2006-02-28 12:00]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS [2005-09-07 16:37]
S3 PhilCam8116;Logitech QuickCam Pro 3000 (08B0);C:\Windows\system32\DRIVERS\CamDrO21.sys [2001-08-17 13:05]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\Windows\system32\svchost.exe [2006-02-28 12:00]
S3 RT2500PCI;802.11g Wireless LAN PCI;C:\Windows\system32\DRIVERS\RT2500.sys [2004-01-07 18:33]
S3 USBCamera;DV Series Digital Camera;C:\Windows\system32\Drivers\Bulk533.sys [2002-11-22 08:25]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\DRIVERS\usbprint.sys [2004-08-04 06:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2004-10-22 12:04:10 C:\Windows\Tasks\$$$ntbackup_temp$$$.job"
- C:\WINDOWS\system32\ntbackup.exe
"2004-10-22 08:00:00 C:\Windows\Tasks\2210040900.job"
- C:\WINDOWS\system32\ntbackup.exe÷backup
"2008-01-26 14:25:03 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-26 13:28:00 C:\Windows\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-01-21 12:59:03 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-01-26 15:05:53 C:\Windows\Tasks\User_Feed_Synchronization-{4758456B-E43F-48E6-971C-89A19BB9560E}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 15:05:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 15:11:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-26 15:10:46
ComboFix2.txt 2008-01-25 16:12:40
.
2008-01-15 23:12:12 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29:27, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\wltrysvc.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wltray.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [wltray.exe] C:\Windows\system32\wltray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150957972690
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124115997968
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://www.parquesantiago.com/camaras/AMC.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: req - C:\Windows\
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
O22 - SharedTaskScheduler: {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - cholecyst - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\wltrysvc.exe

--
End of file - 9554 bytes


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/26/2008 at 11:14 PM

Application Version : 3.9.1008

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 07:40:08

Memory items scanned : 474
Memory threats detected : 0
Registry items scanned : 10331
Registry threats detected : 2
File items scanned : 419813
File threats detected : 119

Adware.Tracking Cookie
C:\Documents and Settings\Stan\Cookies\stan@rotabanner468.utro[2].txt
C:\Documents and Settings\Stan\Cookies\stan@server.lon.liveperson[1].txt
C:\Documents and Settings\Stan\Cookies\stan@rotabanner234.utro[1].txt
C:\Documents and Settings\Stan\Cookies\stan@adultwork[1].txt
C:\Documents and Settings\Stan\Cookies\stan@server.iad.liveperson[1].txt
C:\Documents and Settings\Stan\Cookies\stan@imrworldwide[2].txt
C:\Documents and Settings\Stan\Cookies\stan@server.cpmstar[2].txt
C:\Documents and Settings\Stan\Cookies\stan@azjmp[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.googleadservices[2].txt
C:\Documents and Settings\Stan\Cookies\stan@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.googleadservices[4].txt
C:\Documents and Settings\Stan\Cookies\stan@exitexchange[1].txt
C:\Documents and Settings\Stan\Cookies\stan@eas.apm.emediate[1].txt
C:\Documents and Settings\Stan\Cookies\stan@atdmt[2].txt
C:\Documents and Settings\Stan\Cookies\stan@100.media.lbn[1].txt
C:\Documents and Settings\Stan\Cookies\stan@advertising[2].txt
C:\Documents and Settings\Stan\Cookies\stan@richmedia.yahoo[1].txt
C:\Documents and Settings\Stan\Cookies\stan@ads.adbrite[1].txt
C:\Documents and Settings\Stan\Cookies\stan@stats.channel4[1].txt
C:\Documents and Settings\Stan\Cookies\stan@ads.miarroba[1].txt
C:\Documents and Settings\Stan\Cookies\stan@rotabanner100.utro[2].txt
C:\Documents and Settings\Stan\Cookies\stan@www.hardcorebleepingmovie[1].txt
C:\Documents and Settings\Stan\Cookies\stan@hornymatches[1].txt
C:\Documents and Settings\Stan\Cookies\stan@cz5.clickzs[2].txt
C:\Documents and Settings\Stan\Cookies\stan@statcounter[1].txt
C:\Documents and Settings\Stan\Cookies\stan@adbrite[2].txt
C:\Documents and Settings\Stan\Cookies\stan@worldlingomedia[2].txt
C:\Documents and Settings\Stan\Cookies\stan@ads.pubmatic[2].txt
C:\Documents and Settings\Stan\Cookies\stan@www3.addfreestats[1].txt
C:\Documents and Settings\Stan\Cookies\stan@int.sitestat[1].txt
C:\Documents and Settings\Stan\Cookies\stan@ad.yieldmanager[2].txt
C:\Documents and Settings\Stan\Cookies\stan@cz11.clickzs[1].txt
C:\Documents and Settings\Stan\Cookies\stan@porntube[1].txt
C:\Documents and Settings\Stan\Cookies\stan@rocku.adbureau[2].txt
C:\Documents and Settings\Stan\Cookies\stan@track.webgains[2].txt
C:\Documents and Settings\Stan\Cookies\stan@revsci[2].txt
C:\Documents and Settings\Stan\Cookies\stan@tracking.summitmedia.co[1].txt
C:\Documents and Settings\Stan\Cookies\stan@bluestreak[1].txt
C:\Documents and Settings\Stan\Cookies\stan@uk.media.ps3.ign[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.googleadservices[5].txt
C:\Documents and Settings\Stan\Cookies\stan@www6.addfreestats[1].txt
C:\Documents and Settings\Stan\Cookies\stan@atwola[1].txt
C:\Documents and Settings\Stan\Cookies\stan@adecn[2].txt
C:\Documents and Settings\Stan\Cookies\stan@media.adrevolver[2].txt
C:\Documents and Settings\Stan\Cookies\stan@msnportal.112.2o7[1].txt
C:\Documents and Settings\Stan\Cookies\stan@adult.quizardry[1].txt
C:\Documents and Settings\Stan\Cookies\stan@ad1.clickhype[1].txt
C:\Documents and Settings\Stan\Cookies\stan@anad.tacoda[2].txt
C:\Documents and Settings\Stan\Cookies\stan@pornsgates[1].txt
C:\Documents and Settings\Stan\Cookies\stan@yadro[1].txt
C:\Documents and Settings\Stan\Cookies\stan@teeniefiles[2].txt
C:\Documents and Settings\Stan\Cookies\stan@adrevenue[2].txt
C:\Documents and Settings\Stan\Cookies\stan@tracking.ehub-store.co[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.100.rbcmedia[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www7.addfreestats[1].txt
C:\Documents and Settings\Stan\Cookies\stan@webstats.thefa[1].txt
C:\Documents and Settings\Stan\Cookies\stan@allyours.virginmedia[2].txt
C:\Documents and Settings\Stan\Cookies\stan@postclicktracking[1].txt
C:\Documents and Settings\Stan\Cookies\stan@ads.revsci[1].txt
C:\Documents and Settings\Stan\Cookies\stan@adtech[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.clickmanage[2].txt
C:\Documents and Settings\Stan\Cookies\stan@ads.lookery[3].txt
C:\Documents and Settings\Stan\Cookies\stan@statse.webtrendslive[1].txt
C:\Documents and Settings\Stan\Cookies\stan@media.adrevolver[3].txt
C:\Documents and Settings\Stan\Cookies\stan@server.lon.liveperson[4].txt
C:\Documents and Settings\Stan\Cookies\stan@www.eatporno[1].txt
C:\Documents and Settings\Stan\Cookies\stan@ads.gamesbannernet[2].txt
C:\Documents and Settings\Stan\Cookies\stan@ads.jobsite.co[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.sextasya[1].txt
C:\Documents and Settings\Stan\Cookies\stan@ads.techguy[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.ourporntv[1].txt
C:\Documents and Settings\Stan\Cookies\stan@tradedoubler[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.sextasya[3].txt
C:\Documents and Settings\Stan\Cookies\stan@a.websponsors[2].txt
C:\Documents and Settings\Stan\Cookies\stan@2o7[2].txt
C:\Documents and Settings\Stan\Cookies\stan@join.porntube[1].txt
C:\Documents and Settings\Stan\Cookies\stan@ads.lookery[2].txt
C:\Documents and Settings\Stan\Cookies\stan@www.sexvideostation[2].txt
C:\Documents and Settings\Stan\Cookies\stan@server.lon.liveperson[5].txt
C:\Documents and Settings\Stan\Cookies\stan@xiti[1].txt
C:\Documents and Settings\Stan\Cookies\stan@adrevolver[2].txt
C:\Documents and Settings\Stan\Cookies\stan@partygaming.122.2o7[1].txt
C:\Documents and Settings\Stan\Cookies\stan@int.sitestat[2].txt
C:\Documents and Settings\Stan\Cookies\stan@superstats[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.googleadservices[6].txt
C:\Documents and Settings\Stan\Cookies\stan@www.pcmightymax[1].txt
C:\Documents and Settings\Stan\Cookies\stan@ads.pointroll[2].txt
C:\Documents and Settings\Stan\Cookies\stan@socialmedia[2].txt
C:\Documents and Settings\Stan\Cookies\stan@rotabanner.utro[2].txt
C:\Documents and Settings\Stan\Cookies\stan@server.iad.liveperson[3].txt
C:\Documents and Settings\Stan\Cookies\stan@www.googleadservices[3].txt
C:\Documents and Settings\Stan\Cookies\stan@virginmedia[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.virginmedia[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.adultwork[1].txt
C:\Documents and Settings\Stan\Cookies\stan@sexintheuk[2].txt
C:\Documents and Settings\Stan\Cookies\stan@anat.tacoda[2].txt
C:\Documents and Settings\Stan\Cookies\stan@server.lon.liveperson[2].txt
C:\Documents and Settings\Stan\Cookies\stan@stats2.clicktracks[2].txt
C:\Documents and Settings\Stan\Cookies\stan@eyewonder[1].txt
C:\Documents and Settings\Stan\Cookies\stan@precisionclick[1].txt
C:\Documents and Settings\Stan\Cookies\stan@list[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.sexintheuk[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.googleadservices[1].txt
C:\Documents and Settings\Stan\Cookies\stan@zedo[2].txt
C:\Documents and Settings\Stan\Cookies\stan@ads.us.e-planning[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.porntube[1].txt
C:\Documents and Settings\Stan\Cookies\stan@overture[1].txt
C:\Documents and Settings\Stan\Cookies\stan@teenfantasies.blogspot[1].txt
C:\Documents and Settings\Stan\Cookies\stan@www.worldlingomedia[2].txt
C:\Documents and Settings\Stan\Cookies\stan@www.googleadservices[7].txt
C:\Documents and Settings\Stan\Cookies\stan@cover9.adultfriendfinder[1].txt
C:\Documents and Settings\Stan\Cookies\stan@clickaider[2].txt
C:\Documents and Settings\Stan\Cookies\stan@adserver.mediarun[1].txt
C:\Documents and Settings\Stan\Cookies\stan@mediaplex[1].txt
C:\Documents and Settings\Stan\Cookies\stan@smileycentral[1].txt
C:\Documents and Settings\Stan\Cookies\stan@partypoker[2].txt
C:\Documents and Settings\Stan\Cookies\stan@usenext[2].txt
C:\Documents and Settings\Stan\Cookies\stan@www.googleadservices[8].txt

Trojan.NewDotNet
HKU\.DEFAULT\Software\New.net
HKU\S-1-5-18\Software\New.net

Trojan.Downloader-KRDPDRE
C:\DOCUMENTS AND SETTINGS\DANIEL\LOCAL SETTINGS\TEMP\NENUM13E.SYS

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:59 PM

Posted 26 January 2008 - 09:05 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O20 - Winlogon Notify: req - C:\Windows\
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
O22 - SharedTaskScheduler: {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - cholecyst - (no file)



=================



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Reboot and post a new hijackthis log.
Let me know how your computer is working now. Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Supergirthuk

Supergirthuk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 27 January 2008 - 04:25 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:22:30, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\wltrysvc.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wltray.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Windows\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [wltray.exe] C:\Windows\system32\wltray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150957972690
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124115997968
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/instal...edsolutions.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://www.parquesantiago.com/camaras/AMC.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\wltrysvc.exe

--
End of file - 9334 bytes

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:59 PM

Posted 27 January 2008 - 07:06 AM

Let me know how your computer is working now. Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:59 PM

Posted 22 February 2008 - 07:41 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users