Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Quick Hijackthis Checkup


  • This topic is locked This topic is locked
13 replies to this topic

#1 Abyssal

Abyssal

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 24 January 2008 - 05:36 PM

I've recently found a few malware with my Kaspersky and Ad-Aware and run through again with clean scans, but I want to know if my HijackThis is clean. Could someone do a quick checkup on the log?

Thanks. :thumbsup:

Attached Files



BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 02 February 2008 - 09:21 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image

#3 Abyssal

Abyssal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 06 February 2008 - 05:29 PM

All I wish is for someone to look over my hijack this log for any invalid or bad records because my computer is going to be analyzed by a different forum for me to become an moderator. I wish to have a clean record. :thumbsup:

Attached Files



#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 07 February 2008 - 08:41 AM

Please follow my instructions above,thanks.
Posted Image
Posted Image

#5 Abyssal

Abyssal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 07 February 2008 - 04:51 PM

I have scanned with Ad-Aware, Spy-Bot, Spyware Doctor, and Kaspersky for any malware which some were very minor. Could this log be looked over for any invalid or misleading entries?

________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:28 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\csrss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
J:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
J:\WINDOWS\eHome\ehRecvr.exe
J:\WINDOWS\eHome\ehSched.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\iolo\common\lib\ioloServiceManager.exe
J:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
J:\WINDOWS\system32\nvsvc32.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\ehome\mcrdsvc.exe
J:\Program Files\Windows Media Player\WMPNetwk.exe
J:\WINDOWS\ehome\ehtray.exe
J:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
J:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
J:\WINDOWS\system32\rundll32.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
J:\WINDOWS\system32\RUNDLL32.EXE
J:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
J:\Program Files\WhatPulse\WhatPulse.exe
J:\Documents and Settings\Guitar Legend\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
J:\WINDOWS\system32\dllhost.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\System32\alg.exe
J:\WINDOWS\eHome\ehmsas.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\QuickTime\QuickTimePlayer.exe
J:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
J:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\My Lockbox\flockbox.exe
J:\Program Files\GlovePIE\GlovePIE.exe
J:\Program Files\uTorrent\uTorrent.exe
J:\Program Files\Trillian\trillian.exe
J:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
J:\Program Files\iTunes\iTunes.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Documents and Settings\Guitar Legend\Desktop\Extra\HiJackThis.exe
J:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 38.96.182.20 ads.adbrite.com
O1 - Hosts: 208.67.67.11 adserving.cpxinteractive.com
O1 - Hosts: 72.14.207.191 freerapidsharedownload.blogspot.com
O1 - Hosts: 216.250.177.235 ads.shoppingads.com
O1 - Hosts: 213.202.254.38 bux.to
O1 - Hosts: 64.214.185.146 adbux.org
O1 - Hosts: 64.13.232.199 www.funponsel.com
O1 - Hosts: 124.217.247.89 warez.fewett.net
O1 - Hosts: 195.122.131.2 rapidshare.com
O1 - Hosts: 195.122.131.146 rs145.rapidshare.com
O1 - Hosts: 195.122.131.250 ssl.rapidshare.com
O1 - Hosts: 62.67.50.150 rs349l3.rapidshare.com
O1 - Hosts: 62.67.50.101 rs300l3.rapidshare.com
O1 - Hosts: 62.67.50.171 rs370l3.rapidshare.com
O1 - Hosts: 209.222.148.142 sexuploader.com
O1 - Hosts: 209.222.148.145 www.megarotic.com
O1 - Hosts: 69.5.88.82 video.megarotic.com
O1 - Hosts: 89.185.228.120 www.newtorrents.info
O1 - Hosts: 89.185.228.142 www.rlslog.net
O1 - Hosts: 72.3.140.229 www.axill.com
O1 - Hosts: 83.149.119.37 www.newzleech.com
O1 - Hosts: 212.204.240.107 www.shemes.com
O1 - Hosts: 74.52.137.82 mmovp.net
O1 - Hosts: 72.14.207.191 directlinkzdownload.blogspot.com
O1 - Hosts: 66.29.9.69 www.fulldls.com
O1 - Hosts: 69.60.11.38 www.guitarhero.com
O1 - Hosts: 67.15.208.173 www.warez-news.com
O1 - Hosts: 67.15.208.176 www.harwester.com
O1 - Hosts: 85.17.52.239 www.nforce.nl
O1 - Hosts: 85.17.52.231 www.mediahump.com
O1 - Hosts: 208.65.153.238 www.youtube.com
O1 - Hosts: 87.233.147.140 www.mininova.org
O1 - Hosts: 72.246.99.64 d3.zedo.com
O1 - Hosts: 75.126.227.114 www.fretsonfire.net
O1 - Hosts: 38.99.76.228 img183.imageshack.us
O1 - Hosts: 38.114.196.10 www.mediafire.com
O1 - Hosts: 67.15.146.41 www.guitarzero2.proboards78.com
O1 - Hosts: 69.80.228.120 www.badongo.com
O1 - Hosts: 208.67.70.3 ad.adnetinteractive.com
O1 - Hosts: 208.75.87.120 pmsrvr.com
O1 - Hosts: 216.246.14.25 roia.biz
O1 - Hosts: 68.178.254.109 www.glasscityracing.com
O1 - Hosts: 195.66.135.131 tinyurl.com
O1 - Hosts: 216.239.113.172 www.gamespot.com
O1 - Hosts: 74.86.235.236 fretsonfire.wikidot.com
O1 - Hosts: 85.12.8.16 btjunkie.org
O1 - Hosts: 83.140.176.146 thepiratebay.org
O1 - Hosts: 72.14.207.191 bloggowitz.blogspot.com
O1 - Hosts: 195.122.131.253 games.rapidshare.com
O1 - Hosts: 72.246.99.80 search.live.com
O1 - Hosts: 72.52.67.60 djnilo.weebly.com
O1 - Hosts: 205.234.232.50 www.warungplus.com
O1 - Hosts: 62.67.50.187 rs386l3.rapidshare.com
O1 - Hosts: 62.67.50.176 rs375l3.rapidshare.com
O1 - Hosts: 195.122.131.20 rs19l3.rapidshare.com
O1 - Hosts: 38.101.109.235 d01.megashares.com
O1 - Hosts: 38.101.109.252 webprod3.megashares.com
O1 - Hosts: 62.67.50.97 rs296l3.rapidshare.com
O1 - Hosts: 195.122.131.101 rs100.rapidshare.com
O1 - Hosts: 64.72.119.195 ione-warez.com
O1 - Hosts: 207.226.172.242 friendlyfiles.net
O1 - Hosts: 209.9.169.246 xu12.friendlyfiles.net
O1 - Hosts: 74.208.46.19 www.flyupload.com
O1 - Hosts: 204.11.109.21 a.tribalfusion.com
O1 - Hosts: 216.36.248.40 50010.smartbizsearch.com
O1 - Hosts: 64.94.186.79 www.dealtime.com
O1 - Hosts: 65.205.8.52 ad.doubleclick.net
O1 - Hosts: 69.65.100.107 filext.com
O1 - Hosts: 209.160.73.126 forum.tip.it
O1 - Hosts: 209.183.226.152 www.techguy.org
O1 - Hosts: 84.234.18.51 www.mybittorrent.com
O1 - Hosts: 209.183.226.152 forums.techguy.org
O1 - Hosts: 199.199.211.35 www.torrentportal.com
O1 - Hosts: 66.90.69.6 images.torrentportal.com
O1 - Hosts: 82.96.62.68 www.webhallen.com
O1 - Hosts: 72.5.72.7 www.gaiaonline.com
O1 - Hosts: 208.65.153.238 youtube.com
O1 - Hosts: 74.208.9.140 www.scorehero.com
O1 - Hosts: 64.72.116.227 www.savefile.com
O1 - Hosts: 72.246.99.9 as.casalemedia.com
O1 - Hosts: 208.97.184.201 www.rarewares.org
O1 - Hosts: 152.46.7.80 www.ibiblio.org
O1 - Hosts: 152.46.7.80 ftp.ibiblio.org
O1 - Hosts: 64.225.158.192 www.softpedia.com
O1 - Hosts: 66.35.250.168 freshmeat.net
O1 - Hosts: 66.35.250.203 sourceforge.net
O1 - Hosts: 216.239.122.225 www.download.com
O1 - Hosts: 216.239.116.65 bwp.download.com
O1 - Hosts: 152.46.7.80 ibiblio.org
O1 - Hosts: 128.61.111.11 ftp.oss.cc.gatech.edu
O1 - Hosts: 130.206.1.5 sunsite.rediris.es
O1 - Hosts: 64.72.123.3 zshare.net
O1 - Hosts: 64.72.123.3 www.zshare.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - J:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - J:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O4 - HKLM\..\Run: [ehTray] J:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] J:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] J:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] J:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "J:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [WhatPulse] J:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] J:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - Startup: YouTube Uploader.lnk = J:\Documents and Settings\Guitar Legend\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O8 - Extra context menu item: Add to &LinkFox - res://J:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: Add to Anti-Banner - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - J:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - J:\Program Files\Common Files\ReGet Shared\CC_All.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Spy - {16664849-0E00-11D2-8059-000000000000} - J:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra 'Tools' menuitem: MSIE &Spy - {16664849-0E00-11D2-8059-000000000000} - J:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - AppInit_DLLs: J:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - J:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Capture Device Service - InterVideo Inc. - J:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - J:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - J:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - J:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - J:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - J:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - J:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - J:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - J:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 14412 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 07 February 2008 - 06:12 PM

Download HostsXpert 3.8:
http://www.funkytoad.com/download/HostsXpert.zip
1. Extract the zip file to your desktop or a permanent folder on your hard drive.
2. Open the folder and double-click on the Hoster.exe
3. Press "Restore Microsofts Original Hosts File"
4. Press "OK" and exit the program.


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,NOT for private use.

Now download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop

Do not run it just yet.

Now please go here and follow the instructions to install the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#7 Abyssal

Abyssal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 07 February 2008 - 09:06 PM

ComboFix 08-02.05.3 - Guitar Legend 2008-02-07 21:00:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2135 [GMT -5:00]
Running from: J:\Documents and Settings\Guitar Legend\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

J:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
J:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
J:\Program Files\ADSTechnology
J:\Program Files\ADSTechnology\ADSTechnology.dll
J:\WINDOWS\system32\_000003_.tmp.dll
J:\WINDOWS\system32\_000005_.tmp.dll
J:\WINDOWS\system32\_000007_.tmp.dll
J:\WINDOWS\system32\_000008_.tmp.dll
J:\WINDOWS\system32\_000009_.tmp.dll
J:\WINDOWS\system32\_000010_.tmp.dll
J:\WINDOWS\system32\_000011_.tmp.dll
J:\WINDOWS\system32\F1C9E704D7.dll
J:\WINDOWS\system32\systeminfo3.dll

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-07 20:57 . 2004-08-10 06:00 260,272 -r-hs---- J:\cmldr
2008-02-05 21:01 . 2008-02-05 21:01 <DIR> d-------- J:\Program Files\Uniblue
2008-02-05 21:01 . 2008-02-05 21:01 <DIR> d-------- J:\Documents and Settings\Guitar Legend\Application Data\Uniblue
2008-02-05 20:39 . 2007-12-10 14:24 159,458 --a------ J:\WINDOWS\system32\nvapps.nvb
2008-02-05 20:31 . 2008-02-05 20:31 5 --a------ J:\WINDOWS\system32\drivers\DELL_DIM_E521.MRK
2008-02-05 20:31 . 2008-02-05 20:31 5 --a------ J:\WINDOWS\system32\drivers\1028_DELL_DIM_E521.MRK
2008-02-05 20:30 . 2006-04-14 14:00 208,896 --------- J:\WINDOWS\system32\nvuide.exe
2008-02-05 20:30 . 2006-02-20 13:00 1,570 --------- J:\WINDOWS\system32\nvide.nvu
2008-02-05 20:29 . 2006-12-18 16:33 356,352 --a------ J:\WINDOWS\system32\nvusmb.exe
2008-02-05 20:29 . 2006-02-20 13:00 1,864 --a------ J:\WINDOWS\system32\nvsmb.nvu
2008-02-05 20:15 . 2008-02-05 21:27 <DIR> d-------- J:\WINDOWS\nview
2008-02-05 20:15 . 2007-12-05 01:41 356,352 --a------ J:\WINDOWS\system32\nvuninst.exe
2008-02-05 20:15 . 2007-12-05 01:41 356,352 --a------ J:\WINDOWS\system32\nvudisp.exe
2008-02-05 20:15 . 2008-02-05 21:27 165,317 --a------ J:\WINDOWS\system32\nvapps.xml
2008-02-05 20:15 . 2007-12-05 01:41 17,737 --a------ J:\WINDOWS\system32\nvdisp.nvu
2008-02-05 16:45 . 2008-02-05 16:45 472,576 --a------ J:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe
2008-02-03 18:54 . 2008-02-03 18:54 <DIR> d-------- J:\Program Files\Audacity
2008-02-03 11:24 . 2008-02-03 11:24 107,888 --a------ J:\WINDOWS\system32\CmdLineExt.dll
2008-02-03 11:16 . 2008-02-03 11:16 <DIR> d-------- J:\Program Files\Aspyr
2008-02-03 10:48 . 2008-02-03 10:48 <DIR> d-------- J:\Program Files\MagicISO
2008-02-02 17:51 . 2008-02-02 17:51 <DIR> d-------- J:\Program Files\CloneDVD
2008-02-02 17:51 . 2008-02-02 17:51 <DIR> d-------- J:\Documents and Settings\Guitar Legend\Application Data\Vso
2008-02-02 17:51 . 2008-02-02 17:51 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\DVDXStudio
2008-02-02 17:51 . 2008-02-02 17:51 81,920 --a------ J:\Documents and Settings\Guitar Legend\Application Data\ezpinst.exe
2008-02-02 17:51 . 2008-02-02 17:51 47,360 --a------ J:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-02 17:51 . 2008-02-02 17:51 47,360 --a------ J:\Documents and Settings\Guitar Legend\Application Data\pcouffin.sys
2008-02-02 13:04 . 2008-02-02 13:04 <DIR> d-------- J:\Documents and Settings\Guitar Legend\Application Data\RapidGet
2008-01-30 10:27 . 2008-02-05 20:41 <DIR> d-------- J:\Program Files\TweakMASTER
2008-01-30 10:27 . 2008-01-30 10:27 <DIR> d-------- J:\Documents and Settings\Guitar Legend\Application Data\Hagel Technologies
2008-01-30 10:27 . 2008-02-05 20:34 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-01-28 18:25 . 2008-01-28 18:25 <DIR> d-------- J:\WINDOWS\system32\quicktime
2008-01-28 18:25 . 2008-01-28 18:25 <DIR> d-------- J:\Program Files\AVI Codec Pack
2008-01-27 19:05 . 2002-06-13 04:08 143,360 --------- J:\WINDOWS\system32\RALMain.dll
2008-01-27 19:05 . 2002-02-12 15:56 32,768 --------- J:\WINDOWS\system32\MLPagAx.dll
2008-01-27 18:58 . 2007-12-13 20:13 17,264 --a------ J:\WINDOWS\system32\drivers\mprifl.sys
2008-01-26 21:29 . 2008-01-26 21:42 <DIR> d-------- J:\Program Files\Your Uninstaller 2008
2008-01-25 21:28 . 2008-02-02 10:46 <DIR> d-------- J:\Program Files\Frets on Fire
2008-01-25 21:28 . 2008-01-25 21:30 <DIR> d-------- J:\Documents and Settings\Guitar Legend\Application Data\fretsonfire
2008-01-25 20:19 . 2008-01-25 20:23 <DIR> d-------- J:\WINDOWS\speech
2008-01-25 20:18 . 2008-01-25 20:18 796,672 --a------ J:\WINDOWS\GPInstall.exe
2008-01-25 20:18 . 2000-08-10 23:06 7,883 --a------ J:\WINDOWS\Eng_UK.gpl
2008-01-25 18:49 . 2008-01-25 18:49 <DIR> d-------- J:\Program Files\Sun
2008-01-25 18:36 . 2008-01-25 18:41 <DIR> d-------- J:\Documents and Settings\Guitar Legend\.SunDownloadManager
2008-01-24 17:06 . 2008-01-24 17:06 <DIR> d-------- J:\WINDOWS\Performance
2008-01-24 17:06 . 2008-01-24 17:06 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-01-24 16:35 . 2008-02-05 20:42 <DIR> d-------- J:\Program Files\WhatPulse
2008-01-23 17:08 . 2007-06-28 18:55 77,824 --a------ J:\WINDOWS\system32\xvid.ax
2008-01-22 17:47 . 2008-01-22 17:47 <DIR> d-------- J:\Program Files\Axialis
2008-01-22 17:14 . 2008-01-22 17:50 <DIR> d-------- J:\Program Files\CursorXP
2008-01-20 11:33 . 2008-01-20 11:33 <DIR> d-------- J:\Documents and Settings\Guitar Legend\Application Data\Talkback
2008-01-20 11:33 . 2008-01-20 11:33 0 --a------ J:\WINDOWS\nsreg.dat
2008-01-19 17:13 . 2006-10-22 21:23 67,384 -ra------ J:\WINDOWS\system32\btwusb.sys
2008-01-19 17:13 . 2006-10-22 21:23 19,436 -ra------ J:\WINDOWS\system32\frmupgr.sys
2008-01-18 17:54 . 2008-01-18 21:31 <DIR> d-------- J:\Program Files\GameSpy Arcade
2008-01-18 10:44 . 2008-02-06 07:15 <DIR> d-a------ J:\Documents and Settings\All Users\Application Data\TEMP
2008-01-18 10:44 . 2007-12-10 14:53 81,288 --a------ J:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-18 10:44 . 2007-12-10 14:53 66,952 --a------ J:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-18 10:44 . 2007-12-10 14:53 41,864 --a------ J:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-18 10:44 . 2007-12-10 14:53 29,576 --a------ J:\WINDOWS\system32\drivers\kcom.sys
2008-01-18 10:43 . 2008-01-18 10:43 <DIR> d-------- J:\Documents and Settings\Guitar Legend\Application Data\PC Tools
2008-01-17 16:15 . 2008-01-17 16:15 <DIR> d-------- J:\Documents and Settings\Guitar Legend\Application Data\Protexis Inc
2008-01-17 16:15 . 2008-01-17 16:15 <DIR> d-------- J:\Documents and Settings\All Users\Application Data\Protexis
2008-01-17 16:07 . 1995-05-05 11:50 14,025 --------- J:\WINDOWS\Twaincap.ini
2008-01-17 16:07 . 1997-06-11 09:02 5,526 --------- J:\WINDOWS\Twaincap.src
2008-01-17 16:06 . 2002-01-05 14:48 974,848 -r------- J:\WINDOWS\system32\MFC70.DLL
2008-01-17 16:06 . 2002-01-05 13:40 487,424 -r------- J:\WINDOWS\system32\MSVCP70.DLL
2008-01-17 16:06 . 2002-06-20 09:56 450,641 --------- J:\WINDOWS\system32\DiskIO.dll
2008-01-17 16:06 . 2002-01-05 13:37 344,064 -r------- J:\WINDOWS\system32\MSVCR70.DLL
2008-01-17 16:06 . 2002-07-23 15:47 80,904 --------- J:\WINDOWS\system32\drivers\U2SB.sys
2008-01-17 16:06 . 2002-07-23 11:46 49,152 --------- J:\WINDOWS\system32\PCLEGetGuid.dll
2008-01-17 16:06 . 2002-06-11 04:03 32,838 --------- J:\WINDOWS\system32\Cachex.dll
2008-01-17 16:06 . 2002-04-02 15:05 6,369 --a------ J:\WINDOWS\system32\drivers\pctvvbi.sys
2008-01-17 16:03 . 2008-01-17 16:03 <DIR> d-------- J:\WINDOWS\PCTV Bungee V1.50
2008-01-17 15:15 . 2008-01-17 15:15 <DIR> d-------- J:\Documents and Settings\Guitar Legend\Application Data\InterVideo
2008-01-17 14:04 . 2008-01-17 16:06 <DIR> d-------- J:\Program Files\Pinnacle
2008-01-17 14:04 . 1998-11-02 20:57 196,096 --------- J:\WINDOWS\system32\Macd32.dll
2008-01-17 14:04 . 1998-11-02 20:57 138,752 --------- J:\WINDOWS\system32\Mase32.dll
2008-01-17 14:04 . 1998-11-02 20:57 136,192 --------- J:\WINDOWS\system32\Mamc32.dll
2008-01-17 14:04 . 1998-11-02 20:57 57,856 --------- J:\WINDOWS\system32\Masd32.dll
2008-01-17 14:04 . 1998-11-02 20:57 27,648 --------- J:\WINDOWS\system32\Ma32.dll
2008-01-16 18:54 . 2008-01-16 18:54 376 --a------ J:\WINDOWS\ODBC.INI
2008-01-16 18:51 . 2008-01-16 18:52 <DIR> d-------- J:\WINDOWS\SHELLNEW
2008-01-16 17:29 . 2008-01-16 17:29 <DIR> d-------- J:\Program Files\Ragdoll Masters
2008-01-15 18:17 . 2004-08-03 23:10 25,600 --a------ J:\WINDOWS\system32\drivers\hidbth.sys
2008-01-15 18:17 . 2004-08-03 23:10 25,600 --a--c--- J:\WINDOWS\system32\dllcache\hidbth.sys
2008-01-15 17:27 . 2004-08-03 23:10 274,304 --a------ J:\WINDOWS\system32\drivers\bthport.sys
2008-01-15 17:27 . 2004-08-03 23:10 274,304 --a--c--- J:\WINDOWS\system32\dllcache\bthport.sys
2008-01-15 17:27 . 2004-08-03 23:10 18,944 --a------ J:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-01-15 17:27 . 2004-08-03 23:10 18,944 --a--c--- J:\WINDOWS\system32\dllcache\bthusb.sys
2008-01-15 17:05 . 2008-02-05 21:27 54,156 --ah----- J:\WINDOWS\QTFont.qfn
2008-01-15 17:05 . 2008-01-15 17:05 1,409 --a------ J:\WINDOWS\QTFont.for
2008-01-15 17:04 . 2008-01-15 17:04 <DIR> d-------- J:\Program Files\iTunes
2008-01-15 17:04 . 2008-01-15 17:04 <DIR> d-------- J:\Program Files\iPod
2008-01-15 16:28 . 2008-01-15 16:28 <DIR> d-------- J:\Program Files\CCleaner
2008-01-14 20:44 . 2008-01-25 23:51 32 --a------ J:\WINDOWS\0
2008-01-14 20:44 . 2008-01-14 20:44 0 --a------ J:\WINDOWS\system32\0
2008-01-14 20:38 . 2008-01-25 23:07 <DIR> d-------- J:\Program Files\Parallel Port Joystick
2008-01-14 20:33 . 2008-01-25 23:07 <DIR> d-------- J:\Documents and Settings\Guitar Legend\Application Data\GetRightToGo
2008-01-14 20:19 . 2008-01-19 16:29 <DIR> d-------- J:\WINDOWS\system32\XPSViewer
2008-01-14 17:10 . 2008-02-03 11:41 <DIR> d-------- J:\Program Files\GlovePIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 02:02 31,458,592 --sha-w J:\WINDOWS\system32\drivers\fidbox.dat
2008-02-08 02:02 1,554,208 --sha-w J:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-08 00:51 --------- d-----w J:\Documents and Settings\Guitar Legend\Application Data\uTorrent
2008-02-07 03:43 --------- d-----w J:\Program Files\Trillian
2008-02-06 05:24 --------- d-----w J:\Program Files\Spyware Doctor
2008-02-06 02:27 --------- d-----w J:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-06 02:26 421,112 --sha-w J:\WINDOWS\system32\drivers\fidbox.idx
2008-02-06 02:26 149,252 --sha-w J:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-06 01:41 --------- d-----w J:\Program Files\TechTracker
2008-02-06 01:41 --------- d-----w J:\Program Files\ReGet Software
2008-02-06 01:41 --------- d-----w J:\Program Files\CyberScrub Privacy Suite
2008-02-05 22:14 --------- d-----w J:\Program Files\NVIDIA Corporation
2008-02-03 03:22 --------- d-----w J:\Program Files\SystemRequirementsLab
2008-01-31 18:57 91,700 ----a-w J:\WINDOWS\system32\drivers\klin.dat
2008-01-27 23:58 --------- d-----w J:\Program Files\My Lockbox
2008-01-27 02:35 --------- d-----w J:\Documents and Settings\Guitar Legend\Application Data\URSoft
2008-01-27 01:57 --------- d-----w J:\Program Files\Driver Magician
2008-01-25 23:49 --------- d-----w J:\Program Files\Java
2008-01-24 22:05 --------- d-----w J:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-01-23 22:08 --------- d-----w J:\Program Files\Xvid
2008-01-23 21:57 --------- d-----w J:\Documents and Settings\Guitar Legend\Application Data\ReGet Software
2008-01-20 02:19 --------- d-----w J:\Program Files\RadarSync
2008-01-19 00:40 --------- d-----w J:\Program Files\Microsoft Games
2008-01-17 21:06 --------- d--h--w J:\Program Files\InstallShield Installation Information
2008-01-15 22:02 --------- d-----w J:\Program Files\QuickTime
2008-01-13 22:45 --------- d-----w J:\Program Files\Common Files\Adobe
2008-01-13 22:23 --------- d-----w J:\Program Files\Bonjour
2008-01-13 15:50 --------- d-----w J:\Program Files\MSECache
2008-01-10 18:36 --------- d-----w J:\Program Files\Common Files\ReGet Shared
2008-01-08 02:20 --------- d-----w J:\Documents and Settings\Guitar Legend\Application Data\Apple Computer
2008-01-07 02:03 --------- d-----w J:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2008-01-07 01:24 572 ----a-w J:\WINDOWS\system32\drivers\sthdae.log
2008-01-07 01:13 --------- d-----w J:\Program Files\Microsoft IntelliPoint
2008-01-07 01:07 --------- d-----w J:\Program Files\SigmaTel
2008-01-06 23:39 --------- d-----w J:\Documents and Settings\Guitar Legend\Application Data\CyberScrub
2008-01-06 22:58 --------- d-----w J:\Program Files\Microsoft Silverlight
2008-01-06 22:44 359,808 ----a-w J:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-01-06 03:07 --------- d-----w J:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-01-06 01:49 --------- d-----w J:\Program Files\Dell
2008-01-06 01:32 --------- d-----w J:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-01-06 01:20 23,600 ----a-w J:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-06 01:14 --------- d-----w J:\Program Files\AMD
2008-01-05 18:53 6,678,919 ----a-w J:\WINDOWS\system32\VIPv3_EXT.dll
2008-01-05 18:36 --------- d-----w J:\Program Files\IconTweaker
2008-01-05 18:36 --------- d-----w J:\Documents and Settings\All Users\Application Data\IconTweaker
2008-01-05 18:18 --------- d-----w J:\Documents and Settings\Guitar Legend\Application Data\iolo
2008-01-05 17:46 --------- d-----w J:\Program Files\iolo
2008-01-05 17:46 --------- d-----w J:\Documents and Settings\LocalService\Application Data\iolo
2008-01-05 17:46 --------- d-----w J:\Documents and Settings\All Users\Application Data\iolo
2008-01-05 17:44 74,703 ----a-w J:\WINDOWS\system32\mfc45.dll
2008-01-05 17:29 --------- d-----w J:\Documents and Settings\All Users\Application Data\PCPitstop
2008-01-05 17:24 0 ---ha-w J:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-05 17:24 0 ---ha-w J:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-01-05 17:22 --------- d-----w J:\Program Files\ImgBurn
2008-01-05 17:22 --------- d-----w J:\Program Files\HP DeskJet 880C Series
2008-01-05 17:13 --------- d-----w J:\Program Files\CONEXANT
2008-01-05 16:47 --------- d-----w J:\Program Files\TuneUp Utilities 2008
2008-01-05 16:46 306,432 ----a-w J:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-05 16:45 --------- d-----w J:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-05 07:42 --------- d-----w J:\Program Files\ANI
2008-01-05 07:42 --------- d-----w J:\Documents and Settings\Guitar Legend\Application Data\InstallShield
2008-01-05 06:28 --------- d-----w J:\Documents and Settings\Guitar Legend\Application Data\Systweak
2008-01-05 06:28 --------- d-----w J:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 06:23 --------- d-----w J:\Documents and Settings\Guitar Legend\Application Data\TuneUp Software
2008-01-05 05:57 --------- d-----w J:\Program Files\Pivot Stickfigure Animator
2008-01-05 05:56 --------- d-----w J:\Program Files\PCPitstop
2008-01-05 05:56 --------- d-----w J:\Program Files\PC Wizard 2008
2008-01-05 05:56 --------- d-----w J:\Program Files\Orb Networks
2008-01-05 05:56 --------- d-----w J:\Program Files\MSXML 6.0
2008-01-05 05:56 --------- d-----w J:\Program Files\MSXML 4.0
2008-01-05 05:56 --------- d-----w J:\Program Files\MSBuild
2008-01-05 05:56 --------- d-----w J:\Program Files\Minilyrics
2008-01-05 05:56 --------- d-----w J:\Program Files\Microsoft.NET
2008-01-05 05:55 --------- d-----w J:\Program Files\LimeWire
2008-01-05 05:55 --------- d-----w J:\Program Files\Lemonade Tycoon 2
2008-01-05 05:55 --------- d-----w J:\Program Files\Lavasoft
2008-01-05 05:54 --------- d-----w J:\Program Files\Microsoft LifeCam
2008-01-05 05:52 --------- d-----w J:\Program Files\Microsoft IntelliType Pro
2008-01-05 05:50 --------- d-----w J:\Program Files\Microsoft ActiveSync
2008-01-05 05:47 --------- d-----w J:\Program Files\Infogrames Interactive
2008-01-05 05:44 --------- d-----w J:\Program Files\Google
2008-01-05 05:44 --------- d-----w J:\Program Files\Ghost Control
2008-01-05 05:44 --------- d-----w J:\Program Files\FrostWire
2008-01-05 05:44 --------- d-----w J:\Program Files\Driver-Soft
2008-01-05 05:44 --------- d-----w J:\Program Files\DivX
2008-01-05 05:44 --------- d-----w J:\Program Files\Dell Support Center
2008-01-05 05:44 --------- d-----w J:\Program Files\D-Link
2008-01-05 05:43 --------- d-----w J:\Program Files\DAEMON Tools
2008-01-05 05:39 --------- d-----w J:\Program Files\Common Files\InstallShield
2008-01-05 05:38 --------- d-sh--w J:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 05:38 --------- d-----w J:\Program Files\Common Files\xing shared
2008-01-05 05:38 --------- d-----w J:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 05:38 --------- d-----w J:\Program Files\Common Files\Synacast
2008-01-05 05:38 --------- d-----w J:\Program Files\Common Files\supportsoft
2008-01-05 05:38 --------- d-----w J:\Program Files\Common Files\Real
2008-01-05 05:38 --------- d-----w J:\Program Files\Common Files\Java
2008-01-05 05:38 --------- d-----w J:\Program Files\Broadcom
2008-01-05 05:37 --------- d-----w J:\Program Files\Diskeeper Corporation
2008-01-05 05:37 --------- d-----w J:\Program Files\dirLock
2008-01-05 05:37 --------- d-----w J:\Program Files\DIFX
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="J:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2007-12-21 18:17 196864]
"WhatPulse"="J:\Program Files\WhatPulse\WhatPulse.exe" [2006-08-21 12:48 665600]
"Uniblue SpeedUpMyPC"="J:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-01-29 09:46 9442584]
"ctfmon.exe"="J:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="J:\WINDOWS\ehome\ehtray.exe" [2005-08-05 16:56 64512]
"D-Link Wireless G WUA-1340"="J:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 19:25 1662976]
"ANIWZCS2Service"="J:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 14:49 49152]
"Adobe Reader Speed Launcher"="J:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NeroFilterCheck"="J:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 17:57 153136]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 J:\WINDOWS\system32\bthprops.cpl]
"iTunesHelper"="J:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"SunJavaUpdateSched"="J:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"AVP"="J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 15:51 218376]
"NvCplDaemon"="J:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 J:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="J:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

J:\Documents and Settings\Guitar Legend\Start Menu\Programs\Startup\
YouTube Uploader.lnk - J:\Documents and Settings\Guitar Legend\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 16:33:08 71152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= J:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= J:\WINDOWS\Resources\Themes\Royale.theme
"RunStartupScriptSync"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=J:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 06:00 15360 J:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ahs---- 2004-10-13 11:24 1694208 J:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIPv3_Auto_Update]
--a------ 2006-09-08 18:54 23723 J:\WINDOWS\VIPv3\CheckForUpdates.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Startup Manager"="J:\Program Files\Advanced System Optimizer\startUp manager.exe"
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="J:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"Google Update"="J:\Documents and Settings\Guitar Legend\Local Settings\Application Data\Google\Update\1.0.103.0\GoogleUpdate.exe"
"ctfmon.exe"=J:\WINDOWS\system32\ctfmon.exe
"WMPNSCFG"=J:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UVS11 Preload"=J:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
"NBKeyScan"="J:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"QuickTime Task"="J:\Program Files\QuickTime\qttask.exe" -atboottime
"flockbox"=J:\Program Files\My Lockbox\flockbox.exe /a
"TkBellExe"="J:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"TweakMASTER"="J:\PROGRA~1\TWEAKM~1\TMTray.exe"
"NvCplDaemon"=RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
"Vistadrv"=J:\WINDOWS\VIPv3\VIPhd\vsdrv.exe
"MSConfig"=J:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

R0 MPRIFL;MPRIFL;J:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 20:13]
R2 ioloFileInfoList;iolo FileInfoList Service;J:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 03:11]
R2 ioloSystemService;iolo System Service;J:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 03:11]
R2 UxTuneUp;TuneUp Theme Extension;J:\WINDOWS\System32\svchost.exe [2004-08-10 06:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;J:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 17:58]
R3 pctvvbi;PCTVVBI;J:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-04-02 15:05]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;J:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]
R3 PPortJoystick;Parallel Port Joystick device driver;J:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]
R3 usbprint;Microsoft USB PRINTER Class;J:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 02:01]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;J:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 n558;N558 Bluetooth USB Filter Driver;J:\WINDOWS\system32\Drivers\n558.sys [2007-08-15 07:27]
S3 sonypvs1;Sony Digital Imaging Video2;J:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-16 01:41]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;J:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-05 11:46]
S3 U2SB;PCTV Bungee;J:\WINDOWS\system32\Drivers\U2SB.sys [2002-07-23 15:47]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11869704-d438-11dc-89ca-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc4ed3b8-baf1-11dc-885e-806d6172696f}]
\Shell\AutoRun\command - H:\autoRcd.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 23:13:30 J:\WINDOWS\Tasks\1-Click Maintenance.job"
- J:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-07 22:27:01 J:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- J:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-06 02:01:29 J:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- J:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-06 02:01:27 J:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- J:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 21:02:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 21:04:00
ComboFix-quarantined-files.txt 2008-02-08 02:03:41
.
2008-01-15 21:15:39 --- E O F ---






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:15 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\csrss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
J:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
J:\WINDOWS\eHome\ehRecvr.exe
J:\WINDOWS\eHome\ehSched.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\iolo\common\lib\ioloServiceManager.exe
J:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
J:\WINDOWS\system32\nvsvc32.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\ehome\mcrdsvc.exe
J:\Program Files\Windows Media Player\WMPNetwk.exe
J:\WINDOWS\ehome\ehtray.exe
J:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
J:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
J:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
J:\Program Files\WhatPulse\WhatPulse.exe
J:\Documents and Settings\Guitar Legend\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
J:\WINDOWS\system32\dllhost.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\System32\alg.exe
J:\WINDOWS\eHome\ehmsas.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\QuickTime\QuickTimePlayer.exe
J:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
J:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\My Lockbox\flockbox.exe
J:\Program Files\GlovePIE\GlovePIE.exe
J:\Program Files\Trillian\trillian.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
J:\Program Files\iTunes\iTunes.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\WINDOWS\explorer.exe
J:\Documents and Settings\Guitar Legend\Desktop\Extra\HiJackThis.exe
J:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - J:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - J:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O4 - HKLM\..\Run: [ehTray] J:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] J:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] J:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] J:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "J:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [WhatPulse] J:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] J:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - Startup: YouTube Uploader.lnk = J:\Documents and Settings\Guitar Legend\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O8 - Extra context menu item: Add to &LinkFox - res://J:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: Add to Anti-Banner - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - J:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - J:\Program Files\Common Files\ReGet Shared\CC_All.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Spy - {16664849-0E00-11D2-8059-000000000000} - J:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra 'Tools' menuitem: MSIE &Spy - {16664849-0E00-11D2-8059-000000000000} - J:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - AppInit_DLLs: J:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - J:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Capture Device Service - InterVideo Inc. - J:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - J:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - J:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - J:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - J:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - J:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - J:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - J:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - J:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9896 bytes

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 07 February 2008 - 09:16 PM

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
Exit Hijackthis.

Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#9 Abyssal

Abyssal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 07 February 2008 - 10:06 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/07/2008 at 10:05 PM

Application Version : 3.9.1008

Core Rules Database Version : 3398
Trace Rules Database Version: 1390

Scan type : Complete Scan
Total Scan Time : 00:41:22

Memory items scanned : 630
Memory threats detected : 0
Registry items scanned : 6930
Registry threats detected : 0
File items scanned : 46394
File threats detected : 0

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 08 February 2008 - 08:03 AM

Also post a new Hijackthis log,let me know how your pc is running now.

Please post the above,thanks.
Posted Image
Posted Image

#11 Abyssal

Abyssal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 08 February 2008 - 04:32 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:45 PM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\csrss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
J:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
J:\WINDOWS\eHome\ehRecvr.exe
J:\WINDOWS\eHome\ehSched.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\iolo\common\lib\ioloServiceManager.exe
J:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
J:\WINDOWS\system32\nvsvc32.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\ehome\mcrdsvc.exe
J:\Program Files\Windows Media Player\WMPNetwk.exe
J:\WINDOWS\ehome\ehtray.exe
J:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
J:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
J:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
J:\Program Files\WhatPulse\WhatPulse.exe
J:\Documents and Settings\Guitar Legend\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
J:\WINDOWS\system32\dllhost.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\System32\alg.exe
J:\WINDOWS\eHome\ehmsas.exe
J:\WINDOWS\system32\ctfmon.exe
J:\Program Files\QuickTime\QuickTimePlayer.exe
J:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
J:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
J:\WINDOWS\system32\svchost.exe
J:\Program Files\My Lockbox\flockbox.exe
J:\Program Files\GlovePIE\GlovePIE.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
J:\Program Files\iTunes\iTunes.exe
J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\WINDOWS\explorer.exe
J:\Program Files\Trillian\trillian.exe
J:\Documents and Settings\Guitar Legend\Desktop\Extra\HiJackThis.exe
J:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - J:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - J:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O4 - HKLM\..\Run: [ehTray] J:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] J:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] J:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "J:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] J:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "J:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [WhatPulse] J:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] J:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] J:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] J:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: YouTube Uploader.lnk = J:\Documents and Settings\Guitar Legend\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O8 - Extra context menu item: Add to &LinkFox - res://J:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: Add to Anti-Banner - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - J:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - J:\Program Files\Common Files\ReGet Shared\CC_All.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Spy - {16664849-0E00-11D2-8059-000000000000} - J:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra 'Tools' menuitem: MSIE &Spy - {16664849-0E00-11D2-8059-000000000000} - J:\Program Files\Common Files\ReGet Shared\Catcher.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - J:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: J:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - J:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - J:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - J:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - J:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Capture Device Service - InterVideo Inc. - J:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - J:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - J:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - J:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - J:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - J:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - J:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - J:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - J:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - J:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9866 bytes



My computer seems to be running fine. Didn't notice anything wrong with it before.

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 08 February 2008 - 06:14 PM

Your log is clean :thumbsup: ,please do the following:

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore again.

Posted Image

You should take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

How to prevent Malware:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

So how did I get infected in the first place:
http://forums.spybot.info/showthread.php?t=279

Malware Cleanup Programs and Preventative Procedures:
http://russelltexas.com/malware/allclear.htm

Hardening Windows Security - Part 1:
http://www.malwarehelp.org/Malware-Prevent...-Security1.html

Hardening Windows Security - Part 2:
http://www.malwarehelp.org/malware-prevent...-security2.html
Posted Image
Posted Image

#13 Abyssal

Abyssal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 08 February 2008 - 08:05 PM

Ya I am usually safe when it comes to stuff like this, but sometimes I like to have a professional look at this kind of thing. I have Spyware Doctor, Kaspersky Security, Ad-Aware, Spy-Bot, and now SuperAntiSpyware to get rid of these. Thanks for your help. Fast reponses also.

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 09 February 2008 - 04:07 AM

You're most welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users