Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Problems (spyware, Pop-ups Etc.)


  • This topic is locked This topic is locked
7 replies to this topic

#1 Malkyy

Malkyy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 08 February 2008 - 05:15 PM

I'm pretty new to this side of computers & the internet. So recently my computer has been having pop-ups from Reditty when I click links and different popups from admedia365, HornyMatches AND more. Can you please help? Here's a HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:16, on 08/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\Malky\LOCALS~1\Temp\winvsnet.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [f8378b5f] rundll32.exe "C:\WINDOWS\system32\qnbojmqq.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201193171421
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201193161343
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\EnglishOtto\profsywu.html

--
End of file - 9269 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:07 PM

Posted 09 February 2008 - 03:28 PM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Malkyy

Malkyy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 10 February 2008 - 02:46 PM

COMBOFIX LOG -

ComboFix 08-02.05.3 - Malky 2008-02-10 19:35:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.516 [GMT 0:00]
Running from: C:\Documents and Settings\Malky\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\xxyvttu.dll
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Malky\My Documents\SMANTE~1
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\tsks~1
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\EnglishOtto\profsywu.html
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\acaceyug.dll
C:\WINDOWS\system32\axsntrjh.dll
C:\WINDOWS\system32\elsgibkh.ini
C:\WINDOWS\system32\feoguhng.dll
C:\WINDOWS\system32\fgerqchh.ini
C:\WINDOWS\system32\fnyefhrk.dll
C:\WINDOWS\system32\gnhugoef.ini
C:\WINDOWS\system32\guyecaca.ini
C:\WINDOWS\system32\hcscekau.ini
C:\WINDOWS\system32\hhcqregf.dll
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjrtnsxa.ini
C:\WINDOWS\system32\hkbigsle.dll
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jmqutxol.dll
C:\WINDOWS\system32\jwdeolox.dll
C:\WINDOWS\system32\lgscbwqt.ini
C:\WINDOWS\system32\loxtuqmj.ini
C:\WINDOWS\system32\makgngaw.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfmtrpcs.ini
C:\WINDOWS\system32\mmfikxwd.dll
C:\WINDOWS\system32\ougcwlqd.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qlhylujt.dll
C:\WINDOWS\system32\qnbojmqq.dll
C:\WINDOWS\system32\qqmjobnq.ini
C:\WINDOWS\system32\scprtmfm.dll
C:\WINDOWS\system32\tqwbcsgl.dll
C:\WINDOWS\system32\trmrkaps.dll
C:\WINDOWS\system32\uakecsch.dll
C:\WINDOWS\system32\wagngkam.ini
C:\WINDOWS\system32\wfvogbox.dll
C:\WINDOWS\system32\wljdydbs.dll
C:\WINDOWS\system32\xobgovfw.ini
C:\WINDOWS\system32\xoloedwj.ini
C:\WINDOWS\system32\xtcgcdlx.ini
C:\WINDOWS\system32\xxyvttu.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 19:35 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-02-10 19:28 . 2006-03-16 04:00 388,608 --a------ C:\kmd.exe
2008-02-10 13:24 . 2007-10-10 23:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-10 13:24 . 2007-07-01 03:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-10 13:24 . 2007-07-01 03:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-10 13:24 . 2007-10-10 23:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-10 13:24 . 2007-10-10 23:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-10 13:24 . 2007-10-10 23:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-10 13:24 . 2007-10-10 23:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-10 13:24 . 2007-10-10 23:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-10 13:24 . 2007-10-10 10:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-10 13:22 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-10 12:49 . 2008-02-10 12:49 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\Template
2008-02-10 12:49 . 2008-02-10 12:49 0 --a------ C:\Documents and Settings\Malky\Application Data\wklnhst.dat
2008-02-09 13:29 . 2008-02-09 14:01 2,094 --ahs---- C:\WINDOWS\system32\hmaokidd.ini
2008-02-09 00:36 . 2008-02-10 19:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 00:36 . 2008-02-09 00:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-08 23:47 . 2008-02-08 23:49 <DIR> d-------- C:\Program Files\Cheat Engine
2008-02-08 23:47 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-02-08 23:47 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-02-08 22:08 . 2008-02-08 22:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-07 17:59 . 2008-02-07 17:59 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\Grisoft
2008-02-07 17:59 . 2008-02-07 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-07 17:59 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-07 15:41 . 2008-02-07 15:41 <DIR> d-------- C:\Program Files\Acesoft
2008-02-07 15:41 . 2007-01-23 00:43 277,504 --a------ C:\WINDOWS\system32\oestore.dll
2008-02-07 15:41 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\TabCtl32.ocx
2008-02-06 17:41 . 2008-02-06 17:41 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\AdobeUM
2008-02-05 19:27 . 2008-02-05 19:27 90,688 --a------ C:\WINDOWS\system32\ivnuexgx.dll
2008-02-05 19:27 . 2008-02-07 19:20 1,434 --ahs---- C:\WINDOWS\system32\xgxeunvi.ini
2008-02-04 21:53 . 2008-02-08 20:06 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\Lionhead Studios
2008-02-04 21:42 . 2008-02-04 21:42 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-03 15:46 . 2008-02-03 15:46 <DIR> d-------- C:\Program Files\Paint.NET
2008-02-03 15:03 . 2008-02-03 15:03 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-03 15:03 . 2008-02-03 15:03 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-03 15:03 . 2008-02-03 15:03 <DIR> d-------- C:\Program Files\MSBuild
2008-02-03 15:02 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-02-03 14:57 . 2008-02-03 14:57 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-31 16:22 . 2008-01-31 16:22 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-30 17:16 . 2008-01-30 17:16 <DIR> d-------- C:\Program Files\Winspy
2008-01-30 17:16 . 2001-04-10 00:04 7,380 --a------ C:\WINDOWS\system32\winspy.tlb
2008-01-30 15:42 . 2008-01-30 15:42 27,200 --a------ C:\WINDOWS\system32\vjyjdihe.dll
2008-01-29 22:24 . 2008-01-29 22:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 22:14 . 2008-01-29 22:14 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\Qtrax1
2008-01-29 22:14 . 2008-01-29 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-01-29 22:13 . 2008-01-30 16:04 <DIR> d-------- C:\Program Files\Qtrax_20080125
2008-01-28 20:23 . 2008-01-28 20:23 <DIR> d-------- C:\Program Files\uTorrent
2008-01-28 20:23 . 2008-02-01 20:13 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\uTorrent
2008-01-28 20:03 . 2008-02-09 14:30 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\Apple Computer
2008-01-28 20:02 . 2008-01-28 20:02 <DIR> d-------- C:\Program Files\iTunes
2008-01-28 20:02 . 2008-01-28 20:02 <DIR> d-------- C:\Program Files\iPod
2008-01-28 20:02 . 2008-01-28 20:02 <DIR> d-------- C:\Program Files\Bonjour
2008-01-28 20:01 . 2008-01-28 20:02 <DIR> d-------- C:\Program Files\QuickTime
2008-01-28 20:01 . 2008-01-28 20:01 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-28 20:01 . 2008-01-28 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-28 20:00 . 2008-01-28 20:00 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-28 20:00 . 2008-01-28 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-28 19:02 . 2008-01-28 19:02 <DIR> d-------- C:\Documents and Settings\Malky\Shared
2008-01-28 19:02 . 2008-01-28 19:02 <DIR> d-------- C:\Documents and Settings\Malky\Incomplete
2008-01-28 18:31 . 2008-02-08 22:05 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\FrostWire
2008-01-28 18:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-28 18:21 . 2008-02-08 18:42 <DIR> d-------- C:\Program Files\FrostWire
2008-01-28 17:46 . 2008-01-28 17:46 26,688 --a------ C:\WINDOWS\system32\umhxnatr.dll
2008-01-27 13:56 . 2008-01-27 13:56 <DIR> d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2008-01-27 13:56 . 2008-01-27 13:56 <DIR> d--hs---- C:\Documents and Settings\NetworkService\History
2008-01-26 09:04 . 2008-01-26 09:04 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\HP
2008-01-26 08:36 . 2008-01-26 08:36 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-26 08:31 . 2006-08-21 09:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-26 08:31 . 2006-08-21 09:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-26 08:31 . 2006-08-21 12:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-26 08:25 . 2008-01-26 08:25 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-25 23:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-25 23:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-25 23:30 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-25 23:30 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-25 23:15 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-25 23:08 . 2008-01-26 10:17 <DIR> d-------- C:\Documents and Settings\Malky\Contacts
2008-01-25 22:56 . 2008-01-28 20:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-25 22:51 . 2008-01-25 22:55 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-25 22:50 . 2008-01-25 22:56 <DIR> d-------- C:\Program Files\Windows Live
2008-01-25 22:50 . 2008-01-25 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-25 21:25 . 2007-07-09 13:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-25 21:24 . 2006-08-16 09:37 225,664 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-01-25 21:24 . 2006-08-16 11:58 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-01-25 21:19 . 2006-03-21 03:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-01-25 21:12 . 2006-12-07 04:14 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-01-25 17:48 . 2008-01-26 17:58 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-01-25 17:48 . 2008-01-25 17:48 <DIR> d-------- C:\Program Files\NCH Software
2008-01-25 17:48 . 2008-01-25 17:48 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\Recordpad
2008-01-25 17:48 . 2008-01-26 17:57 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\NCH Swift Sound
2008-01-25 17:48 . 2008-01-25 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-01-25 17:13 . 2007-02-05 20:17 185,344 --------- C:\WINDOWS\system32\dllcache\upnphost.dll
2008-01-25 16:31 . 2008-02-04 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 15:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-25 15:53 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-25 15:41 . 2008-01-25 15:41 <DIR> d-------- C:\Program Files\DivX
2008-01-25 15:37 . 2008-01-25 15:38 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-25 15:37 . 2008-01-25 15:38 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-24 20:56 . 2008-02-07 18:15 <DIR> d--hs---- C:\WINDOWS\TWFsa3k
2008-01-24 20:56 . 2008-01-25 16:36 <DIR> d-------- C:\WINDOWS\system32\pie2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 19:37 --------- d-----w C:\Program Files\EnglishOtto
2008-02-10 19:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-08 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 18:27 --------- d-----w C:\Program Files\Java
2008-01-25 16:36 --------- d-----w C:\Program Files\ESPNMotion
2008-01-25 15:38 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-25 15:38 --------- d-----w C:\Program Files\Symantec
2008-01-25 15:38 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-24 17:35 --------- d-----w C:\Program Files\CONEXANT
2008-01-24 17:34 822,272 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-01-24 15:42 --------- d-----w C:\Program Files\Google
2008-01-23 03:04 --------- d-----w C:\Program Files\Windows Plus
2008-01-23 03:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-23 03:04 --------- d-----w C:\Program Files\Synaptics
2008-01-23 03:04 --------- d-----w C:\Program Files\Sonic
2008-01-23 03:03 --------- d-----w C:\Program Files\RGB
2008-01-23 03:03 --------- d-----w C:\Program Files\Microsoft Works
2008-01-23 03:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-23 03:02 --------- d-----w C:\Program Files\HP
2008-01-23 03:01 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-23 03:01 --------- d-----w C:\Program Files\GemMaster
2008-01-23 03:01 --------- d-----w C:\Program Files\DIGStream
2008-01-23 03:01 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\Java
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\HP
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-22 19:29 1,720 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_PRESARIO V6000 (RM484EA#ABU)_YN_0Pres_QCNF637043T_E432250032_46_I30B7_SQuanta_V65.28_BF.36M1_T070601_WXP2_L409_M959_J80_7AMD_8Turion 64 X2 Technology TL-50_91.61_#060901_N14E44311_(RM484EA#ABU)_XMOBILE.MRK
2008-01-22 19:20 --------- d-----w C:\Program Files\HPQ
2008-01-22 19:20 --------- d-----w C:\Program Files\Easy Internet Signup
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16C4CC4D-559A-40CA-927A-F59BD019E904}]
2008-01-30 15:42 27200 --a------ C:\WINDOWS\system32\vjyjdihe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3791C8CE-3D88-4511-9F4B-17AA3D4DAB3A}]
C:\Program Files\ESPNMotion\hokepoqex4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AD5A804-AD20-4090-89F2-B0219278CE89}]
C:\Program Files\ESPNMotion\hokepoqex83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6CC3DFB-86D7-4AA4-138E-23659A2221A6}]
C:\Program Files\EnglishOtto\lavuj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-23 21:32 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Tracks Eraser Pro"="C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe" [2008-01-02 16:04 1343336]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 04:56 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 05:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 08:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 08:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 08:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 14:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 14:27 52848]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 14:36 827392]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 20:55 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 15:02 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 08:52 643072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 04:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 16:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 23:49]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-02 10:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-22 19:31:11 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exef/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Easy Internet signup\StartEIS.aml
"2006-09-01 13:41:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 19:41:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????Z??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\vjyjdihe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2008-02-10 19:43:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 19:43:23
.
2008-02-06 17:10:50 --- E O F ---


HJT LOG -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45, on 2008-02-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchfunds.com/myhomepage.asp?OrgID=4796
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16C4CC4D-559A-40CA-927A-F59BD019E904} - C:\WINDOWS\system32\vjyjdihe.dll
O2 - BHO: (no name) - {3791C8CE-3D88-4511-9F4B-17AA3D4DAB3A} - C:\Program Files\ESPNMotion\hokepoqex4444.dll (file missing)
O2 - BHO: (no name) - {5AD5A804-AD20-4090-89F2-B0219278CE89} - C:\Program Files\ESPNMotion\hokepoqex83122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: 0 - {F6CC3DFB-86D7-4AA4-138E-23659A2221A6} - C:\Program Files\EnglishOtto\lavuj.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201193171421
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201193161343
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11326 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:07 PM

Posted 10 February 2008 - 02:55 PM

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\hmaokidd.ini
C:\WINDOWS\system32\ivnuexgx.dll
C:\WINDOWS\system32\xgxeunvi.ini
C:\WINDOWS\system32\vjyjdihe.dll
C:\WINDOWS\system32\umhxnatr.dll

Folder::
C:\WINDOWS\TWFsa3k
C:\WINDOWS\system32\pie2

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16C4CC4D-559A-40CA-927A-F59BD019E904}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3791C8CE-3D88-4511-9F4B-17AA3D4DAB3A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AD5A804-AD20-4090-89F2-B0219278CE89}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6CC3DFB-86D7-4AA4-138E-23659A2221A6}]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Malkyy

Malkyy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 10 February 2008 - 03:04 PM

COMBO FIX :-

ComboFix 08-02.05.3 - Malky 2008-02-10 20:00:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.516 [GMT 0:00]
Running from: C:\Documents and Settings\Malky\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Malky\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\hmaokidd.ini
C:\WINDOWS\system32\ivnuexgx.dll
C:\WINDOWS\system32\umhxnatr.dll
C:\WINDOWS\system32\vjyjdihe.dll
C:\WINDOWS\system32\xgxeunvi.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\hmaokidd.ini
C:\WINDOWS\system32\ivnuexgx.dll
C:\WINDOWS\system32\pie2
C:\WINDOWS\system32\umhxnatr.dll
C:\WINDOWS\system32\vjyjdihe.dll
C:\WINDOWS\system32\xgxeunvi.ini
C:\WINDOWS\TWFsa3k

.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 19:35 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-02-10 13:24 . 2007-10-10 23:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-10 13:24 . 2007-07-01 03:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-10 13:24 . 2007-07-01 03:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-10 13:24 . 2007-10-10 23:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-10 13:24 . 2007-10-10 23:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-10 13:24 . 2007-10-10 23:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-10 13:24 . 2007-10-10 23:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-10 13:24 . 2007-10-10 23:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-10 13:24 . 2007-10-10 10:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-10 13:22 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-10 12:49 . 2008-02-10 12:49 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\Template
2008-02-10 12:49 . 2008-02-10 12:49 0 --a------ C:\Documents and Settings\Malky\Application Data\wklnhst.dat
2008-02-09 00:36 . 2008-02-10 19:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 00:36 . 2008-02-09 00:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-08 23:47 . 2008-02-08 23:49 <DIR> d-------- C:\Program Files\Cheat Engine
2008-02-08 23:47 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-02-08 23:47 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-02-08 22:08 . 2008-02-08 22:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-07 17:59 . 2008-02-07 17:59 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\Grisoft
2008-02-07 17:59 . 2008-02-07 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-07 17:59 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-07 15:41 . 2008-02-07 15:41 <DIR> d-------- C:\Program Files\Acesoft
2008-02-07 15:41 . 2007-01-23 00:43 277,504 --a------ C:\WINDOWS\system32\oestore.dll
2008-02-07 15:41 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\TabCtl32.ocx
2008-02-06 17:41 . 2008-02-06 17:41 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\AdobeUM
2008-02-04 21:53 . 2008-02-08 20:06 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\Lionhead Studios
2008-02-04 21:42 . 2008-02-04 21:42 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-03 15:46 . 2008-02-03 15:46 <DIR> d-------- C:\Program Files\Paint.NET
2008-02-03 15:03 . 2008-02-03 15:03 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-03 15:03 . 2008-02-03 15:03 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-03 15:03 . 2008-02-03 15:03 <DIR> d-------- C:\Program Files\MSBuild
2008-02-03 15:02 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-02-03 14:57 . 2008-02-03 14:57 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-31 16:22 . 2008-01-31 16:22 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-30 17:16 . 2008-01-30 17:16 <DIR> d-------- C:\Program Files\Winspy
2008-01-30 17:16 . 2001-04-10 00:04 7,380 --a------ C:\WINDOWS\system32\winspy.tlb
2008-01-29 22:24 . 2008-01-29 22:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-29 22:14 . 2008-01-29 22:14 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\Qtrax1
2008-01-29 22:14 . 2008-01-29 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-01-29 22:13 . 2008-01-30 16:04 <DIR> d-------- C:\Program Files\Qtrax_20080125
2008-01-28 20:23 . 2008-01-28 20:23 <DIR> d-------- C:\Program Files\uTorrent
2008-01-28 20:23 . 2008-02-01 20:13 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\uTorrent
2008-01-28 20:03 . 2008-02-09 14:30 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\Apple Computer
2008-01-28 20:02 . 2008-01-28 20:02 <DIR> d-------- C:\Program Files\iTunes
2008-01-28 20:02 . 2008-01-28 20:02 <DIR> d-------- C:\Program Files\iPod
2008-01-28 20:02 . 2008-01-28 20:02 <DIR> d-------- C:\Program Files\Bonjour
2008-01-28 20:01 . 2008-01-28 20:02 <DIR> d-------- C:\Program Files\QuickTime
2008-01-28 20:01 . 2008-01-28 20:01 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-28 20:01 . 2008-01-28 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-28 20:00 . 2008-01-28 20:00 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-28 20:00 . 2008-01-28 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-28 19:02 . 2008-01-28 19:02 <DIR> d-------- C:\Documents and Settings\Malky\Shared
2008-01-28 19:02 . 2008-01-28 19:02 <DIR> d-------- C:\Documents and Settings\Malky\Incomplete
2008-01-28 18:31 . 2008-02-08 22:05 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\FrostWire
2008-01-28 18:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-28 18:21 . 2008-02-08 18:42 <DIR> d-------- C:\Program Files\FrostWire
2008-01-27 13:56 . 2008-01-27 13:56 <DIR> d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2008-01-27 13:56 . 2008-01-27 13:56 <DIR> d--hs---- C:\Documents and Settings\NetworkService\History
2008-01-26 09:04 . 2008-01-26 09:04 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\HP
2008-01-26 08:36 . 2008-01-26 08:36 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-26 08:31 . 2006-08-21 09:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-26 08:31 . 2006-08-21 09:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-26 08:31 . 2006-08-21 12:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-26 08:25 . 2008-01-26 08:25 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-25 23:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-25 23:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-25 23:30 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-25 23:30 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-25 23:15 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-25 23:08 . 2008-01-26 10:17 <DIR> d-------- C:\Documents and Settings\Malky\Contacts
2008-01-25 22:56 . 2008-01-28 20:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-25 22:51 . 2008-01-25 22:55 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-25 22:50 . 2008-01-25 22:56 <DIR> d-------- C:\Program Files\Windows Live
2008-01-25 22:50 . 2008-01-25 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-25 21:25 . 2007-07-09 13:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-25 21:24 . 2006-08-16 09:37 225,664 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-01-25 21:24 . 2006-08-16 11:58 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll
2008-01-25 21:19 . 2006-03-21 03:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-01-25 21:12 . 2006-12-07 04:14 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-01-25 17:48 . 2008-01-26 17:58 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-01-25 17:48 . 2008-01-25 17:48 <DIR> d-------- C:\Program Files\NCH Software
2008-01-25 17:48 . 2008-01-25 17:48 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\Recordpad
2008-01-25 17:48 . 2008-01-26 17:57 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\NCH Swift Sound
2008-01-25 17:48 . 2008-01-25 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-01-25 17:13 . 2007-02-05 20:17 185,344 --------- C:\WINDOWS\system32\dllcache\upnphost.dll
2008-01-25 16:31 . 2008-02-04 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 15:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-25 15:53 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-25 15:41 . 2008-01-25 15:41 <DIR> d-------- C:\Program Files\DivX
2008-01-25 15:37 . 2008-01-25 15:38 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-25 15:37 . 2008-01-25 15:38 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-24 20:56 . 2008-02-07 18:15 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-24 20:56 . 2008-01-25 16:36 <DIR> d-------- C:\WINDOWS\system32\ecw8
2008-01-24 20:56 . 2008-01-24 20:56 <DIR> d-------- C:\Temp\gTiis19
2008-01-24 20:56 . 2008-01-24 20:56 <DIR> d-------- C:\Temp\cXzz9
2008-01-24 20:56 . 2008-02-10 19:36 <DIR> d-------- C:\Temp
2008-01-24 20:51 . 2008-01-24 20:51 <DIR> d-------- C:\WINDOWS\Sun
2008-01-24 18:43 . 2008-01-24 18:43 <DIR> d-------- C:\Documents and Settings\Malky\Application Data\Atari
2008-01-24 18:30 . 2008-01-24 18:30 <DIR> d-------- C:\Program Files\Common Files\PocketSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 19:37 --------- d-----w C:\Program Files\EnglishOtto
2008-02-10 19:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-08 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 18:27 --------- d-----w C:\Program Files\Java
2008-01-25 16:36 --------- d-----w C:\Program Files\ESPNMotion
2008-01-25 15:38 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-25 15:38 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-25 15:38 --------- d-----w C:\Program Files\Symantec
2008-01-25 15:38 --------- d-----w C:\Program Files\Norton Internet Security
2008-01-24 17:35 --------- d-----w C:\Program Files\CONEXANT
2008-01-24 17:34 822,272 ----a-w C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-01-24 15:42 --------- d-----w C:\Program Files\Google
2008-01-23 03:04 --------- d-----w C:\Program Files\Windows Plus
2008-01-23 03:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-23 03:04 --------- d-----w C:\Program Files\Synaptics
2008-01-23 03:04 --------- d-----w C:\Program Files\Sonic
2008-01-23 03:03 --------- d-----w C:\Program Files\RGB
2008-01-23 03:03 --------- d-----w C:\Program Files\Microsoft Works
2008-01-23 03:02 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-23 03:02 --------- d-----w C:\Program Files\HP
2008-01-23 03:01 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-23 03:01 --------- d-----w C:\Program Files\GemMaster
2008-01-23 03:01 --------- d-----w C:\Program Files\DIGStream
2008-01-23 03:01 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\Java
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\HP
2008-01-23 03:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-23 02:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-22 19:29 1,720 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_PRESARIO V6000 (RM484EA#ABU)_YN_0Pres_QCNF637043T_E432250032_46_I30B7_SQuanta_V65.28_BF.36M1_T070601_WXP2_L409_M959_J80_7AMD_8Turion 64 X2 Technology TL-50_91.61_#060901_N14E44311_(RM484EA#ABU)_XMOBILE.MRK
2008-01-22 19:20 --------- d-----w C:\Program Files\HPQ
2008-01-22 19:20 --------- d-----w C:\Program Files\Easy Internet Signup
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-23 21:32 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Tracks Eraser Pro"="C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe" [2008-01-02 16:04 1343336]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 04:56 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 05:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 08:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 08:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 08:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 14:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 14:27 52848]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 14:36 827392]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 20:55 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 15:02 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 08:52 643072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 04:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 16:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 23:49]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-02 10:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-22 19:31:11 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exef/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Easy Internet signup\StartEIS.aml
"2006-09-01 13:41:24 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 20:02:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????Z??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-10 20:02:28
ComboFix-quarantined-files.txt 2008-02-10 20:02:26
ComboFix2.txt 2008-02-10 19:43:28
.
2008-02-06 17:10:50 --- E O F ---


HJT Log -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03, on 2008-02-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchfunds.com/myhomepage.asp?OrgID=4796
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201193171421
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201193161343
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10909 bytes

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:07 PM

Posted 10 February 2008 - 03:13 PM

Hi,

Navigate to and delete the following folders:

C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\ecw8
C:\Temp\gTiis19
C:\Temp\cXzz9

I see you have the page http://www.mysearchfunds.com/myhomepage.asp?OrgID=4796 set as your startpage. It uses the searchengine Ask.com there. I just want to make you aware of the fact that ask.com has a questionable reputation.
see this note: http://www.benedelman.org/spyware/installa...kjeeves-banner/

Your log looks ok again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:07 PM

Posted 17 February 2008 - 09:55 AM

Still with us?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:07 PM

Posted 21 February 2008 - 04:15 PM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users