Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection Also Affected My Hijackthis Logs?


  • Please log in to reply
9 replies to this topic

#1 elroy325

elroy325

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 20 February 2008 - 11:25 AM

I keep getting spyware called abetterinternet.aurora and virtumonde. I have updated and run spybot in safe mode and fully booted up, but the problem keeps coming back I have run symantec antivirus (which comes up with nothing) in safe mode and when fully booted up.

i get tons of pop ups and then my symantec autoprotect pops up and notifies me that:
it deleted downloader 10_swp[1] and win7cc.tmp. It also deleted downloader.misleadapp with a file name of gos7d7.tmp
it aslo quarantined win7d2.tmp

as soon as i reboot everything starts happening again and I get similar notifications from symantec. another symptom is that my desktop icons disappear.

I downloaded virtumonde removal tool from symantec but when i run it it says virtumonde isnt on my computer. however spybot finds it and fixes it only to have it return again.


I believe the infection i have is called msiconf.exe but not sure. As soon as I start to use IE thats when everything freezes up, viruses get picked up by symantec auto protect and I have to reboot.

my hijackthis has also been affected. Im able to do a scan but when I try to save a log the program just closes.

Any help would be greatly appreciated. Thanks!

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:40 AM

Posted 20 February 2008 - 11:39 AM

Hello elroy325,

Welcome to Bleeping Computer :blink:

Try this : Go look in your HijackThis folder, and rename HijackThis.exe to something else, like popcorn.exe. The try to run it and save a log. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 elroy325

elroy325
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 20 February 2008 - 12:09 PM

Hi tea, while I was waiting for a reply I just reinstalled hijackthis and am able to save a log. I also have found that as long as I dont open IE (I can still be on the internet through AOL) I dont freeze up, get pop ups and downloaders/trojans

also, now that I rebooted theres a red circle w/ an X in it on my tray and its trying to link me to a web page to download spyware protection software.

heres the log...thanks in advance!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:19 PM, on 2/20/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\System32\drvpow.dll,startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37380.cab
O21 - SSODL: zip - {cc3d79c9-13c4-4f88-8a01-2324add6255c} - C:\WINDOWS\Installer\{cc3d79c9-13c4-4f88-8a01-2324add6255c}\zip.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8526 bytes

#4 elroy325

elroy325
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 20 February 2008 - 01:03 PM

PS I just ran spybot and Vario.antivirus is also listed along w/ the others i mentioned

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:40 AM

Posted 20 February 2008 - 01:21 PM

Hello,

Yay! Glad you got it to work. :thumbsup:

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 elroy325

elroy325
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 20 February 2008 - 02:00 PM

When the combofix was running my screen turned blue. i pressed the power button on my computer to reboot. combofix started generating a log as soon as it rebooted without me touching anything. I dont know if the scan was interrupted. should i do it again?

heres the log

ComboFix 08-02-20.2 - me 2008-02-20 13:36:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.291 [GMT -5:00]
Running from: C:\Documents and Settings\me\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\nnnmkhf.dll
C:\bold.log
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\RECYCLER\Super Mario RPG - Legend of the Seven Stars (U) [!].srm
C:\WINDOWS\System32\awtst.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\ejbaihwq.ini
C:\WINDOWS\system32\fhvebyfy.dll
C:\WINDOWS\system32\gebaabb.dll
C:\WINDOWS\system32\igobrghr.dll
C:\WINDOWS\system32\iifgfff.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\media
C:\WINDOWS\system32\media\AvidRender.wav
C:\WINDOWS\system32\msiconf.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\nnnkkll.dll
C:\WINDOWS\system32\nnnmkhf.dll
C:\WINDOWS\system32\ohclkttf.dll
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\pmnklmm.dll
C:\WINDOWS\system32\qwhiabje.dll
C:\WINDOWS\system32\rhgrbogi.ini
C:\WINDOWS\system32\rqrooop.dll
C:\WINDOWS\system32\slbibydn.dll
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\winawg32.dll
C:\WINDOWS\system32\xnipdjid.dll
C:\WINDOWS\system32\yayxywt.dll
C:\WINDOWS\system32\yfybevhf.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-20 11:57 . 2008-02-20 11:57 18,944 --a------ C:\WINDOWS\system32\drvpow.dll
2008-02-20 11:47 . 2008-02-20 11:47 1,598,023 --a------ C:\Program Files\ComboFix.exe
2008-02-20 11:40 . 2008-02-20 11:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-20 11:40 . 2008-02-20 11:40 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-02-19 18:56 . 2008-02-19 18:57 <DIR> d-------- C:\Program Files\Saunders Comprehensive NCLEX-RN Review 4e
2008-02-19 16:18 . 2008-02-19 16:18 168,592 --a------ C:\Program Files\FxVMonde.exe
2008-02-19 11:23 . 2008-02-19 11:22 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-19 11:23 . 2008-02-19 11:23 3,449 --a------ C:\WINDOWS\unins000.dat
2008-02-15 21:25 . 2008-02-15 21:25 24,064 --a------ C:\WINDOWS\system32\winkrg32.dll
2008-02-15 21:25 . 2008-02-15 21:25 24,064 --a------ C:\WINDOWS\system32\winipo32.dll
2008-02-11 17:00 . 2008-02-13 17:13 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-08 21:44 . 2008-02-18 12:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-08 21:44 . 2008-02-08 21:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 19:45 . 2000-05-21 19:00 1,009,336 --a------ C:\WINDOWS\system32\mschrt20.ocx
2008-01-28 19:45 . 1999-11-29 05:43 592,896 --a------ C:\WINDOWS\system32\Sfttreex.ocx
2008-01-28 19:45 . 1998-04-26 19:00 570,128 --a------ C:\WINDOWS\system32\Dao350.dll
2008-01-28 19:45 . 1998-08-31 10:32 204,907 --a------ C:\WINDOWS\system32\triedit.dll
2008-01-28 19:45 . 2000-05-08 10:34 204,800 --a------ C:\WINDOWS\system32\lwwotr03.ocx
2008-01-28 19:45 . 1999-05-06 19:00 198,640 --a------ C:\WINDOWS\system32\mci32.ocx
2008-01-28 19:45 . 1998-10-15 12:51 136,192 --a------ C:\WINDOWS\system32\DWSPY32.dll
2008-01-28 19:45 . 1998-10-02 13:13 114,688 --a------ C:\WINDOWS\system32\DWSHK32.ocx
2008-01-28 19:45 . 1998-06-17 19:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.dll
2008-01-28 19:44 . 2008-01-28 19:44 <DIR> d-------- C:\Program Files\LWW
2008-01-28 19:44 . 2001-01-08 14:07 237,568 --a------ C:\WINDOWS\system32\FXIMG50G.OCX
2008-01-28 19:44 . 1999-02-25 14:32 122,880 --a------ C:\WINDOWS\system32\FXTLS532.DLL


ComboFix 08-02-20.2 - me 2008-02-20 13:36:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.291 [GMT -5:00]
Running from: C:\Documents and Settings\me\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\nnnmkhf.dll
C:\bold.log
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\RECYCLER\Super Mario RPG - Legend of the Seven Stars (U) [!].srm
C:\WINDOWS\System32\awtst.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\ejbaihwq.ini
C:\WINDOWS\system32\fhvebyfy.dll
C:\WINDOWS\system32\gebaabb.dll
C:\WINDOWS\system32\igobrghr.dll
C:\WINDOWS\system32\iifgfff.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\media
C:\WINDOWS\system32\media\AvidRender.wav
C:\WINDOWS\system32\msiconf.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\nnnkkll.dll
C:\WINDOWS\system32\nnnmkhf.dll
C:\WINDOWS\system32\ohclkttf.dll
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\pmnklmm.dll
C:\WINDOWS\system32\qwhiabje.dll
C:\WINDOWS\system32\rhgrbogi.ini
C:\WINDOWS\system32\rqrooop.dll
C:\WINDOWS\system32\slbibydn.dll
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\winawg32.dll
C:\WINDOWS\system32\xnipdjid.dll
C:\WINDOWS\system32\yayxywt.dll
C:\WINDOWS\system32\yfybevhf.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-20 11:57 . 2008-02-20 11:57 18,944 --a------ C:\WINDOWS\system32\drvpow.dll
2008-02-20 11:47 . 2008-02-20 11:47 1,598,023 --a------ C:\Program Files\ComboFix.exe
2008-02-20 11:40 . 2008-02-20 11:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-20 11:40 . 2008-02-20 11:40 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-02-19 18:56 . 2008-02-19 18:57 <DIR> d-------- C:\Program Files\Saunders Comprehensive NCLEX-RN Review 4e
2008-02-19 16:18 . 2008-02-19 16:18 168,592 --a------ C:\Program Files\FxVMonde.exe
2008-02-19 11:23 . 2008-02-19 11:22 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-19 11:23 . 2008-02-19 11:23 3,449 --a------ C:\WINDOWS\unins000.dat
2008-02-15 21:25 . 2008-02-15 21:25 24,064 --a------ C:\WINDOWS\system32\winkrg32.dll
2008-02-15 21:25 . 2008-02-15 21:25 24,064 --a------ C:\WINDOWS\system32\winipo32.dll
2008-02-11 17:00 . 2008-02-13 17:13 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-08 21:44 . 2008-02-18 12:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-08 21:44 . 2008-02-08 21:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 19:45 . 2000-05-21 19:00 1,009,336 --a------ C:\WINDOWS\system32\mschrt20.ocx
2008-01-28 19:45 . 1999-11-29 05:43 592,896 --a------ C:\WINDOWS\system32\Sfttreex.ocx
2008-01-28 19:45 . 1998-04-26 19:00 570,128 --a------ C:\WINDOWS\system32\Dao350.dll
2008-01-28 19:45 . 1998-08-31 10:32 204,907 --a------ C:\WINDOWS\system32\triedit.dll
2008-01-28 19:45 . 2000-05-08 10:34 204,800 --a------ C:\WINDOWS\system32\lwwotr03.ocx
2008-01-28 19:45 . 1999-05-06 19:00 198,640 --a------ C:\WINDOWS\system32\mci32.ocx
2008-01-28 19:45 . 1998-10-15 12:51 136,192 --a------ C:\WINDOWS\system32\DWSPY32.dll
2008-01-28 19:45 . 1998-10-02 13:13 114,688 --a------ C:\WINDOWS\system32\DWSHK32.ocx
2008-01-28 19:45 . 1998-06-17 19:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.dll
2008-01-28 19:44 . 2008-01-28 19:44 <DIR> d-------- C:\Program Files\LWW
2008-01-28 19:44 . 2001-01-08 14:07 237,568 --a------ C:\WINDOWS\system32\FXIMG50G.OCX
2008-01-28 19:44 . 1999-02-25 14:32 122,880 --a------ C:\WINDOWS\system32\FXTLS532.DLL


HERES THE NEW HIJACKTHIS LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:43 PM, on 2/20/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37380.cab
O21 - SSODL: zip - {cc3d79c9-13c4-4f88-8a01-2324add6255c} - C:\WINDOWS\Installer\{cc3d79c9-13c4-4f88-8a01-2324add6255c}\zip.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8695 bytes

#7 elroy325

elroy325
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 20 February 2008 - 02:07 PM

regarding the deletion of C:\WINDOWS\system32\media\AvidRender.wav
AVID is my editing program. i dont know if this deletion will mess anything up. can i restore this file?

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:40 AM

Posted 20 February 2008 - 05:45 PM

Hello,

Yes you can. Restore it from the quarantine folder Combofix created. Also, you didn't post the complete report. Could you do that please?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 elroy325

elroy325
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 20 February 2008 - 07:34 PM

Hello, Since we last spoke I downloaded and ran VundoFix.exe, VirtumundoBeGone, and SDFix. Here now is the latest Combofix report done AFTER I ran all these programs. I am including a new Hijackthis as well. I removed the AVID file from the quarantined folder...Where does it go...in system32 folder?
Thanks so much!


ComboFix 08-02-20.2 - me 2008-02-20 19:47:10.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.539 [GMT -5:00]
Running from: C:\Program Files\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-20 18:55 . 2008-02-20 18:55 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-20 18:43 . 2008-02-20 19:05 <DIR> d-------- C:\SDFix
2008-02-20 16:20 . 2008-02-20 17:03 <DIR> d-------- C:\VundoFix Backups
2008-02-20 16:11 . 2008-02-20 16:11 132,608 --a------ C:\Program Files\VundoFix.exe
2008-02-20 11:57 . 2008-02-20 11:57 18,944 --a------ C:\WINDOWS\system32\drvpow.dll
2008-02-20 11:47 . 2008-02-20 11:47 1,598,023 --a------ C:\Program Files\ComboFix.exe
2008-02-20 11:40 . 2008-02-20 11:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-20 11:40 . 2008-02-20 11:40 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-02-19 18:56 . 2008-02-19 18:57 <DIR> d-------- C:\Program Files\Saunders Comprehensive NCLEX-RN Review 4e
2008-02-19 16:18 . 2008-02-19 16:18 168,592 --a------ C:\Program Files\FxVMonde.exe
2008-02-19 11:23 . 2008-02-19 11:22 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-19 11:23 . 2008-02-19 11:23 3,449 --a------ C:\WINDOWS\unins000.dat
2008-02-11 17:00 . 2008-02-13 17:13 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-08 21:44 . 2008-02-18 12:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-08 21:44 . 2008-02-08 21:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 19:45 . 2000-05-21 19:00 1,009,336 --a------ C:\WINDOWS\system32\mschrt20.ocx
2008-01-28 19:45 . 1999-11-29 05:43 592,896 --a------ C:\WINDOWS\system32\Sfttreex.ocx
2008-01-28 19:45 . 1998-04-26 19:00 570,128 --a------ C:\WINDOWS\system32\Dao350.dll
2008-01-28 19:45 . 1998-08-31 10:32 204,907 --a------ C:\WINDOWS\system32\triedit.dll
2008-01-28 19:45 . 2000-05-08 10:34 204,800 --a------ C:\WINDOWS\system32\lwwotr03.ocx
2008-01-28 19:45 . 1999-05-06 19:00 198,640 --a------ C:\WINDOWS\system32\mci32.ocx
2008-01-28 19:45 . 1998-10-15 12:51 136,192 --a------ C:\WINDOWS\system32\DWSPY32.dll
2008-01-28 19:45 . 1998-10-02 13:13 114,688 --a------ C:\WINDOWS\system32\DWSHK32.ocx
2008-01-28 19:45 . 1998-06-17 19:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.dll
2008-01-28 19:44 . 2008-01-28 19:44 <DIR> d-------- C:\Program Files\LWW
2008-01-28 19:44 . 2001-01-08 14:07 237,568 --a------ C:\WINDOWS\system32\FXIMG50G.OCX
2008-01-28 19:44 . 1999-02-25 14:32 122,880 --a------ C:\WINDOWS\system32\FXTLS532.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 00:07 --------- d-----w C:\Program Files\FinePixViewer
2008-02-21 00:07 --------- d-----w C:\Program Files\DivX
2008-02-21 00:01 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-21 00:00 65,631,416 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-20 23:23 242 ----a-w C:\Program Files\FxVMonde.log
2008-02-20 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 18:42 1,595,904 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
2008-02-20 16:40 1,734 ----a-w C:\Program Files\HijackThis.lnk
2008-02-20 16:14 1,579,008 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-02-20 16:09 --------- d-----w C:\Program Files\backups
2008-02-19 19:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-19 19:46 --------- d-----w C:\Program Files\Common Files\Real
2008-02-19 18:47 --------- d-----w C:\Program Files\LimeWire
2008-02-19 02:33 --------- d-----w C:\Program Files\HistoryKill
2008-02-11 22:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 23:14 --------- d-----w C:\Program Files\Google
2008-01-13 01:33 --------- d-----w C:\Documents and Settings\me\Application Data\U3
2008-01-06 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gtek
2008-01-06 07:03 --------- d-----w C:\Documents and Settings\me\Application Data\GTek
2008-01-06 02:09 17,918,947 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_05_21_01_31_full.dmp.zip
2008-01-03 02:00 --------- d-----w C:\Documents and Settings\me\Application Data\LimeWire
2008-01-01 19:31 --------- d-----w C:\Program Files\ZoneAlarmSB
2007-12-25 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-30 22:09 3,380,048 ----a-w C:\Program Files\LimeWireWin.exe
2007-08-25 13:29 133,632 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2007-08-25 13:29 1,254,400 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2007-08-25 03:24 4,460,032 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2007-08-25 03:23 4,460,032 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2007-08-24 04:58 3,746,304 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2007-07-09 04:36 4,344,832 -c--a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2007-05-26 01:44 3,462,656 -c--a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2007-04-21 03:53 25,248 ----a-w C:\Documents and Settings\me\Application Data\GDIPFONTCACHEV1.DAT
2007-02-22 00:18 3,965,440 -c--a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-02-22 00:13 3,965,440 -c--a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2006-08-18 15:35 3,460,608 -c--a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2006-07-04 01:06 3,248,128 -c--a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2006-02-10 00:38 812,193 -c--a-w C:\Program Files\Christmas_Fun_Artwork_Installer_en.exe
2006-02-10 00:35 4,912,720 -c--a-w C:\Program Files\World_Traveler_Artwork_Installer_en.exe
2005-10-26 21:42 436,224 -c--a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2005-10-26 00:30 3,066,880 -c--a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2005-10-26 00:30 2,449,408 -c--a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2005-10-17 03:17 3,021,312 -c--a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2005-10-17 03:17 2,442,752 -c--a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2005-10-16 21:27 190,048 -c--a-w C:\Program Files\Morpheus.exe
2005-10-16 14:59 1,756,672 -c--a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2005-10-04 04:45 1,224,192 -c--a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2005-09-25 18:09 648,192 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2005-09-25 18:09 2,407,936 -c--a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2005-09-24 15:26 368,128 -c--a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2005-09-24 12:44 2,406,912 -c--a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2005-09-24 12:44 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2005-09-24 04:12 777,216 -c--a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2005-09-24 04:12 2,406,912 -c--a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2005-09-23 22:57 366,592 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2005-09-23 22:57 2,406,912 -c--a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2005-09-23 19:54 3,054,592 -c--a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2005-09-23 19:54 2,406,912 -c--a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2005-09-15 14:39 2,394,624 -c--a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2005-09-13 03:07 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2005-09-13 03:07 1,975,808 -c--a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2005-09-13 02:09 9,216 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2005-09-13 02:09 1,975,808 -c--a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2005-09-13 02:06 2,706,944 -c--a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2005-09-13 02:03 1,978,368 -c--a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2005-09-06 04:57 2,861,056 -c--a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2005-09-06 04:57 1,927,168 -c--a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2005-07-17 03:55 1,729,536 -c--a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2005-07-17 03:55 1,528,832 -c--a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2005-07-16 17:47 2,946,048 -c--a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2005-07-16 17:47 1,731,072 -c--a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2005-07-09 04:46 1,702,912 -c--a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2005-07-09 04:45 2,945,024 -c--a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2005-06-15 03:35 577,024 -c--a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2005-06-15 03:35 1,521,664 -c--a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2005-06-14 02:59 170,496 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2005-06-14 02:59 1,493,504 -c--a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2005-06-14 02:04 37,888 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2005-06-14 02:04 1,463,808 -c--a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2005-06-14 01:56 128,000 -c--a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2005-06-14 01:56 1,447,936 -c--a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2005-06-13 23:58 1,550,336 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2005-06-13 01:38 2,978,304 -c--a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2004-12-15 15:40 203,264 ----a-w C:\Program Files\HijackThis.exe
2003-09-12 19:18 12,760,064 -c--a-w C:\Program Files\BorisRED3 AE.aex
2003-03-11 03:10 23,725,470 -c--a-w C:\Program Files\Cleaner 5.2 Full(Autodesk-Discreet).exe
2002-07-26 22:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2007-06-30 16:14 1,786 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-01 14:31 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
{8E718888-423F-11D2-876E-00A0C9082467}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-01 14:31 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 11:55 1871872]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-23 18:14 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2007-09-22 09:52 212992]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2002-12-19 05:31 69632]
"HostManager"="C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe" [2007-09-22 09:51 45056]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 16:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 18:49 125632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44 271672]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 13:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 13:45 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 06:46 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 17:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 11:18 77824]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 13:16 5058560]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-03-13 17:00:17 294912]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-12 00:17 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 07:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HistoryKill]
--a------ 2003-05-21 21:11 245760 C:\Program Files\HistoryKill\histkill.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-09-22 09:51 45056 C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 13:16 741376 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--------- 2002-02-04 22:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2005-04-18 11:16 73728 C:\Program Files\Logitech\Profiler\lwemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosGbWatcher]
--a------ 2005-04-26 02:02 118837 C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe

R0 Spssys;Toshiba SPS Service;C:\WINDOWS\System32\drivers\spssys.sys [2004-05-07 21:56]
R3 Msikbd2k;DellTouch;C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2000-10-03 14:18]
S2 VRDVC20;Sony VRD-VC20 [Video Capture];C:\WINDOWS\System32\Drivers\VRDVC20X.SYS [2004-11-09 10:02]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [2004-10-15 11:50]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-01-18 21:44]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-01-19 02:17]
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\System32\Drivers\BW2NDIS5.sys []
S3 PortlUSB;PortlUSB;C:\WINDOWS\System32\DRIVERS\SiriusUSB.sys []
S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\System32\DRIVERS\scsiscan.sys [2001-08-17 13:53]
S4 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe [2001-08-06 12:41]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-14 14:09:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-06 22:37:59 C:\WINDOWS\Tasks\PDMarq Audio Recorder.job"
- C:\Documents and Settings\me\Desktop\PDMarq Audio Recorder.LNK
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 19:48:27
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20 19:49:24
ComboFix-quarantined-files.txt 2008-02-21 00:49:14
ComboFix2.txt 2008-02-21 00:28:51
ComboFix3.txt 2008-02-20 22:57:20
ComboFix4.txt 2008-02-20 18:53:17


NEW HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:36 PM, on 2/20/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155845066\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37380.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8561 bytes

Edited by elroy325, 20 February 2008 - 07:53 PM.


#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:40 AM

Posted 20 February 2008 - 08:50 PM

Are you getting help at another forum? :thumbsup:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users