Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Google Errors


  • This topic is locked This topic is locked
14 replies to this topic

#1 Guest_UKRaidersfan_*

Guest_UKRaidersfan_*

  • Guests
  • OFFLINE
  •  

Posted 25 February 2008 - 03:24 PM

When i click on any links in google it takes me to a random website. The thing that seems to keep redirecting me is fresh-weather.com. Any wayz here is my log plz help iv run all these programs all weekend and still dont know what is wrong.

ijLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:21, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\MapEDC\MapEDC.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
G:\Codemasters Overlord Desktop Minion\desktop_minion.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtsqq.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\ieicucc\services.exe
O2 - BHO: (no name) - {00B4209C-E375-9EDF-2820-C8CE199EB795} - C:\WINDOWS\system32\lziu.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {195EE07D-71E3-56B4-1458-71C785C5E026} - C:\DOCUME~1\Liam\APPLIC~1\FASTDE~1\user one.exe (file missing)
O2 - BHO: (no name) - {29A71A84-DC44-8ABD-4336-AD38054D97CD} - C:\WINDOWS\System32\rklwhy.dll (file missing)
O2 - BHO: (no name) - {3EC6EEA9-761A-08B3-1B06-0A923D5A89C5} - C:\WINDOWS\system32\dgyoqlo.dll (file missing)
O2 - BHO: (no name) - {429D15DB-EC3D-52EC-4261-6A21411078EA} - C:\DOCUME~1\Liam\APPLIC~1\FASTDE~1\user one.exe (file missing)
O2 - BHO: (no name) - {4C6D432F-DDC0-A536-997C-AD98CC66F3C9} - C:\WINDOWS\system32\cqwkjle.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - unifff.dll (file missing)
O2 - BHO: (no name) - {73993DB5-FFA4-4D3F-8800-67AEFCE948D5} - C:\WINDOWS\system32\mljgh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {818927B1-ED26-BADC-2652-9B5B215F65C4} - C:\WINDOWS\system32\hsxc.dll
O2 - BHO: (no name) - {818927B2-ED26-BADC-2650-E65B502165B4} - C:\WINDOWS\system32\hsxc.dll
O2 - BHO: (no name) - {838927C0-ED27-C8D8-2620-985B215B65C0} - C:\WINDOWS\system32\hsxc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: (no name) - {D5B61008-08C0-43D2-BF93-4176646F4BB2} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - C:\WINDOWS\system32\qomlmmj.dll
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\rqrpnmm.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SlowCreativeBurnBalm] C:\Documents and Settings\All Users\Application Data\noun poll slow creative\fivemeow.exe
O4 - HKLM\..\Run: [Bat Wave Base Dale] C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\joy list.exe
O4 - HKLM\..\RunServices: [IE6] tsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "g:\games\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Dupewave] C:\DOCUME~1\Liam\APPLIC~1\BENDBI~1\viewbags.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Dupewave] C:\DOCUME~1\LOCALS~1\APPLIC~1\BENDBI~1\viewbags.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: desktop_minion932407689.lnk = G:\Codemasters Overlord Desktop Minion\desktop_minion.exe
O4 - Startup: services.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.eversoft.co.kr/vmpinstaller/ins..._le26r74bd.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O20 - AppInit_DLLs: wucrtupd.dll c:\windows\system32\wucrtupd.dll c:\windows\system32\wucrtupd.dll
O20 - Winlogon Notify: qomlmmj - C:\WINDOWS\SYSTEM32\qomlmmj.dll
O20 - Winlogon Notify: rqrpnmm - rqrpnmm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 11049 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium

Posted 26 February 2008 - 08:53 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Guest_UKRaidersfan_*

Guest_UKRaidersfan_*

  • Guests
  • OFFLINE
  •  

Posted 26 February 2008 - 02:35 PM

First here is my malwarebytes log:
Malwarebytes' Anti-Malware 1.05
Database version: 408

Scan type: Quick Scan
Objects scanned: 37081
Time elapsed: 8 minute(s), 14 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 17

Memory Processes Infected:
c:\program files\MapEDC\MapEDC.exe (Trojan.Stars) -> Unloaded process successfully.
c:\program files\JavaCore\JavaCore.exe (Trojan.Insider) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73993db5-ffa4-4d3f-8800-67aefce948d5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{73993db5-ffa4-4d3f-8800-67aefce948d5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d85530e8-d39d-49d0-9f36-300d594556d2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d85530e8-d39d-49d0-9f36-300d594556d2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomlmmj (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6607e676-1bde-4cb3-9913-4dc5ebcae35e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6607e676-1bde-4cb3-9913-4dc5ebcae35e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\javacore (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\software\saap (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate (Backdoor.Rustock) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MapEDC (Trojan.Stars) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaCore (Trojan.Insider) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d85530e8-d39d-49d0-9f36-300d594556d2} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljgh.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nGpxx01 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MapEDC (Adware.Maxifiles) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\MapEDC\MapEDC.exe (Trojan.Stars) -> Quarantined and deleted successfully.
c:\program files\JavaCore\JavaCore.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mljgh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgjlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgjlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qomlmmj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unifff.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\b153.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu572.exe.tmp (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MapEDC\IDE.stt (Adware.Maxifiles) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu572.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\b152.exe (Heuristic.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\conf.dat (Malware.Trace) -> Quarantined and deleted successfully.

#4 Guest_UKRaidersfan_*

Guest_UKRaidersfan_*

  • Guests
  • OFFLINE
  •  

Posted 26 February 2008 - 02:36 PM

And now the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:01, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtsqq.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\ieicucc\services.exe
O2 - BHO: (no name) - {00B4209C-E375-9EDF-2820-C8CE199EB795} - C:\WINDOWS\system32\lziu.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {195EE07D-71E3-56B4-1458-71C785C5E026} - C:\DOCUME~1\Liam\APPLIC~1\FASTDE~1\user one.exe (file missing)
O2 - BHO: (no name) - {29A71A84-DC44-8ABD-4336-AD38054D97CD} - C:\WINDOWS\System32\rklwhy.dll (file missing)
O2 - BHO: (no name) - {3EC6EEA9-761A-08B3-1B06-0A923D5A89C5} - C:\WINDOWS\system32\dgyoqlo.dll (file missing)
O2 - BHO: (no name) - {429D15DB-EC3D-52EC-4261-6A21411078EA} - C:\DOCUME~1\Liam\APPLIC~1\FASTDE~1\user one.exe (file missing)
O2 - BHO: (no name) - {4C6D432F-DDC0-A536-997C-AD98CC66F3C9} - C:\WINDOWS\system32\cqwkjle.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {818927B1-ED26-BADC-2652-9B5B215F65C4} - C:\WINDOWS\system32\hsxc.dll
O2 - BHO: (no name) - {818927B2-ED26-BADC-2650-E65B502165B4} - C:\WINDOWS\system32\hsxc.dll
O2 - BHO: (no name) - {838927C0-ED27-C8D8-2620-985B215B65C0} - C:\WINDOWS\system32\hsxc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: (no name) - {D5B61008-08C0-43D2-BF93-4176646F4BB2} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\rqrpnmm.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SlowCreativeBurnBalm] C:\Documents and Settings\All Users\Application Data\noun poll slow creative\fivemeow.exe
O4 - HKLM\..\Run: [Bat Wave Base Dale] C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\joy list.exe
O4 - HKLM\..\RunServices: [IE6] tsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "g:\games\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Dupewave] C:\DOCUME~1\Liam\APPLIC~1\BENDBI~1\viewbags.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Dupewave] C:\DOCUME~1\LOCALS~1\APPLIC~1\BENDBI~1\viewbags.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: desktop_minion932407689.lnk = G:\Codemasters Overlord Desktop Minion\desktop_minion.exe
O4 - Startup: services.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.eversoft.co.kr/vmpinstaller/ins..._le26r74bd.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O20 - AppInit_DLLs: wucrtupd.dll c:\windows\system32\wucrtupd.dll c:\windows\system32\wucrtupd.dll
O20 - Winlogon Notify: rqrpnmm - rqrpnmm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 10348 bytes

#5 Guest_UKRaidersfan_*

Guest_UKRaidersfan_*

  • Guests
  • OFFLINE
  •  

Posted 26 February 2008 - 02:38 PM

Well thanks for your help this seems to have fixed it but if u see anything wrong plz notify me. once again thank you

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:07 AM

Posted 26 February 2008 - 03:17 PM

Hi,

It's not fixed yet though... there's still a lot of malware present here, so do next please..

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Guest_UKRaidersfan_*

Guest_UKRaidersfan_*

  • Guests
  • OFFLINE
  •  

Posted 26 February 2008 - 04:57 PM

Combo fix log:
ComboFix 08-02-25.3 - Liam 2008-02-26 21:37:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.113 [GMT 0:00]
Running from: C:\Documents and Settings\Liam\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Lisa\Application Data\ASKS~1
C:\Documents and Settings\Lisa\Application Data\CROSOF~1
C:\Documents and Settings\Lisa\Application Data\CROSOF~1.NET
C:\Documents and Settings\Lisa\Application Data\DOBE~1
C:\Documents and Settings\Lisa\Application Data\ICROSO~1
C:\Documents and Settings\Lisa\Application Data\RACLE~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\ymante~1
C:\Program Files\ecurit~1
C:\Program Files\fnts~1
C:\Program Files\mantec~1
C:\Program Files\ppatch~1
C:\Program Files\sstem3~1
C:\Program Files\wnsxs~1
C:\Program Files\ymante~1
C:\Program Files\ystem3~1
C:\Temp\bkR11
C:\Temp\isgTi19
C:\WINDOWS\crosof~1
C:\WINDOWS\dobe~1
C:\WINDOWS\icroso~1.net
C:\WINDOWS\msettings.ini
C:\WINDOWS\racle~1
C:\WINDOWS\sks~1
C:\WINDOWS\smante~1
C:\WINDOWS\sstem3~1
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\L6954.tmp.exe
C:\WINDOWS\system32\lgngjuyl.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\tcehqjes.dll
C:\WINDOWS\system32\vtusspo.dll
C:\WINDOWS\system32\wnsintit.exe
C:\WINDOWS\system32\ymante~1
C:\WINDOWS\system32\ystem3~1

----- BITS: Possible infected sites -----

hxxp://download.microsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSUPDATE


((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-26 19:22 . 2008-02-26 19:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-26 19:22 . 2008-02-26 19:22 <DIR> d-------- C:\Documents and Settings\Liam\Application Data\Malwarebytes
2008-02-26 19:22 . 2008-02-26 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-26 19:21 . 2008-02-26 19:21 1,366,048 --a------ C:\Program Files\mbam-setup.exe
2008-02-24 16:47 . 2008-02-24 16:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-24 16:47 . 2008-02-24 16:47 2,540 --a------ C:\WINDOWS\unins000.dat
2008-02-24 10:36 . 2008-02-24 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 10:33 . 2008-02-24 10:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 10:32 . 2008-02-24 10:33 21,364,592 --a------ C:\Program Files\aaw2007.exe
2008-02-24 00:37 . 2008-02-24 14:48 <DIR> d-------- C:\VundoFix Backups
2008-02-24 00:16 . 2008-02-24 00:21 <DIR> d-------- C:\fixwareout
2008-02-24 00:16 . 2008-02-24 00:16 486,449 --a------ C:\Program Files\Fixwareout.exe
2008-02-24 00:04 . 2008-02-24 00:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 00:03 . 2008-02-24 00:04 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-02-22 19:17 . 2008-02-23 21:26 70,879 --a------ C:\WINDOWS\BMb7a7ea57.xml
2008-02-22 19:16 . 2008-02-23 22:22 22 --a------ C:\WINDOWS\pskt.ini
2008-02-20 22:17 . 2008-02-20 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-20 22:12 . 2008-02-20 22:12 <DIR> d-------- C:\Program Files\Bonjour
2008-02-20 22:05 . 2008-02-20 22:05 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-13 19:21 . 2008-02-13 19:21 5,785 --a------ C:\Documents and Settings\Liam\957123845.exe
2008-02-13 19:21 . 2008-02-13 19:21 5,785 --a------ C:\Documents and Settings\Liam\957123844.exe
2008-02-13 19:21 . 2008-02-13 19:21 5,785 --a------ C:\Documents and Settings\Liam\286.exe
2008-02-12 19:37 . 2008-02-12 19:37 21,746,305 --a------ C:\Program Files\halozero.zip
2008-02-01 17:28 . 2008-02-01 17:28 <DIR> d-------- C:\Temp\cXzz9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 16:59 103,980 ----a-w C:\Program Files\msxbox-world.htm
2008-02-24 10:36 --------- d-----w C:\Program Files\Lavasoft
2008-02-24 00:14 44,389 ----a-w C:\Program Files\611543-fresh-weather-hijack.htm
2008-02-23 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-02-22 19:51 --------- d-----w C:\Documents and Settings\Liam\Application Data\AdobeUM
2008-02-20 22:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 23:13 --------- d-----w C:\Program Files\D-Tools
2008-02-02 22:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-20 14:58 18,207,736 ----a-w C:\Program Files\VeohSetup-3.8.0.1051.exe
2008-01-20 14:26 --------- d-----w C:\Program Files\DivX
2008-01-20 14:21 2,384,591 ----a-w C:\Program Files\ac3filter_1_46.exe
2008-01-20 14:21 --------- d-----w C:\Program Files\AC3Filter
2008-01-17 22:24 --------- d-----w C:\Documents and Settings\Guest\Application Data\DivX
2008-01-10 19:22 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-06 21:03 --------- d-----w C:\Program Files\QuickTime
2008-01-06 21:03 --------- d-----w C:\Program Files\iTunes
2006-10-16 18:32 24,200 -c--a-w C:\Documents and Settings\Liam\Application Data\GDIPFONTCACHEV1.DAT
2006-08-27 22:15 24,200 ----a-w C:\Documents and Settings\Lisa\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

21314f610bf3664fec05fc682e7cb354 C:\WINDOWS\system32\drivers\tcpip.sys
-c----w 332,928 2002-08-29 01:58:12 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
----a-w 359,040 2004-08-04 06:14:40 C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\tcpip.sys
----a-w 359,040 2007-06-08 19:48:40 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00B4209C-E375-9EDF-2820-C8CE199EB795}]
C:\WINDOWS\system32\lziu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{195EE07D-71E3-56B4-1458-71C785C5E026}]
C:\DOCUME~1\Liam\APPLIC~1\FASTDE~1\user one.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29A71A84-DC44-8ABD-4336-AD38054D97CD}]
C:\WINDOWS\System32\rklwhy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EC6EEA9-761A-08B3-1B06-0A923D5A89C5}]
C:\WINDOWS\system32\dgyoqlo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{429D15DB-EC3D-52EC-4261-6A21411078EA}]
C:\DOCUME~1\Liam\APPLIC~1\FASTDE~1\user one.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C6D432F-DDC0-A536-997C-AD98CC66F3C9}]
C:\WINDOWS\system32\cqwkjle.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{818927B1-ED26-BADC-2652-9B5B215F65C4}]
2006-12-11 13:39 56320 --a------ C:\WINDOWS\system32\hsxc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{818927B2-ED26-BADC-2650-E65B502165B4}]
2006-12-11 13:39 56320 --a------ C:\WINDOWS\system32\hsxc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{838927C0-ED27-C8D8-2620-985B215B65C0}]
2006-12-11 13:39 56320 --a------ C:\WINDOWS\system32\hsxc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5B61008-08C0-43D2-BF93-4176646F4BB2}]
C:\WINDOWS\system32\vtsqq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Steam"="g:\games\valve\steam\steam.exe" [ ]
"Dupewave"="C:\DOCUME~1\Liam\APPLIC~1\BENDBI~1\viewbags.exe" [ ]
"services"="" []
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-01-10 14:04 315392 C:\WINDOWS\system32\nwiz.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]
"SlowCreativeBurnBalm"="C:\Documents and Settings\All Users\Application Data\noun poll slow creative\fivemeow.exe" [ ]
"Bat Wave Base Dale"="C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\joy list.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"IE6"="tsass.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 09:02 219136]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-03 23:56 15360]
"Dupewave"="C:\DOCUME~1\LOCALS~1\APPLIC~1\BENDBI~1\viewbags.exe" [2005-07-31 21:31 219978]

C:\Documents and Settings\Lisa\Start Menu\Programs\Startup\
desktop_minion932407689.lnk - G:\Codemasters Overlord Desktop Minion\desktop_minion.exe [2007-06-27 20:08:15 1177004]

C:\Documents and Settings\Liam\Start Menu\Programs\Startup\
desktop_minion932407689.lnk - G:\Codemasters Overlord Desktop Minion\desktop_minion.exe [2007-06-27 20:08:15 1177004]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-11-22 15:32:31 169472]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-07-23 19:10:48 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrpnmm]
rqrpnmm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockChecker]
C:\Program Files\Block Checker\block-checker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dupewave]
C:\DOCUME~1\Liam\APPLIC~1\BENDBI~1\viewbags.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2002-11-08 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mess error rule regs]
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\else bore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
-ra------ 2002-11-13 07:34 73728 C:\WINDOWS\system32\sstray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwbejcv]
C:\WINDOWS\pwbejcv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlowCreativeBurnBalm]
C:\Documents and Settings\All Users\Application Data\noun poll slow creative\else bait.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\valve\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yoz]
--a------ 2001-08-23 12:00 10368 C:\WINDOWS\System32\w?wexec.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"G:\\Games\\Warcraft III\\Warcraft III.exe"=
"G:\\Games\\Warcraft III\\War3.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"G:\\Warcraft III\\Warcraft III.exe"=
"G:\\Rome total war\\RomeTW.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\patchget.dat"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft hosting
"4000:TCP"= 4000:TCP:Warcraft hosting 2
"6113:TCP"= 6113:TCP:Warcraft hosting 3
"6114:TCP"= 6114:TCP:Warcraft hosting 4
"6115:TCP"= 6115:TCP:Warcraft hosting 5
"6116:TCP"= 6116:TCP:Warcraft hosting 6
"6117:TCP"= 6117:TCP:Warcraft hosting 7
"6118:TCP"= 6118:TCP:Warcraft hosting 8
"6119:TCP"= 6119:TCP:Warcraft hosting 9

R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 11:14]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 14:05]
S3 bDMusicb;bDMusicb;C:\DOCUME~1\Liam\LOCALS~1\Temp\bDMusicb.sys []
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys [2002-11-08 09:50]
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 14:05]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 08:10]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 21:00:00 C:\WINDOWS\Tasks\A2A01FD090CB9C4C.job"
- c:\docume~1\locals~1\applic~1\bendbi~1\Mpegtitleactive.exe
"2008-02-24 00:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-16 09:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2007-12-06 03:00:00 C:\WINDOWS\Tasks\At100.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2007-12-06 04:00:00 C:\WINDOWS\Tasks\At101.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2007-12-06 05:00:00 C:\WINDOWS\Tasks\At102.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2007-12-06 06:00:00 C:\WINDOWS\Tasks\At103.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2007-12-06 07:00:00 C:\WINDOWS\Tasks\At104.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2007-11-07 08:00:01 C:\WINDOWS\Tasks\At105.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-16 09:00:00 C:\WINDOWS\Tasks\At106.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-16 10:00:00 C:\WINDOWS\Tasks\At107.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-24 11:00:03 C:\WINDOWS\Tasks\At108.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-24 12:00:01 C:\WINDOWS\Tasks\At109.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-16 10:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-24 13:00:01 C:\WINDOWS\Tasks\At110.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-24 14:00:01 C:\WINDOWS\Tasks\At111.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-24 15:00:01 C:\WINDOWS\Tasks\At112.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-24 16:00:02 C:\WINDOWS\Tasks\At113.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-25 17:00:00 C:\WINDOWS\Tasks\At114.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-25 18:00:00 C:\WINDOWS\Tasks\At115.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-25 19:00:00 C:\WINDOWS\Tasks\At116.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-26 20:00:00 C:\WINDOWS\Tasks\At117.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-26 21:00:00 C:\WINDOWS\Tasks\At118.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-23 22:00:01 C:\WINDOWS\Tasks\At119.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-24 11:00:03 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-23 23:00:02 C:\WINDOWS\Tasks\At120.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-02-24 00:00:00 C:\WINDOWS\Tasks\At121.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-01-20 01:00:00 C:\WINDOWS\Tasks\At122.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2007-12-06 02:00:00 C:\WINDOWS\Tasks\At123.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2007-12-06 03:00:00 C:\WINDOWS\Tasks\At124.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2007-12-06 04:00:00 C:\WINDOWS\Tasks\At125.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2007-12-06 05:00:00 C:\WINDOWS\Tasks\At126.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2007-12-06 06:00:00 C:\WINDOWS\Tasks\At127.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2007-12-06 07:00:00 C:\WINDOWS\Tasks\At128.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2007-11-07 08:00:01 C:\WINDOWS\Tasks\At129.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-24 12:00:01 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-16 09:00:00 C:\WINDOWS\Tasks\At130.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-16 10:00:00 C:\WINDOWS\Tasks\At131.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-24 11:00:03 C:\WINDOWS\Tasks\At132.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-24 12:00:01 C:\WINDOWS\Tasks\At133.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-24 13:00:02 C:\WINDOWS\Tasks\At134.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-24 14:00:01 C:\WINDOWS\Tasks\At135.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-24 15:00:01 C:\WINDOWS\Tasks\At136.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-24 16:00:02 C:\WINDOWS\Tasks\At137.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-25 17:00:01 C:\WINDOWS\Tasks\At138.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-25 18:00:00 C:\WINDOWS\Tasks\At139.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-24 13:00:02 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-25 19:00:00 C:\WINDOWS\Tasks\At140.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-26 20:00:00 C:\WINDOWS\Tasks\At141.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-26 21:00:00 C:\WINDOWS\Tasks\At142.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-23 22:00:01 C:\WINDOWS\Tasks\At143.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-23 23:00:02 C:\WINDOWS\Tasks\At144.job"
- C:\WINDOWS\system32\K7vb8aA1.exe
"2008-02-24 14:00:01 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-24 15:00:01 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-24 16:00:02 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-25 17:00:01 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-25 18:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-01-20 01:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-25 19:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-26 20:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-26 21:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-23 22:00:01 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-23 23:00:03 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-24 00:00:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-01-20 01:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2007-12-06 02:00:00 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2007-12-06 03:00:00 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2007-12-06 04:00:00 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2007-12-06 02:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2007-12-06 05:00:00 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2007-12-06 06:00:00 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2007-12-06 07:00:00 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2007-11-07 08:00:01 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-16 09:00:00 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-16 10:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-24 11:00:03 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-24 12:00:01 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-24 13:00:02 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-24 14:00:01 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2007-12-06 03:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-24 15:00:01 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-24 16:00:02 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-25 17:00:01 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-25 18:00:00 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-25 19:00:01 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-26 20:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-26 21:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-23 22:00:02 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-23 23:00:03 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\5r7DH2Qr.exe
"2008-02-24 00:00:00 C:\WINDOWS\Tasks\At49.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2007-12-06 04:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-01-20 01:00:00 C:\WINDOWS\Tasks\At50.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2007-12-06 02:00:00 C:\WINDOWS\Tasks\At51.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2007-12-06 03:00:00 C:\WINDOWS\Tasks\At52.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2007-12-06 04:00:00 C:\WINDOWS\Tasks\At53.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2007-12-06 05:00:00 C:\WINDOWS\Tasks\At54.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2007-12-06 06:00:00 C:\WINDOWS\Tasks\At55.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2007-12-06 07:00:00 C:\WINDOWS\Tasks\At56.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2007-11-07 08:00:02 C:\WINDOWS\Tasks\At57.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-16 09:00:00 C:\WINDOWS\Tasks\At58.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-16 10:00:00 C:\WINDOWS\Tasks\At59.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2007-12-06 05:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-24 11:00:03 C:\WINDOWS\Tasks\At60.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-24 12:00:02 C:\WINDOWS\Tasks\At61.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-24 13:00:02 C:\WINDOWS\Tasks\At62.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-24 14:00:01 C:\WINDOWS\Tasks\At63.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-24 15:00:01 C:\WINDOWS\Tasks\At64.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-24 16:00:02 C:\WINDOWS\Tasks\At65.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-25 17:00:01 C:\WINDOWS\Tasks\At66.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-25 18:00:00 C:\WINDOWS\Tasks\At67.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-25 19:00:01 C:\WINDOWS\Tasks\At68.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-26 20:00:00 C:\WINDOWS\Tasks\At69.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2007-12-06 06:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-26 21:00:00 C:\WINDOWS\Tasks\At70.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-23 22:00:02 C:\WINDOWS\Tasks\At71.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-23 23:00:03 C:\WINDOWS\Tasks\At72.job"
- C:\WINDOWS\system32\E67VXykI.exe
"2008-02-24 00:00:00 C:\WINDOWS\Tasks\At73.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-01-20 01:00:00 C:\WINDOWS\Tasks\At74.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2007-12-06 02:00:00 C:\WINDOWS\Tasks\At75.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2007-12-06 03:00:00 C:\WINDOWS\Tasks\At76.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2007-12-06 04:00:00 C:\WINDOWS\Tasks\At77.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2007-12-06 05:00:00 C:\WINDOWS\Tasks\At78.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2007-12-06 06:00:00 C:\WINDOWS\Tasks\At79.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2007-12-06 07:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2007-12-06 07:00:00 C:\WINDOWS\Tasks\At80.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2007-11-07 08:00:02 C:\WINDOWS\Tasks\At81.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-16 09:00:00 C:\WINDOWS\Tasks\At82.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-16 10:00:00 C:\WINDOWS\Tasks\At83.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-24 11:00:03 C:\WINDOWS\Tasks\At84.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-24 12:00:02 C:\WINDOWS\Tasks\At85.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-24 13:00:02 C:\WINDOWS\Tasks\At86.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-24 14:00:03 C:\WINDOWS\Tasks\At87.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-24 15:00:01 C:\WINDOWS\Tasks\At88.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-24 16:00:02 C:\WINDOWS\Tasks\At89.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2007-11-07 08:00:02 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\4HUk5yxL.exe
"2008-02-25 17:00:01 C:\WINDOWS\Tasks\At90.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-25 18:00:00 C:\WINDOWS\Tasks\At91.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-25 19:00:01 C:\WINDOWS\Tasks\At92.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-26 20:00:00 C:\WINDOWS\Tasks\At93.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-26 21:00:00 C:\WINDOWS\Tasks\At94.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-23 22:00:02 C:\WINDOWS\Tasks\At95.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-23 23:00:04 C:\WINDOWS\Tasks\At96.job"
- C:\WINDOWS\system32\BPwT121n.exe
"2008-02-24 00:00:00 C:\WINDOWS\Tasks\At97.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2008-01-20 01:00:00 C:\WINDOWS\Tasks\At98.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
"2007-12-06 02:00:00 C:\WINDOWS\Tasks\At99.job"
- C:\WINDOWS\system32\i4Ow80f0.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 21:47:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-02-26 21:51:41 - machine was rebooted [Liam]
ComboFix-quarantined-files.txt 2008-02-26 21:51:38





Oops forgot the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:53, on 26/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
O2 - BHO: (no name) - {00B4209C-E375-9EDF-2820-C8CE199EB795} - C:\WINDOWS\system32\lziu.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {195EE07D-71E3-56B4-1458-71C785C5E026} - C:\DOCUME~1\Liam\APPLIC~1\FASTDE~1\user one.exe (file missing)
O2 - BHO: (no name) - {29A71A84-DC44-8ABD-4336-AD38054D97CD} - C:\WINDOWS\System32\rklwhy.dll (file missing)
O2 - BHO: (no name) - {3EC6EEA9-761A-08B3-1B06-0A923D5A89C5} - C:\WINDOWS\system32\dgyoqlo.dll (file missing)
O2 - BHO: (no name) - {429D15DB-EC3D-52EC-4261-6A21411078EA} - C:\DOCUME~1\Liam\APPLIC~1\FASTDE~1\user one.exe (file missing)
O2 - BHO: (no name) - {4C6D432F-DDC0-A536-997C-AD98CC66F3C9} - C:\WINDOWS\system32\cqwkjle.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {818927B1-ED26-BADC-2652-9B5B215F65C4} - C:\WINDOWS\system32\hsxc.dll
O2 - BHO: (no name) - {818927B2-ED26-BADC-2650-E65B502165B4} - C:\WINDOWS\system32\hsxc.dll
O2 - BHO: (no name) - {838927C0-ED27-C8D8-2620-985B215B65C0} - C:\WINDOWS\system32\hsxc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: (no name) - {D5B61008-08C0-43D2-BF93-4176646F4BB2} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SlowCreativeBurnBalm] C:\Documents and Settings\All Users\Application Data\noun poll slow creative\fivemeow.exe
O4 - HKLM\..\Run: [Bat Wave Base Dale] C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\joy list.exe
O4 - HKLM\..\RunServices: [IE6] tsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "g:\games\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Dupewave] C:\DOCUME~1\Liam\APPLIC~1\BENDBI~1\viewbags.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Dupewave] C:\DOCUME~1\LOCALS~1\APPLIC~1\BENDBI~1\viewbags.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: desktop_minion932407689.lnk = G:\Codemasters Overlord Desktop Minion\desktop_minion.exe
O4 - Startup: services.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.eversoft.co.kr/vmpinstaller/ins..._le26r74bd.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O20 - Winlogon Notify: rqrpnmm - rqrpnmm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 9699 bytes

Edited by UKRaidersfan, 26 February 2008 - 05:06 PM.


#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium

Posted 26 February 2008 - 05:27 PM

Hi,

From what I see.. You are already dealing with popups for ages! Why did you wait so long? :thumbsup:

Anyway, do next please.

Download the following attachement CFScript.txt: [attachment=4048:CFScript.txt]
ABOVE SCRIPT is for this person only!!!

Place it on your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Guest_UKRaidersfan_*

Guest_UKRaidersfan_*

  • Guests
  • OFFLINE
  •  

Posted 27 February 2008 - 02:38 PM

Well i did have a lot of pop ups but i thought that was normal. My training as a computer technician must be going well then :thumbsup: Well anyway heres the new combofix log:

ComboFix 08-02-25.3 - Liam 2008-02-27 19:23:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.172 [GMT 0:00]
Running from: C:\Documents and Settings\Liam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Liam\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Liam\286.exe
C:\Documents and Settings\Liam\957123844.exe
C:\Documents and Settings\Liam\957123845.exe
C:\Documents and Settings\Liam\Start Menu\Programs\Startup\services.lnk
C:\Program Files\611543-fresh-weather-hijack.htm
C:\WINDOWS\BMb7a7ea57.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\4HUk5yxL.exe
C:\WINDOWS\system32\5r7DH2Qr.exe
C:\WINDOWS\system32\BPwT121n.exe
C:\WINDOWS\system32\E67VXykI.exe
C:\WINDOWS\system32\hsxc.dll
C:\WINDOWS\system32\K7vb8aA1.exe
C:\WINDOWS\Tasks\A2A01FD090CB9C4C.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At100.job
C:\WINDOWS\Tasks\At101.job
C:\WINDOWS\Tasks\At102.job
C:\WINDOWS\Tasks\At103.job
C:\WINDOWS\Tasks\At104.job
C:\WINDOWS\Tasks\At105.job
C:\WINDOWS\Tasks\At106.job
C:\WINDOWS\Tasks\At107.job
C:\WINDOWS\Tasks\At108.job
C:\WINDOWS\Tasks\At109.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At110.job
C:\WINDOWS\Tasks\At111.job
C:\WINDOWS\Tasks\At112.job
C:\WINDOWS\Tasks\At113.job
C:\WINDOWS\Tasks\At114.job
C:\WINDOWS\Tasks\At115.job
C:\WINDOWS\Tasks\At116.job
C:\WINDOWS\Tasks\At117.job
C:\WINDOWS\Tasks\At118.job
C:\WINDOWS\Tasks\At119.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At120.job
C:\WINDOWS\Tasks\At121.job
C:\WINDOWS\Tasks\At122.job
C:\WINDOWS\Tasks\At123.job
C:\WINDOWS\Tasks\At124.job
C:\WINDOWS\Tasks\At125.job
C:\WINDOWS\Tasks\At126.job
C:\WINDOWS\Tasks\At127.job
C:\WINDOWS\Tasks\At128.job
C:\WINDOWS\Tasks\At129.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At130.job
C:\WINDOWS\Tasks\At131.job
C:\WINDOWS\Tasks\At132.job
C:\WINDOWS\Tasks\At133.job
C:\WINDOWS\Tasks\At134.job
C:\WINDOWS\Tasks\At135.job
C:\WINDOWS\Tasks\At136.job
C:\WINDOWS\Tasks\At137.job
C:\WINDOWS\Tasks\At138.job
C:\WINDOWS\Tasks\At139.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At140.job
C:\WINDOWS\Tasks\At141.job
C:\WINDOWS\Tasks\At142.job
C:\WINDOWS\Tasks\At143.job
C:\WINDOWS\Tasks\At144.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At73.job
C:\WINDOWS\Tasks\At74.job
C:\WINDOWS\Tasks\At75.job
C:\WINDOWS\Tasks\At76.job
C:\WINDOWS\Tasks\At77.job
C:\WINDOWS\Tasks\At78.job
C:\WINDOWS\Tasks\At79.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At80.job
C:\WINDOWS\Tasks\At81.job
C:\WINDOWS\Tasks\At82.job
C:\WINDOWS\Tasks\At83.job
C:\WINDOWS\Tasks\At84.job
C:\WINDOWS\Tasks\At85.job
C:\WINDOWS\Tasks\At86.job
C:\WINDOWS\Tasks\At87.job
C:\WINDOWS\Tasks\At88.job
C:\WINDOWS\Tasks\At89.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At90.job
C:\WINDOWS\Tasks\At91.job
C:\WINDOWS\Tasks\At92.job
C:\WINDOWS\Tasks\At93.job
C:\WINDOWS\Tasks\At94.job
C:\WINDOWS\Tasks\At95.job
C:\WINDOWS\Tasks\At96.job
C:\WINDOWS\Tasks\At97.job
C:\WINDOWS\Tasks\At98.job
C:\WINDOWS\Tasks\At99.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Liam\APPLIC~1\BENDBI~1
C:\DOCUME~1\Liam\APPLIC~1\BENDBI~1\C19F7DB5
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\Acid Draw 4
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\Bend Admin.exe
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\BikeEggs.exe
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\Bind Bird.exe
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\Body coal.exe
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\BOOBPROXY.exe
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\copydale.exe
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\DashSettings.exe
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\face flag creative
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\Heart option.exe
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\Htm Program.exe
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\insideblue.exe
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\Joy Ford.exe
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\LessOkay.exe
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\manager way rdr
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\plusmedia.exe
C:\Documents and Settings\All Users\Application Data\Dale Defy Mess Error\Rdr phone.exe
C:\Documents and Settings\All Users\Application Data\noun poll slow creative
C:\Documents and Settings\All Users\Application Data\noun poll slow creative\balmflaptest
C:\Documents and Settings\All Users\Application Data\noun poll slow creative\Cornviewtray
C:\Documents and Settings\All Users\Application Data\noun poll slow creative\Move Manager Extra
C:\Documents and Settings\Liam\286.exe
C:\Documents and Settings\Liam\957123844.exe
C:\Documents and Settings\Liam\957123845.exe
C:\Documents and Settings\Liam\Start Menu\Programs\Startup\services.lnk
C:\Program Files\611543-fresh-weather-hijack.htm
C:\Temp\cXzz9
C:\WINDOWS\BMb7a7ea57.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\hsxc.dll
C:\WINDOWS\system32\K7vb8aA1.exe
C:\WINDOWS\Tasks\A2A01FD090CB9C4C.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At100.job
C:\WINDOWS\Tasks\At101.job
C:\WINDOWS\Tasks\At102.job
C:\WINDOWS\Tasks\At103.job
C:\WINDOWS\Tasks\At104.job
C:\WINDOWS\Tasks\At105.job
C:\WINDOWS\Tasks\At106.job
C:\WINDOWS\Tasks\At107.job
C:\WINDOWS\Tasks\At108.job
C:\WINDOWS\Tasks\At109.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At110.job
C:\WINDOWS\Tasks\At111.job
C:\WINDOWS\Tasks\At112.job
C:\WINDOWS\Tasks\At113.job
C:\WINDOWS\Tasks\At114.job
C:\WINDOWS\Tasks\At115.job
C:\WINDOWS\Tasks\At116.job
C:\WINDOWS\Tasks\At117.job
C:\WINDOWS\Tasks\At118.job
C:\WINDOWS\Tasks\At119.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At120.job
C:\WINDOWS\Tasks\At121.job
C:\WINDOWS\Tasks\At122.job
C:\WINDOWS\Tasks\At123.job
C:\WINDOWS\Tasks\At124.job
C:\WINDOWS\Tasks\At125.job
C:\WINDOWS\Tasks\At126.job
C:\WINDOWS\Tasks\At127.job
C:\WINDOWS\Tasks\At128.job
C:\WINDOWS\Tasks\At129.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At130.job
C:\WINDOWS\Tasks\At131.job
C:\WINDOWS\Tasks\At132.job
C:\WINDOWS\Tasks\At133.job
C:\WINDOWS\Tasks\At134.job
C:\WINDOWS\Tasks\At135.job
C:\WINDOWS\Tasks\At136.job
C:\WINDOWS\Tasks\At137.job
C:\WINDOWS\Tasks\At138.job
C:\WINDOWS\Tasks\At139.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At140.job
C:\WINDOWS\Tasks\At141.job
C:\WINDOWS\Tasks\At142.job
C:\WINDOWS\Tasks\At143.job
C:\WINDOWS\Tasks\At144.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At73.job
C:\WINDOWS\Tasks\At74.job
C:\WINDOWS\Tasks\At75.job
C:\WINDOWS\Tasks\At76.job
C:\WINDOWS\Tasks\At77.job
C:\WINDOWS\Tasks\At78.job
C:\WINDOWS\Tasks\At79.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At80.job
C:\WINDOWS\Tasks\At81.job
C:\WINDOWS\Tasks\At82.job
C:\WINDOWS\Tasks\At83.job
C:\WINDOWS\Tasks\At84.job
C:\WINDOWS\Tasks\At85.job
C:\WINDOWS\Tasks\At86.job
C:\WINDOWS\Tasks\At87.job
C:\WINDOWS\Tasks\At88.job
C:\WINDOWS\Tasks\At89.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At90.job
C:\WINDOWS\Tasks\At91.job
C:\WINDOWS\Tasks\At92.job
C:\WINDOWS\Tasks\At93.job
C:\WINDOWS\Tasks\At94.job
C:\WINDOWS\Tasks\At95.job
C:\WINDOWS\Tasks\At96.job
C:\WINDOWS\Tasks\At97.job
C:\WINDOWS\Tasks\At98.job
C:\WINDOWS\Tasks\At99.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_BDMUSICB
-------\bDMusicb


((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-26 19:22 . 2008-02-26 19:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-26 19:22 . 2008-02-26 19:22 <DIR> d-------- C:\Documents and Settings\Liam\Application Data\Malwarebytes
2008-02-26 19:22 . 2008-02-26 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-26 19:21 . 2008-02-26 19:21 1,366,048 --a------ C:\Program Files\mbam-setup.exe
2008-02-24 16:47 . 2008-02-24 16:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-24 16:47 . 2008-02-24 16:47 2,540 --a------ C:\WINDOWS\unins000.dat
2008-02-24 10:36 . 2008-02-24 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 10:33 . 2008-02-24 10:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 10:32 . 2008-02-24 10:33 21,364,592 --a------ C:\Program Files\aaw2007.exe
2008-02-24 00:37 . 2008-02-24 14:48 <DIR> d-------- C:\VundoFix Backups
2008-02-24 00:16 . 2008-02-24 00:21 <DIR> d-------- C:\fixwareout
2008-02-24 00:16 . 2008-02-24 00:16 486,449 --a------ C:\Program Files\Fixwareout.exe
2008-02-24 00:04 . 2008-02-24 00:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 00:03 . 2008-02-24 00:04 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-02-20 22:17 . 2008-02-20 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-20 22:12 . 2008-02-20 22:12 <DIR> d-------- C:\Program Files\Bonjour
2008-02-20 22:05 . 2008-02-20 22:05 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-12 19:37 . 2008-02-12 19:37 21,746,305 --a------ C:\Program Files\halozero.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 16:59 103,980 ----a-w C:\Program Files\msxbox-world.htm
2008-02-24 10:36 --------- d-----w C:\Program Files\Lavasoft
2008-02-23 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-02-22 19:51 --------- d-----w C:\Documents and Settings\Liam\Application Data\AdobeUM
2008-02-20 22:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-02 23:13 --------- d-----w C:\Program Files\D-Tools
2008-02-02 22:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-20 14:58 18,207,736 ----a-w C:\Program Files\VeohSetup-3.8.0.1051.exe
2008-01-20 14:26 --------- d-----w C:\Program Files\DivX
2008-01-20 14:21 2,384,591 ----a-w C:\Program Files\ac3filter_1_46.exe
2008-01-20 14:21 --------- d-----w C:\Program Files\AC3Filter
2008-01-17 22:24 --------- d-----w C:\Documents and Settings\Guest\Application Data\DivX
2008-01-10 19:22 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-06 21:03 --------- d-----w C:\Program Files\QuickTime
2008-01-06 21:03 --------- d-----w C:\Program Files\iTunes
2006-10-16 18:32 24,200 -c--a-w C:\Documents and Settings\Liam\Application Data\GDIPFONTCACHEV1.DAT
2006-08-27 22:15 24,200 ----a-w C:\Documents and Settings\Lisa\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

21314f610bf3664fec05fc682e7cb354 C:\WINDOWS\system32\drivers\tcpip.sys
-c----w 332,928 2002-08-29 01:58:12 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
----a-w 359,040 2004-08-04 06:14:40 C:\WINDOWS\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\tcpip.sys
----a-w 359,040 2007-06-08 19:48:40 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Steam"="g:\games\valve\steam\steam.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-01-10 14:04 315392 C:\WINDOWS\system32\nwiz.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 09:02 219136]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-03 23:56 15360]

C:\Documents and Settings\Lisa\Start Menu\Programs\Startup\
desktop_minion932407689.lnk - G:\Codemasters Overlord Desktop Minion\desktop_minion.exe [2007-06-27 20:08:15 1177004]

C:\Documents and Settings\Liam\Start Menu\Programs\Startup\
desktop_minion932407689.lnk - G:\Codemasters Overlord Desktop Minion\desktop_minion.exe [2007-06-27 20:08:15 1177004]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-11-22 15:32:31 169472]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-07-23 19:10:48 49220]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2002-11-08 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
-ra------ 2002-11-13 07:34 73728 C:\WINDOWS\system32\sstray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\valve\steam\steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"G:\\Games\\Warcraft III\\Warcraft III.exe"=
"G:\\Games\\Warcraft III\\War3.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"G:\\Warcraft III\\Warcraft III.exe"=
"G:\\Rome total war\\RomeTW.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\patchget.dat"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft hosting
"4000:TCP"= 4000:TCP:Warcraft hosting 2
"6113:TCP"= 6113:TCP:Warcraft hosting 3
"6114:TCP"= 6114:TCP:Warcraft hosting 4
"6115:TCP"= 6115:TCP:Warcraft hosting 5
"6116:TCP"= 6116:TCP:Warcraft hosting 6
"6117:TCP"= 6117:TCP:Warcraft hosting 7
"6118:TCP"= 6118:TCP:Warcraft hosting 8
"6119:TCP"= 6119:TCP:Warcraft hosting 9

R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 11:14]
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 14:05]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys [2002-11-08 09:50]
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 14:05]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 08:10]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 19:29:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-02-27 19:34:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-27 19:34:04
ComboFix2.txt 2008-02-26 21:51:42

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium

Posted 27 February 2008 - 03:35 PM

Hi,

Can you also post a new HijackThislog as requested please?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Guest_UKRaidersfan_*

Guest_UKRaidersfan_*

  • Guests
  • OFFLINE
  •  

Posted 27 February 2008 - 03:37 PM

oops sorry i didnt notice that will do:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:20, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "g:\games\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: desktop_minion932407689.lnk = G:\Codemasters Overlord Desktop Minion\desktop_minion.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.eversoft.co.kr/vmpinstaller/ins..._le26r74bd.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 8205 bytes

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium

Posted 27 February 2008 - 03:44 PM

Hi,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.eversoft.co.kr/vmpinstaller/ins..._le26r74bd.html


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 4.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4".
  • Click the "Download" button to the right.
  • For Platform, select "Windows"
  • For language, select your language
  • Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.
Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 Guest_UKRaidersfan_*

Guest_UKRaidersfan_*

  • Guests
  • OFFLINE
  •  

Posted 27 February 2008 - 04:06 PM

Thanks for all of your help everything seems to be running fine so far but if i have any problems ill post straight away this time. THanks again

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:07 AM

Posted 27 February 2008 - 04:19 PM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium

Posted 29 February 2008 - 02:14 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users