Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection & Ad Popups


  • This topic is locked This topic is locked
18 replies to this topic

#1 mathisjr

mathisjr

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 15 May 2008 - 10:16 AM

Hello,

Thank you for offering this service.

After sudden peculiar behavior of my system along with sudden explosion of "you're infected, download this..." pop ups and the switching of my desktop image to a blood red nuclear warning backdrop, I ran Spybot. I found an unusual number of problems, many were fixed as usual but this Virtumonde and others are quite persistent.

Please review my situation and help if you are able.

I am attaching two log files to this topic: Extra.txt from DSS.exe and hijackthis.log from Hijackthis.exe

Thank you,

Joe

DSS
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture _linenums:0'>Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Home Edition (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Intel® Pentium® 4 CPU 1.80GHzPercentage of Memory in Use: 53%Physical Memory (total/avail): 1022.48 MiB / 472.12 MiBPagefile Memory (total/avail): 1696.68 MiB / 1132.73 MiBVirtual Memory (total/avail): 2047.88 MiB / 1916.73 MiBA: is Removable (No Media)C: is Fixed (NTFS) - 55.84 GiB total, 9.65 GiB free. D: is CDROM (CDFS)E: is CDROM (No Media)F: is Removable (No Media)\\.\PHYSICALDRIVE0 - WDC WD600BB-75CAA0 - 55.87 GiB - 2 partitions \PARTITION0 - Unknown - 31.35 MiB \PARTITION1 (bootable) - Installable File System - 55.84 GiB - C:\\.\PHYSICALDRIVE1 - Dell USB Mass Storage USB Device-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is enabled.AV: AVG 7.5.524 v7.5.524 (Grisoft)[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL""C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL""C:\\Program Files\\America Online 9.0a\\waol.exe"="C:\\Program Files\\America Online 9.0a\\waol.exe:*:Enabled:AOL""C:\\Program Files\\Common Files\\AOL\\1131682579\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1131682579\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services""C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3""C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger""C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater""C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer""C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test""C:\\WINDOWS\\SYSTEM32\\rundll32.exe"="C:\\WINDOWS\\SYSTEM32\\rundll32.exe:*:Enabled:Run a DLL as an App""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\Synergy\\synergys.exe"="C:\\Program Files\\Synergy\\synergys.exe:*:Enabled:synergys""C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe""C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe""C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe""C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour""C:\\WINDOWS\\SYSTEM32\\mmc.exe"="C:\\WINDOWS\\SYSTEM32\\mmc.exe:*:Enabled:Microsoft Management Console""C:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"="C:\\Program Files\\Spiceworks\\bin\\spiceworks.exe:*:Enabled:spiceworks""C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)""C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook""C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove""C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote""C:\\WINDOWS\\SYSTEM32\\dlcxcoms.exe"="C:\\WINDOWS\\SYSTEM32\\dlcxcoms.exe:*:Enabled:Lexmark Communications System""C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0""C:\\Program Files\\Woopra\\Woopra.exe"="C:\\Program Files\\Woopra\\Woopra.exe:*:Enabled:Woopra""C:\\Program Files\\WinHTTrack\\WinHTTrack.exe"="C:\\Program Files\\WinHTTrack\\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes""C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\Mathis\Application DataCLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zipCLIENTNAME=ConsoleCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=DADComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\MathisLOGONSERVER=\\DADNUMBER_OF_PROCESSORS=1OPENSSL_CONF=C:\OpenSSL\bin\openssl.cnfOS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\PROGRA~1\RETAIL~1;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystemPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntelPROCESSOR_LEVEL=15PROCESSOR_REVISION=0207ProgramFiles=C:\Program FilesPROMPT=$P$GQTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zipSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\Mathis\LOCALS~1\TempTMP=C:\DOCUME~1\Mathis\LOCALS~1\TempUSERDOMAIN=DADUSERNAME=MathisUSERPROFILE=C:\Documents and Settings\Mathiswindir=C:\WINDOWS-- User Profiles ---------------------------------------------------------------Mathis (admin)Brad (admin)Brad.DAD (new local, admin)BRAD.DAD.000 (new local, admin)brad.DAD (admin)brad.DAD.000 (admin)LogMeInRemoteUser (admin)Administrator (admin)Guest (guest)-- Add/Remove Programs --------------------------------------------------------- --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03D9-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf123 Free Solitaire --> C:\PROGRA~1\123FRE~1\UNWISE.EXE C:\PROGRA~1\123FRE~1\INSTALL.LOG2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}A.F.5 Rename your files 1.1 --> MsiExec.exe /I{A725C340-77EE-11D6-BBC2-0000CB591583}Adobe Acrobat 7.0 - Tryout Professional - English, Français, Deutsch --> msiexec /I {AC76BA86-1033-F400-8796-100000000002}Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exeAdobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exeAdobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}AnyEdit --> C:\Program Files\AnyEdit\Uninstall.exeASAP Utilities --> "C:\Program Files\ASAP Utilities\unins000.exe"AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALLBeyond Compare Version 2.3.1 --> "C:\Program Files\Beyond Compare 2\unins000.exe"Broadcom 440x 10/100 Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033 Broadcom Advanced Control Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033 CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}Citrix Presentation Server Client - Web Only --> MsiExec.exe /X{E9459BCF-0982-498B-ABA7-26C34323493F}CoffeeCup Web Form Builder - Trial --> C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOGColor Schemer 2.51 --> "C:\Program Files\Color Schemer\unins000.exe"Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}DB Maker --> C:\Program Files\DB Maker\uninstall.exeDell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /sDell Photo AIO Printer 926 --> C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exeDell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODECDivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADERDivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTERDivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTERDivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYERDivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGINEasy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}eFax Messenger 4.1 --> C:\Program Files\eFax Messenger 4.1\Uninstall.exeESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}ESSEMAIL --> MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}Excel Extract Data & Text Software 7.0 --> "C:\Program Files\Excel Extract Data & Text Software\unins000.exe"File Renamer - Basic --> C:\WINDOWS\File Renamer - Basic Uninstaller.exeFileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"FileZilla Client 3.0.4.1 --> C:\Program Files\FileZilla Client\uninstall.exeFree PDF to Word Doc Converter v1.1 --> "C:\Program Files\Free PDF to Word Doc Converter\unins000.exe"Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"HijackThis 2.0.2 --> "C:\Documents and Settings\Mathis\Desktop\HijackThis.exe" /uninstallHLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}HLPSFO --> MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\Photo Printing\hpiunPC.dllIntel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562Internet Explorer Developer Toolbar --> MsiExec.exe /I{15C9AAEF-20D4-4416-A1BE-7D75FB5F2FE9}J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}Java(tm) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exeKSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}LogMeIn --> MsiExec.exe /I{DD3912D6-F9FF-4042-A062-65354D6D9024}Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}Macromedia HomeSite 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74307C3F-EBD4-11D4-A4D9-0010A4C3AFF0}\Setup.exe" Macromedia HomeSite+ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}\Setup.exe" Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.logMetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.infMicrosoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstallMicrosoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"Microsoft Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exeMicrosoft Money 2002 --> MsiExec.exe /I{E7298FDC-1386-11D5-8D6C-0050DAD32D95}Microsoft Money 2002 System Pack --> MsiExec.exe /I{CF5193FB-6B37-11D5-B7D2-00AA00A204F1}Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}Microsoft Office Accounting 2008 --> "c:\Program Files\Microsoft Small Business\Office Accounting 2008\SetupBootstrap\Setup.exe" /remove {270940EA-C235-40D9-B2AE-2D450356DF8E}Microsoft Office Accounting 2008 --> MsiExec.exe /X{270940EA-C235-40D9-B2AE-2D450356DF8E}Microsoft Office Accounting 2008 Equifax Addin --> MsiExec.exe /X{0C2AF762-0565-4C91-9F55-B8B53BB82A38}Microsoft Office Accounting 2008 Fixed Asset Manager --> MsiExec.exe /X{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}Microsoft Office Accounting 2008 PayPal Addin --> MsiExec.exe /X{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLLMicrosoft Office Enterprise 2007 --> MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}Microsoft Office Live Meeting 2005 Replay Wrapper --> MsiExec.exe /X{D0F9EED6-95F6-4D36-9F3F-C04991FCEA4C}Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}Microsoft Office Visio Viewer 2003 (English) --> MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}Microsoft Picture It! Express 9 --> C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}Microsoft Picture It! Library 9 --> C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /RemoveMicrosoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exeMozyHome 1.8.6.21 --> "C:\Program Files\MozyHome\uninstall\unins000.exe"MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARPMSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,UninstallMSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}MySQL Administrator --> MsiExec.exe /X{8EA193E2-2890-471F-945B-D477BF4F03A5}MySQL Connector/ODBC 3.51 --> C:\WINDOWS\SYSTEM32\UNWISE.EXE C:\WINDOWS\SYSTEM32\myodbc3_install.LOGNapster --> C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonlyNapster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}OpenSSL 0.9.8a --> "C:\OpenSSL\unins000.exe"OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"Pixelus Deluxe 1.0 --> C:\Program Files\PopCap Games\Pixelus Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Pixelus Deluxe\Install.log"PremiumSoft Navicat 8.0 Lite for MySQL --> "C:\Program Files\PremiumSoft\Navicat 8.0 Lite MySQL\unins000.exe"PuTTY version 0.60 --> "C:\Program Files\PuTTY\unins000.exe"Puzzle Pirates --> C:\Program Files\Three Rings Design\Puzzle Pirates\Uninstall-yohoho.exeQuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}Rhapsody Player Engine --> MsiExec.exe /I{30C2FCD0-FF7B-4FFA-8DDE-43A22E01A1E7}Security Task Manager 1.6f --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.logSkype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}Smart PDF Converter 4.2 --> "C:\Program Files\Smart PDF Converter\unins000.exe"SmarterStats --> C:\Program Files\InstallShield Installation Information\{428D3CA6-3610-458C-86C2-3ABBF105216B}\setup.exe -runfromtemp -l0x0409SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}SmartFTP Client 3.0 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exeSony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALLSoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" Spiceworks --> C:\Program Files\Spiceworks\uninst.exeSpybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"Synergy --> "C:\Program Files\Synergy\uninstall.exe"TopStyle (Version 3) --> C:\PROGRA~1\Bradbury\TOPSTY~2\UNWISE.EXE C:\PROGRA~1\Bradbury\TOPSTY~2\INSTALL.LOGUpdate for Office 2007 (KB946691) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /uVPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"WinHTTrack Website Copier 3.42-2 --> "C:\Program Files\WinHTTrack\unins000.exe"WinSCP 4.0.6 --> "C:\Program Files\WinSCP\unins000.exe"WinZip --> "C:\Program Files\WinZip\winzip11\WINZIP32.EXE" /uninstallWMAConvert 2.5.9 --> "C:\Program Files\WMAConvert\unins000.exe"Woopra 1.1.1.0 --> C:\Program Files\Woopra\uninstall.exe-- Application Event Log -------------------------------------------------------Event Record #/Type51715 / WarningEvent Submitted/Written: 05/15/2008 10:01:14 AMEvent ID/Source: 0 / Synergy ServerEvent Description:Event Record #/Type51713 / WarningEvent Submitted/Written: 05/15/2008 10:00:14 AMEvent ID/Source: 0 / Synergy ServerEvent Description:Event Record #/Type51711 / WarningEvent Submitted/Written: 05/15/2008 09:59:13 AMEvent ID/Source: 0 / Synergy ServerEvent Description:Event Record #/Type51710 / WarningEvent Submitted/Written: 05/15/2008 09:58:13 AMEvent ID/Source: 0 / Synergy ServerEvent Description:Event Record #/Type51709 / WarningEvent Submitted/Written: 05/15/2008 09:57:13 AMEvent ID/Source: 0 / Synergy ServerEvent Description:-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type63163 / ErrorEvent Submitted/Written: 05/15/2008 09:31:28 AMEvent ID/Source: 9 / atapiEvent Description:The device, \Device\Ide\IdePort1, did not respond within the timeout period.Event Record #/Type63162 / ErrorEvent Submitted/Written: 05/15/2008 09:31:12 AMEvent ID/Source: 9 / atapiEvent Description:The device, \Device\Ide\IdePort1, did not respond within the timeout period.Event Record #/Type63159 / ErrorEvent Submitted/Written: 05/15/2008 09:12:11 AMEvent ID/Source: 9 / atapiEvent Description:The device, \Device\Ide\IdePort1, did not respond within the timeout period.Event Record #/Type63158 / ErrorEvent Submitted/Written: 05/15/2008 09:11:55 AMEvent ID/Source: 9 / atapiEvent Description:The device, \Device\Ide\IdePort1, did not respond within the timeout period.Event Record #/Type63157 / ErrorEvent Submitted/Written: 05/15/2008 08:50:24 AMEvent ID/Source: 9 / atapiEvent Description:The device, \Device\Ide\IdePort1, did not respond within the timeout period.-- End of Deckard's System Scanner: finished at 2008-05-15 10:02:20 ------------

Hijackthis
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:04:01 AM, on 05/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\dlcxcoms.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\MozyHome\mozybackup.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Synergy\synergys.exeC:\WINDOWS\system32\hkcmd.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\explorer.exeC:\WINDOWS\notepad.exeC:\WINDOWS\notepad.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2"]http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_search"]http://cgi.verizon.net/bookmarks/bmredir.a...mp;bm=ho_search[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url="http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com"]http://red.clientapps.yahoo.com/customize/...//www.yahoo.com[/url]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.localO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: pvnsmfor - {EEDEF161-573C-4CC0-83E5-1F4CD35BB459} - C:\WINDOWS\pvnsmfor.dll (file missing)O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [583545f2] rundll32.exe "C:\WINDOWS\system32\kkkxnwom.dll",bO4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheckO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dllO9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dllO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [url="http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp"]http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp[/url]O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [url="http://support.dell.com/systemprofiler/SysPro.CAB"]http://support.dell.com/systemprofiler/SysPro.CAB[/url]O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - [url="http://down.plaxo.com/down/latest/PlaxoInstall.cab"]http://down.plaxo.com/down/latest/PlaxoInstall.cab[/url]O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - [url="http://www.creative.com/su/ocx/15031/CTSUEng.cab"]http://www.creative.com/su/ocx/15031/CTSUEng.cab[/url]O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - [url="http://download.mcafee.com/molbin/Shared/MGBrwFld.cab"]http://download.mcafee.com/molbin/Shared/MGBrwFld.cab[/url]O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url="http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab"]http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab[/url]O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - [url="http://www.ipix.com/download/ipixx.cab"]http://www.ipix.com/download/ipixx.cab[/url]O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url="http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409"]http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409[/url]O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - [url="http://download.ebay.com/turbo_lister/US/install.cab"]http://download.ebay.com/turbo_lister/US/install.cab[/url]O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - [url="http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab"]http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab[/url]O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - [url="http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab"]http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab[/url]O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [url="http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe"]http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe[/url]O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [url="http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab"]http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab[/url]O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url="http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab"]http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab[/url]O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - [url="http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab"]http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab[/url]O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100132368605"]http://v5.windowsupdate.microsoft.com/v5co...b?1100132368605[/url]O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - [url="http://zone.msn.com/bingame/amad/default/atomaders.cab"]http://zone.msn.com/bingame/amad/default/atomaders.cab[/url]O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [url="http://download.divx.com/player/DivXBrowserPlugin.cab"]http://download.divx.com/player/DivXBrowserPlugin.cab[/url]O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - [url="http://216.249.24.141/code/PWActiveXImgCtl.CAB"]http://216.249.24.141/code/PWActiveXImgCtl.CAB[/url]O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126140474211"]http://update.microsoft.com/microsoftupdat...b?1126140474211[/url]O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [url="https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab"]https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[/url]O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - [url="http://digitalflip.net/fvlite22/fvlite.cab"]http://digitalflip.net/fvlite22/fvlite.cab[/url]O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - [url="http://www.iwantdway.com/dwayready/dpcsysinfo.cab"]http://www.iwantdway.com/dwayready/dpcsysinfo.cab[/url]O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - [url="http://www.nick.com/common/groove/gx/GrooveAX27.cab"]http://www.nick.com/common/groove/gx/GrooveAX27.cab[/url]O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - [url="http://chat.yahoo.com/cab/yacsui.cab"]http://chat.yahoo.com/cab/yacsui.cab[/url]O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - [url="http://toolbar.google.com/data/GoogleActivate.cab"]http://toolbar.google.com/data/GoogleActivate.cab[/url]O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [url="http://www.broderbund.com/IFW/Cabs/isetup.cab"]http://www.broderbund.com/IFW/Cabs/isetup.cab[/url]O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - [url="http://zone.msn.com/binGame/ZAxRcMgr.cab"]http://zone.msn.com/binGame/ZAxRcMgr.cab[/url]O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url="http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab"]http://messenger.msn.com/download/MsnMesse...pDownloader.cab[/url]O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url="http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab"]http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab[/url]O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - [url="http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab"]http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab[/url]O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - [url="http://ns-radio.netscape.com/radio/cabs/ampx.cab"]http://ns-radio.netscape.com/radio/cabs/ampx.cab[/url]O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - [url="http://download.toontown.com/sv1.0.14.21/ttinst.cab"]http://download.toontown.com/sv1.0.14.21/ttinst.cab[/url]O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - [url="http://download.verizon.net/sfp/Cabs/max_update/cVOLUpdate_1-0-0.cab"]http://download.verizon.net/sfp/Cabs/max_u...pdate_1-0-0.cab[/url]O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - [url="http://a532.g.akamai.net/7/532/6712/bfbbe9ad53f5f0/player.virtools.com/downloads/player/Install3.0/Installer.exe"]http://a532.g.akamai.net/7/532/6712/bfbbe9...0/Installer.exe[/url]O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - [url="https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab"]https://secure.shared.live.com/Pa6vGqB728Ax....RichUpload.cab[/url]O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - [url="http://zone.msn.com/bingame/feed/default/SproutLauncher.cab"]http://zone.msn.com/bingame/feed/default/SproutLauncher.cab[/url]O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - [url="http://zone.msn.com/bingame/shpo/default/shapo.cab"]http://zone.msn.com/bingame/shpo/default/shapo.cab[/url]O16 - DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} (LifePicsUploader.UserControl1) - [url="http://www.hebphoto.com/common/UserUpload/LifePicsUploader.CAB"]http://www.hebphoto.com/common/UserUpload/...icsUploader.CAB[/url]O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url="http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab"]http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab[/url]O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - [url="http://fdl.msn.com/zone/datafiles/heartbeat.cab"]http://fdl.msn.com/zone/datafiles/heartbeat.cab[/url]O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - [url="http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326"]http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326[/url]O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - [url="http://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab"]http://workspace.office.live.com/Misc/Micr....RichUpload.cab[/url]O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [url="http://www.creative.com/su/ocx/15034/CTPID.cab"]http://www.creative.com/su/ocx/15034/CTPID.cab[/url]O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - [url="http://stores.homestead.com/storeadmin/utilities/pssbedit.cab"]http://stores.homestead.com/storeadmin/uti...es/pssbedit.cab[/url]O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - [url="http://www.zoomify.com/download/zoomify214.cab"]http://www.zoomify.com/download/zoomify214.cab[/url]O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [url="https://secure.logmein.com/activex/RACtrl.cab"]https://secure.logmein.com/activex/RACtrl.cab[/url]O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.comO17 - HKLM\System\CCS\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: NameServer = 208.67.222.222,208.67.220.220O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.comO17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.comO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO21 - SSODL: vbksrofa - {18CA2654-0913-4E15-BFBB-20AB862F9F51} - C:\WINDOWS\vbksrofa.dll (file missing)O21 - SSODL: mpfanvqg - {CE4623C8-43C8-43C8-ABC9-1DFB92CE33AF} - C:\WINDOWS\mpfanvqg.dllO22 - SharedTaskScheduler: style 2 - {0976BE78-EA53-4DD6-91E6-E6175940032B} - C:\WINDOWS\system32\winstyle32.dll (file missing)O22 - SharedTaskScheduler: z - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - (no file)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: dlcx_device -   - C:\WINDOWS\system32\dlcxcoms.exeO23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\System32\iosdt\iosdt.exe (file missing)O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exeO23 - Service: Synergy Server - Unknown owner - C:\Program Files\Synergy\synergys.exeO24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Mathis/LOCALS~1/Temp/msohtml1/01/clip_image002.gif--End of file - 16931 bytes


BC AdBot (Login to Remove)

 


#2 Markka

Markka

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 15 May 2008 - 10:48 AM

Hi and welcome to the forums. :thumbsup:
I'm Markka and I will be helping you with your malware issues.

I'll check your HijackThis log. I belong to HJT Senior Classmen and everything that I post to you must be checked by
teachers of Bleeping Computer.
Please be patient. :)

#3 mathisjr

mathisjr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 15 May 2008 - 12:35 PM

Hi and welcome to the forums. :thumbsup:
I'm Markka and I will be helping you with your malware issues.

I'll check your HijackThis log. I belong to HJT Senior Classmen and everything that I post to you must be checked by
teachers of Bleeping Computer.
Please be patient. :)



Thank you. I will anxiously wait...

#4 Markka

Markka

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 17 May 2008 - 03:21 AM

Hello :thumbsup:

Disable Teatimer:

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
_______________

Rename HijackThis.exe to Scanner.exe by doing the following;
  • Navigate to here; C:\Program Files\Trend Micro\HijackThis
  • Right-click on the HijackThis.exe
  • Choose from the pull-down menu; "Rename"
  • And now Rename HijackThis.exe to mathisjr.exe
  • When you've renamed HijackThis, then open it..
  • Take a fresh HijackThis log (Do a system scan and save a log file)
  • Post the fresh HijackThis log to here.
____________________

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
_____________________

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall!
__________________

Post:
- The fresh HijackThis log
- Contents of C:\Rapport
- Contents of C:\ComboFix.txt

#5 mathisjr

mathisjr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 17 May 2008 - 08:44 AM

Hello Markka,

Thank you for the reply and instructions.

Here are the logs you asked for:


hijackthis (mathisjr.exe)

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:33:19 AM, on 05/17/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Synergy\synergys.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\hkcmd.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\mathisjr.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_search"]http://cgi.verizon.net/bookmarks/bmredir.a...mp;bm=ho_search[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url="http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com"]http://red.clientapps.yahoo.com/customize/...//www.yahoo.com[/url]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.localO2 - BHO: (no name) - {0391AAD0-AB5A-4338-B6DC-BB8405EB1C58} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {240A2128-ACD4-4124-87AF-527124CAAC38} - C:\WINDOWS\system32\rqRJDSkJ.dll (file missing)O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)O2 - BHO: (no name) - {31466821-3C42-4E4F-B3F4-8F98061EED73} - C:\WINDOWS\system32\nnnmMEXO.dll (file missing)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: (no name) - {440476B5-DF56-4578-93B5-69A0BD878281} - C:\WINDOWS\system32\byXQJDtr.dll (file missing)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {917DEAF8-FB33-4768-8831-E15D5A1A6969} - C:\WINDOWS\system32\iifgGAtr.dll (file missing)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO2 - BHO: (no name) - {BF770AB3-808C-4D31-8D00-3200E679AFAC} - C:\WINDOWS\system32\mlJArspm.dll (file missing)O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dllO2 - BHO: QXK Rhythm - {D2E5FE60-C0CB-4FC5-93D5-9736FA10A01B} - C:\WINDOWS\fvowketqksn.dll (file missing)O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: pvnsmfor - {EEDEF161-573C-4CC0-83E5-1F4CD35BB459} - C:\WINDOWS\pvnsmfor.dll (file missing)O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dllO9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dllO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [url="http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp"]http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp[/url]O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [url="http://support.dell.com/systemprofiler/SysPro.CAB"]http://support.dell.com/systemprofiler/SysPro.CAB[/url]O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - [url="http://down.plaxo.com/down/latest/PlaxoInstall.cab"]http://down.plaxo.com/down/latest/PlaxoInstall.cab[/url]O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - [url="http://www.creative.com/su/ocx/15031/CTSUEng.cab"]http://www.creative.com/su/ocx/15031/CTSUEng.cab[/url]O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - [url="http://download.mcafee.com/molbin/Shared/MGBrwFld.cab"]http://download.mcafee.com/molbin/Shared/MGBrwFld.cab[/url]O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url="http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab"]http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab[/url]O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - [url="http://www.ipix.com/download/ipixx.cab"]http://www.ipix.com/download/ipixx.cab[/url]O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url="http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409"]http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409[/url]O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - [url="http://download.ebay.com/turbo_lister/US/install.cab"]http://download.ebay.com/turbo_lister/US/install.cab[/url]O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - [url="http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab"]http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab[/url]O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - [url="http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab"]http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab[/url]O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [url="http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe"]http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe[/url]O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [url="http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab"]http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab[/url]O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - [url="http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab"]http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab[/url]O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - [url="http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab"]http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab[/url]O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [url="http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab"]http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab[/url]O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100132368605"]http://v5.windowsupdate.microsoft.com/v5co...b?1100132368605[/url]O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - [url="http://zone.msn.com/bingame/amad/default/atomaders.cab"]http://zone.msn.com/bingame/amad/default/atomaders.cab[/url]O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [url="http://download.divx.com/player/DivXBrowserPlugin.cab"]http://download.divx.com/player/DivXBrowserPlugin.cab[/url]O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - [url="http://216.249.24.141/code/PWActiveXImgCtl.CAB"]http://216.249.24.141/code/PWActiveXImgCtl.CAB[/url]O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126140474211"]http://update.microsoft.com/microsoftupdat...b?1126140474211[/url]O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [url="https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab"]https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[/url]O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - [url="http://digitalflip.net/fvlite22/fvlite.cab"]http://digitalflip.net/fvlite22/fvlite.cab[/url]O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - [url="http://www.iwantdway.com/dwayready/dpcsysinfo.cab"]http://www.iwantdway.com/dwayready/dpcsysinfo.cab[/url]O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - [url="http://www.nick.com/common/groove/gx/GrooveAX27.cab"]http://www.nick.com/common/groove/gx/GrooveAX27.cab[/url]O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - [url="http://chat.yahoo.com/cab/yacsui.cab"]http://chat.yahoo.com/cab/yacsui.cab[/url]O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - [url="http://toolbar.google.com/data/GoogleActivate.cab"]http://toolbar.google.com/data/GoogleActivate.cab[/url]O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [url="http://www.broderbund.com/IFW/Cabs/isetup.cab"]http://www.broderbund.com/IFW/Cabs/isetup.cab[/url]O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - [url="http://zone.msn.com/binGame/ZAxRcMgr.cab"]http://zone.msn.com/binGame/ZAxRcMgr.cab[/url]O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url="http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab"]http://messenger.msn.com/download/MsnMesse...pDownloader.cab[/url]O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [url="http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab"]http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab[/url]O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - [url="http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab"]http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab[/url]O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - [url="http://ns-radio.netscape.com/radio/cabs/ampx.cab"]http://ns-radio.netscape.com/radio/cabs/ampx.cab[/url]O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - [url="http://download.toontown.com/sv1.0.14.21/ttinst.cab"]http://download.toontown.com/sv1.0.14.21/ttinst.cab[/url]O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - [url="http://download.verizon.net/sfp/Cabs/max_update/cVOLUpdate_1-0-0.cab"]http://download.verizon.net/sfp/Cabs/max_u...pdate_1-0-0.cab[/url]O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - [url="http://a532.g.akamai.net/7/532/6712/bfbbe9ad53f5f0/player.virtools.com/downloads/player/Install3.0/Installer.exe"]http://a532.g.akamai.net/7/532/6712/bfbbe9...0/Installer.exe[/url]O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - [url="https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab"]https://secure.shared.live.com/Pa6vGqB728Ax....RichUpload.cab[/url]O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - [url="http://zone.msn.com/bingame/feed/default/SproutLauncher.cab"]http://zone.msn.com/bingame/feed/default/SproutLauncher.cab[/url]O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - [url="http://zone.msn.com/bingame/shpo/default/shapo.cab"]http://zone.msn.com/bingame/shpo/default/shapo.cab[/url]O16 - DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} (LifePicsUploader.UserControl1) - [url="http://www.hebphoto.com/common/UserUpload/LifePicsUploader.CAB"]http://www.hebphoto.com/common/UserUpload/...icsUploader.CAB[/url]O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url="http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab"]http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab[/url]O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - [url="http://fdl.msn.com/zone/datafiles/heartbeat.cab"]http://fdl.msn.com/zone/datafiles/heartbeat.cab[/url]O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - [url="http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326"]http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326[/url]O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - [url="http://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab"]http://workspace.office.live.com/Misc/Micr....RichUpload.cab[/url]O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [url="http://www.creative.com/su/ocx/15034/CTPID.cab"]http://www.creative.com/su/ocx/15034/CTPID.cab[/url]O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - [url="http://stores.homestead.com/storeadmin/utilities/pssbedit.cab"]http://stores.homestead.com/storeadmin/uti...es/pssbedit.cab[/url]O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - [url="http://www.zoomify.com/download/zoomify214.cab"]http://www.zoomify.com/download/zoomify214.cab[/url]O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [url="https://secure.logmein.com/activex/RACtrl.cab"]https://secure.logmein.com/activex/RACtrl.cab[/url]O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.comO17 - HKLM\System\CCS\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: NameServer = 208.67.222.222,208.67.220.220O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.comO17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.comO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: avgrsstx.dllO20 - Winlogon Notify: cabeula - C:\WINDOWS\system32\3COM_DMI\cabeula.dll (file missing)O20 - Winlogon Notify: cccedadab - C:\WINDOWS\O20 - Winlogon Notify: DAD - C:\WINDOWS\system32\DAD.dll (file missing)O20 - Winlogon Notify: rqRJDSkJ - rqRJDSkJ.dll (file missing)O21 - SSODL: vbksrofa - {18CA2654-0913-4E15-BFBB-20AB862F9F51} - C:\WINDOWS\vbksrofa.dll (file missing)O21 - SSODL: mpfanvqg - {CE4623C8-43C8-43C8-ABC9-1DFB92CE33AF} - C:\WINDOWS\mpfanvqg.dll (file missing)O22 - SharedTaskScheduler: style 2 - {0976BE78-EA53-4DD6-91E6-E6175940032B} - C:\WINDOWS\system32\winstyle32.dll (file missing)O22 - SharedTaskScheduler: z - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - (no file)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Synergy Server - Unknown owner - C:\Program Files\Synergy\synergys.exeO24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Mathis/LOCALS~1/Temp/msohtml1/01/clip_image002.gif--End of file - 17767 bytes

Rapport.txt

SmitFraudFix v2.320Scan done at  8:36:51.35, 05/17/2008Run from C:\Program Files\Mozilla Firefox\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in normal mode»»»»»»»»»»»»»»»»»»»»»»»» ProcessC:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Synergy\synergys.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\hkcmd.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Trend Micro\HijackThis\mathisjr.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\cmd.exe»»»»»»»»»»»»»»»»»»»»»»»» hosts»»»»»»»»»»»»»»»»»»»»»»»» C:\»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mathis»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mathis\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Start Menu»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Mathis\FAVORI~1»»»»»»»»»»»»»»»»»»»»»»»» Desktop»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]"Source"="file:///C:/DOCUME~1/Mathis/LOCALS~1/Temp/msohtml1/01/clip_image002.gif""SubscribedURL"="file:///C:/DOCUME~1/Mathis/LOCALS~1/Temp/msohtml1/01/clip_image002.gif""FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]"Source"="About:Home""SubscribedURL"="About:Home""FriendlyName"="My Current Home Page"»»»»»»»»»»»»»»»»»»»»»»»» IEDFix!!!Attention, following keys are not inevitably infected!!!IEDFixCredits: Malware Analysis & DiagnosticCode: S!Ri»»»»»»»»»»»»»»»»»»»»»»»» VACFix!!!Attention, following keys are not inevitably infected!!!VACFixCredits: Malware Analysis & DiagnosticCode: S!Ri»»»»»»»»»»»»»»»»»»»»»»»» 404Fix!!!Attention, following keys are not inevitably infected!!!404FixCredits: Malware Analysis & DiagnosticCode: S!Ri»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{0976BE78-EA53-4DD6-91E6-E6175940032B}"="style 2"[HKEY_CLASSES_ROOT\CLSID\{0976BE78-EA53-4DD6-91E6-E6175940032B}\InProcServer32]@="C:\WINDOWS\system32\winstyle32.dll"[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0976BE78-EA53-4DD6-91E6-E6175940032B}\InProcServer32]@="C:\WINDOWS\system32\winstyle32.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}"="z"»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"="avgrsstx.dll"»»»»»»»»»»»»»»»»»»»»»»»» Winlogon!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,""System"=""»»»»»»»»»»»»»»»»»»»»»»»» Rustock»»»»»»»»»»»»»»»»»»»»»»»» DNSDescription: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler MiniportDNS Server Search Order: 208.67.222.222DNS Server Search Order: 208.67.220.220HKLM\SYSTEM\CCS\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: DhcpNameServer=208.180.42.68 208.180.42.100HKLM\SYSTEM\CCS\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: NameServer=208.67.222.222,208.67.220.220HKLM\SYSTEM\CS1\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: DhcpNameServer=208.180.42.68 208.180.42.100HKLM\SYSTEM\CS1\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: NameServer=208.67.222.222,208.67.220.220HKLM\SYSTEM\CS2\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: DhcpNameServer=208.180.42.68 208.180.42.100HKLM\SYSTEM\CS2\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: NameServer=208.67.222.222,208.67.220.220HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.68 208.180.42.100HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.68 208.180.42.100HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.68 208.180.42.100»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection»»»»»»»»»»»»»»»»»»»»»»»» End


ComboFix.exe

ComboFix 08-05-12.1 - Mathis 2008-05-17  7:33:28.2 - NTFSx86Running from: C:\Documents and Settings\Mathis\Desktop\ComboFix.exe<strong class='bbc'>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!</strong>.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\cookies.iniC:\WINDOWS\privacy_dangerC:\WINDOWS\privacy_danger\images\capt.gifC:\WINDOWS\privacy_danger\images\danger.jpgC:\WINDOWS\privacy_danger\images\down.gifC:\WINDOWS\privacy_danger\images\spacer.gifC:\WINDOWS\SYSTEM32\ahbhgtcd.iniC:\WINDOWS\system32\gjganlaa.iniC:\WINDOWS\system32\icigitlm.iniC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\SYSTEM32\mlpjcsle.iniC:\WINDOWS\system32\mownxkkk.iniC:\WINDOWS\system32\nqrhbvbk.iniC:\WINDOWS\SYSTEM32\rtAGgfii.iniC:\WINDOWS\SYSTEM32\rtAGgfii.ini2C:\WINDOWS\SYSTEM32\rtDJQXyb.iniC:\WINDOWS\SYSTEM32\rtDJQXyb.ini2.(((((((((((((((((((((((((   Files Created from 2008-04-17 to 2008-05-17  ))))))))))))))))))))))))))))))).2008-05-17 00:14 . 2008-05-17 07:31	<DIR>	d--h-----	C:\$AVG8.VAULT$2008-05-16 23:48 . 2008-05-17 00:12	<DIR>	d--------	C:\WINDOWS\SYSTEM32\DRIVERS\Avg2008-05-16 23:48 . 2008-05-16 23:48	<DIR>	d--------	C:\Program Files\AVG2008-05-16 23:48 . 2008-05-16 23:48	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\avg82008-05-16 23:48 . 2008-05-16 23:48	96,520	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys2008-05-16 23:48 . 2008-05-16 23:48	10,520	--a------	C:\WINDOWS\SYSTEM32\avgrsstx.dll2008-05-16 23:45 . 2008-05-16 23:48	8,192	--a------	C:\Documents and Settings\BRADDA~2.0002008-05-16 23:45 . 2008-05-16 23:48	8,192	--a------	C:\Documents and Settings\BRADDA~1.0002008-05-16 23:45 . 2008-05-16 23:48	8,192	--a------	C:\Documents and Settings\Brad.DAD2008-05-16 23:45 . 2008-05-16 23:48	8,192	--a------	C:\Documents and Settings\Brad2008-05-16 13:51 . 2008-05-16 14:42	<DIR>	d--------	C:\Program Files\Windows Live Safety Center2008-05-15 09:51 . 2008-05-15 09:51	<DIR>	d--------	C:\Deckard2008-05-15 09:31 . 2008-05-15 09:31	<DIR>	d--------	C:\WINDOWS\SYSTEM32\Kaspersky Lab2008-05-15 09:31 . 2008-05-15 09:31	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2008-05-14 07:04 . 2008-05-14 07:04	<DIR>	d--------	C:\Program Files\Trend Micro2008-05-14 06:54 . 2008-05-14 06:54	54,156	--ah-----	C:\WINDOWS\QTFont.qfn2008-05-14 06:54 . 2008-05-14 06:54	1,409	--a------	C:\WINDOWS\QTFont.for2008-05-13 16:05 . 2008-05-13 16:05	<DIR>	d--------	C:\Documents and Settings\Mathis\Application Data\TmpRecentIcons2008-05-06 13:14 . 2008-05-06 13:14	<DIR>	d--------	C:\Program Files\WinHTTrack2008-05-03 08:10 . 2008-05-03 08:10	<DIR>	d--------	C:\Documents and Settings\Mathis\Application Data\eFax Messenger2008-04-29 20:11 . 2008-02-29 20:11	32	-ra------	C:\Documents and Settings\All Users\hash.dat2008-04-29 19:34 . 2008-04-29 19:34	<DIR>	d--------	C:\Program Files\Woopra2008-04-29 19:34 . 2008-04-29 19:35	<DIR>	d--------	C:\Documents and Settings\Mathis\Woopra2008-04-29 19:33 . 2008-04-29 19:33	<DIR>	d--------	C:\Program Files\Three Rings Design2008-04-29 19:33 . 2008-02-22 02:33	69,632	--a------	C:\WINDOWS\SYSTEM32\javacpl.cpl2008-04-28 23:02 . 2008-04-28 23:02	<DIR>	d--------	C:\Program Files\Excel Extract Data & Text Software2008-04-21 22:19 . 2008-04-21 22:19	<DIR>	d--------	C:\Program Files\Smart PDF Converter2008-04-21 22:16 . 2008-04-21 22:16	<DIR>	d--------	C:\Program Files\Free PDF to Word Doc Converter2008-04-21 22:13 . 2008-04-21 22:15	663	--a------	C:\WINDOWS\SYSTEM32\winpdf.ini.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-17 03:14	---------	d-----w	C:\Program Files\dl_Cats2008-05-16 19:37	---------	d-----w	C:\Documents and Settings\Mathis\Application Data\Skype2008-05-16 18:46	---------	d-----w	C:\Documents and Settings\Mathis\Application Data\skypePM2008-05-14 08:18	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help2008-05-14 03:19	---------	d-----w	C:\Program Files\Lavasoft2008-05-14 03:19	---------	d-----w	C:\Documents and Settings\Mathis\Application Data\Lavasoft2008-04-30 00:33	---------	d-----w	C:\Program Files\Java2008-04-27 13:33	---------	d-----w	C:\Program Files\Microsoft Silverlight2008-04-27 13:33	---------	d-----w	C:\Program Files\FlashFXP2008-04-22 20:10	---------	d-----w	C:\Program Files\AnyEdit2008-04-16 03:15	---------	d-----w	C:\Program Files\Citrix2008-04-12 04:08	---------	d-----w	C:\Program Files\Web Text Extractor2008-04-12 04:01	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-04-12 04:00	---------	d-----w	C:\Program Files\Web Scraper Plus+2008-04-12 03:53	---------	d-----w	C:\Program Files\Macromedia2008-04-12 03:53	---------	d-----w	C:\Program Files\Common Files\Macromedia2008-04-12 03:29	---------	d-----w	C:\Program Files\Evrsoft First Page 20062008-04-12 03:29	---------	d-----w	C:\Program Files\DB Maker2008-04-12 03:14	---------	d-----w	C:\Program Files\Apperson2008-04-12 03:13	---------	d-----w	C:\Program Files\MSN Games2008-04-08 02:04	---------	d-----w	C:\Program Files\MozyHome2008-04-04 23:20	---------	d-----w	C:\Program Files\PremiumSoft2008-04-04 22:57	---------	d-----w	C:\Program Files\Napster2008-04-03 14:58	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP2008-03-25 16:44	---------	d-----w	C:\Program Files\PuTTY2008-03-25 12:58	---------	d-----w	C:\Documents and Settings\Mathis\Application Data\SmartFTP2008-03-25 12:57	---------	d-----w	C:\Program Files\SmartFTP Client2008-03-25 12:56	---------	d-----w	C:\Program Files\SmartFTP Client 3.0 Setup Files2008-03-20 16:16	---------	d-----w	C:\Program Files\Dell Photo AIO Printer 9262008-03-20 16:16	---------	d-----w	C:\Program Files\Dell2008-03-20 16:05	---------	d-----w	C:\Documents and Settings\All Users\Application Data\DellFaxCtr2008-03-18 03:33	---------	d-----w	C:\Documents and Settings\Mathis\Application Data\deskUNPDF2008-02-27 18:51	691,545	----a-w	C:\WINDOWS\unins000.exe2008-02-10 20:01	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat2005-04-09 03:49	100,784	----a-w	C:\Documents and Settings\Mathis\Application Data\GDIPFONTCACHEV1.DAT2008-02-08 02:46	13,624	----a-w	C:\Program Files\mozilla firefox\plugins\cgpcfg.dll2008-02-08 02:46	87,360	----a-w	C:\Program Files\mozilla firefox\plugins\CgpCore.dll2008-02-08 02:46	91,448	----a-w	C:\Program Files\mozilla firefox\plugins\confmgr.dll2008-02-08 02:46	21,824	----a-w	C:\Program Files\mozilla firefox\plugins\ctxlogging.dll2008-02-08 02:46	206,136	----a-w	C:\Program Files\mozilla firefox\plugins\ctxmui.dll2008-02-08 02:46	31,544	----a-w	C:\Program Files\mozilla firefox\plugins\icafile.dll2008-02-08 02:46	40,248	----a-w	C:\Program Files\mozilla firefox\plugins\icalogon.dll2007-03-16 22:27	479,232	----a-w	C:\Program Files\mozilla firefox\plugins\msvcm80.dll2007-03-16 22:27	548,864	----a-w	C:\Program Files\mozilla firefox\plugins\msvcp80.dll2007-03-16 22:27	626,688	----a-w	C:\Program Files\mozilla firefox\plugins\msvcr80.dll2007-07-20 17:47	981,170	----a-w	C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll2008-02-08 02:46	24,384	----a-w	C:\Program Files\mozilla firefox\plugins\TcpPServ.dll2004-02-25 18:10	3,080	--sha-w	C:\WINDOWS\dwin.sys2004-08-04 07:56	50,688	--sh--w	C:\WINDOWS\twain_32.dll2006-02-09 04:23	56	--sha-r	C:\WINDOWS\SYSTEM32\9F8843D2C9.sys2006-06-12 23:54	8	--sha-r	C:\WINDOWS\SYSTEM32\C9D243889F.sys2004-08-04 07:56	1,028,096	--sha-w	C:\WINDOWS\SYSTEM32\mfc42.dll2004-08-04 07:56	54,784	--sha-w	C:\WINDOWS\SYSTEM32\msvcirt.dll2004-08-04 07:56	413,696	--sha-w	C:\WINDOWS\SYSTEM32\msvcp60.dll2004-08-04 07:56	343,040	--sha-w	C:\WINDOWS\SYSTEM32\msvcrt.dll2004-08-04 07:56	11,776	--sha-w	C:\WINDOWS\SYSTEM32\regsvr32.exe2005-05-18 02:32	516,881	--sha-w	C:\WINDOWS\SYSTEM32\3COM_DMI\aluebac.bak12005-05-22 14:49	506,755	--sha-w	C:\WINDOWS\SYSTEM32\3COM_DMI\aluebac.bak22005-05-22 19:55	508,149	--sha-w	C:\WINDOWS\SYSTEM32\3COM_DMI\aluebac.ini2.(((((((((((((((((((((((((((((   snapshot@2008-05-14_ 0.04.54.00   ))))))))))))))))))))))))))))))))))))))))).+ 2008-01-23 04:56:21	554,008	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll+ 2007-12-10 12:41:11	518,944	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll+ 2007-12-10 12:41:11	326,432	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll+ 2007-12-10 12:41:11	1,516,568	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll+ 2007-12-10 12:41:11	355,112	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll+ 2008-03-27 07:39:13	151,583	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll+ 2007-12-10 12:41:12	60,192	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll+ 2007-12-10 12:41:12	248,608	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll+ 2007-12-10 12:41:12	219,936	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll+ 2007-12-10 12:41:12	355,104	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll+ 2007-12-10 12:41:13	432,928	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll+ 2007-12-10 12:41:13	322,336	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll+ 2007-12-10 12:41:13	559,904	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll+ 2007-12-10 12:41:13	264,992	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll+ 2007-12-10 12:41:13	838,432	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll+ 2007-12-10 12:41:14	621,344	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll+ 2007-12-10 12:41:14	355,104	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll+ 2007-03-06 01:22:36	14,048	----a-w	C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll+ 2007-03-06 01:22:41	213,216	----a-w	C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe+ 2007-03-06 01:22:34	22,752	----a-w	C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll+ 2007-03-06 01:22:59	716,000	----a-w	C:\WINDOWS\$hf_mig$\KB950749\update\update.exe+ 2007-03-06 01:23:51	371,424	----a-w	C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll- 2008-05-14 04:31:51	2,048	--s-a-w	C:\WINDOWS\BOOTSTAT.DAT+ 2008-05-17 12:46:20	2,048	--s-a-w	C:\WINDOWS\BOOTSTAT.DAT+ 2008-04-29 13:49:06	456,768	----a-w	C:\WINDOWS\Downloaded Program Files\wlscBase.dll+ 2007-08-29 05:38:10	500,648	----a-r	C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119030000000000000000F01FEC\12.0.6215\MORPH9.DLL+ 2007-08-29 05:38:46	9,584,512	----a-r	C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119030000000000000000F01FEC\12.0.6215\MSPUB.EXE+ 2007-08-24 09:43:28	138,648	----a-r	C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119030000000000000000F01FEC\12.0.6215\PRTF9.DLL+ 2007-08-29 05:39:14	625,560	----a-r	C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119030000000000000000F01FEC\12.0.6215\PTXT9.DLL+ 2007-08-24 09:43:36	593,296	----a-r	C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119030000000000000000F01FEC\12.0.6215\PUBCONV.DLL+ 2007-08-29 05:16:00	350,064	----a-r	C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119030000000000000000F01FEC\12.0.6215\WINWORD.EXE+ 2007-09-07 00:03:02	4,280,176	----a-r	C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119030000000000000000F01FEC\12.0.6215\WRD12CNV.DLL+ 2007-08-29 06:07:58	24,928	----a-r	C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119030000000000000000F01FEC\12.0.6215\WRD12EXE.EXE+ 2007-09-06 23:56:32	17,490,800	----a-r	C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119030000000000000000F01FEC\12.0.6215\WWLIB.DLL- 2008-03-15 13:30:52	38,240	----a-r	C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe+ 2008-05-14 08:08:15	38,240	----a-r	C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe- 2008-04-11 18:37:21	1,165,584	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe+ 2008-05-14 08:18:31	1,165,584	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe- 2008-04-11 18:37:24	20,240	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe+ 2008-05-14 08:18:33	20,240	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe- 2008-04-11 18:37:22	159,504	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe+ 2008-05-14 08:18:32	159,504	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe- 2008-04-11 18:37:22	184,080	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe+ 2008-05-14 08:18:32	184,080	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe- 2008-04-11 18:37:23	217,864	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe+ 2008-05-14 08:18:32	217,864	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe- 2008-04-11 18:37:24	18,704	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe+ 2008-05-14 08:18:33	18,704	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe- 2008-04-11 18:37:25	35,088	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe+ 2008-05-14 08:18:33	35,088	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe- 2008-04-11 18:37:22	845,584	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe+ 2008-05-14 08:18:32	845,584	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe- 2008-04-11 18:37:23	922,384	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe+ 2008-05-14 08:18:32	922,384	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe- 2008-04-11 18:37:24	272,648	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe+ 2008-05-14 08:18:33	272,648	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe- 2008-04-11 18:37:24	888,080	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe+ 2008-05-14 08:18:33	888,080	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe- 2008-04-11 18:37:21	1,172,240	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe+ 2008-05-14 08:18:31	1,172,240	----a-r	C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe+ 2008-03-25 04:50:25	554,008	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\dao360.dll+ 2008-03-25 04:50:28	518,944	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msexch40.dll+ 2008-03-25 04:50:30	326,432	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msexcl40.dll+ 2008-03-25 04:50:34	1,516,568	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msjet40.dll- 2004-03-01 18:52:15	358,976	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msjetol1.dll+ 2008-03-25 04:50:40	355,112	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msjetol1.dll+ 2008-03-27 08:12:54	151,583	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll+ 2008-03-25 04:50:42	60,192	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msjter40.dll+ 2008-03-25 04:50:42	248,608	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msjtes40.dll+ 2008-03-25 04:50:44	219,936	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msltus40.dll+ 2008-03-25 04:50:45	355,104	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\mspbde40.dll+ 2008-03-25 04:50:47	432,928	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msrd2x40.dll+ 2008-03-25 04:50:49	322,336	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msrd3x40.dll+ 2008-03-25 04:50:52	559,904	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msrepl40.dll+ 2008-03-25 04:50:55	264,992	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\mstext40.dll+ 2008-03-25 04:50:57	838,432	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\mswdat10.dll+ 2008-03-25 04:50:58	621,344	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\mswstr10.dll+ 2008-03-25 04:50:58	355,104	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msxbde40.dll- 2007-12-21 16:08:17	26,952	----a-w	C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys+ 2008-05-17 04:48:23	26,184	----a-w	C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys+ 2005-05-24 17:27:16	213,048	----a-w	C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll+ 2007-08-29 20:47:20	94,208	----a-w	C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe+ 2007-08-29 20:49:54	950,272	----a-w	C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll- 2008-04-06 05:56:20	19,836,024	----a-w	C:\WINDOWS\SYSTEM32\MRT.exe+ 2008-05-09 21:35:04	16,863,864	----a-w	C:\WINDOWS\SYSTEM32\MRT.exe- 2004-08-04 07:56:43	512,029	----a-w	C:\WINDOWS\SYSTEM32\msexch40.dll+ 2008-03-25 04:50:28	518,944	----a-w	C:\WINDOWS\SYSTEM32\msexch40.dll- 2004-08-04 07:56:43	319,517	----a-w	C:\WINDOWS\SYSTEM32\msexcl40.dll+ 2008-03-25 04:50:30	326,432	----a-w	C:\WINDOWS\SYSTEM32\msexcl40.dll- 2004-08-04 07:56:43	1,507,356	----a-w	C:\WINDOWS\SYSTEM32\msjet40.dll+ 2008-03-25 04:50:34	1,516,568	----a-w	C:\WINDOWS\SYSTEM32\msjet40.dll- 2004-03-01 18:52:15	358,976	----a-w	C:\WINDOWS\SYSTEM32\msjetoledb40.dll+ 2008-03-25 04:50:40	355,112	----a-w	C:\WINDOWS\SYSTEM32\msjetoledb40.dll- 2004-08-04 07:56:43	151,583	----a-w	C:\WINDOWS\SYSTEM32\msjint40.dll+ 2008-03-27 08:12:54	151,583	----a-w	C:\WINDOWS\SYSTEM32\msjint40.dll- 2004-08-04 07:56:43	53,279	----a-w	C:\WINDOWS\SYSTEM32\msjter40.dll+ 2008-03-25 04:50:42	60,192	----a-w	C:\WINDOWS\SYSTEM32\msjter40.dll- 2004-08-04 07:56:43	241,693	----a-w	C:\WINDOWS\SYSTEM32\msjtes40.dll+ 2008-03-25 04:50:42	248,608	----a-w	C:\WINDOWS\SYSTEM32\msjtes40.dll- 2004-08-04 07:56:43	213,023	----a-w	C:\WINDOWS\SYSTEM32\msltus40.dll+ 2008-03-25 04:50:44	219,936	----a-w	C:\WINDOWS\SYSTEM32\msltus40.dll- 2004-08-04 07:56:43	348,189	----a-w	C:\WINDOWS\SYSTEM32\mspbde40.dll+ 2008-03-25 04:50:45	355,104	----a-w	C:\WINDOWS\SYSTEM32\mspbde40.dll- 2004-08-04 07:56:43	421,919	----a-w	C:\WINDOWS\SYSTEM32\msrd2x40.dll+ 2008-03-25 04:50:47	432,928	----a-w	C:\WINDOWS\SYSTEM32\msrd2x40.dll- 2004-08-04 07:56:43	315,423	----a-w	C:\WINDOWS\SYSTEM32\msrd3x40.dll+ 2008-03-25 04:50:49	322,336	----a-w	C:\WINDOWS\SYSTEM32\msrd3x40.dll- 2004-08-04 07:56:43	552,989	----a-w	C:\WINDOWS\SYSTEM32\msrepl40.dll+ 2008-03-25 04:50:52	559,904	----a-w	C:\WINDOWS\SYSTEM32\msrepl40.dll- 2004-08-04 07:56:43	258,077	----a-w	C:\WINDOWS\SYSTEM32\mstext40.dll+ 2008-03-25 04:50:55	264,992	----a-w	C:\WINDOWS\SYSTEM32\mstext40.dll- 2004-08-04 07:56:44	831,519	----a-w	C:\WINDOWS\SYSTEM32\mswdat10.dll+ 2008-03-25 04:50:57	838,432	----a-w	C:\WINDOWS\SYSTEM32\mswdat10.dll- 2004-08-04 07:56:44	614,429	----a-w	C:\WINDOWS\SYSTEM32\mswstr10.dll+ 2008-03-25 04:50:58	621,344	----a-w	C:\WINDOWS\SYSTEM32\mswstr10.dll- 2004-08-04 07:56:44	348,189	----a-w	C:\WINDOWS\SYSTEM32\msxbde40.dll+ 2008-03-25 04:50:58	355,104	----a-w	C:\WINDOWS\SYSTEM32\msxbde40.dll+ 2006-12-02 05:46:44	65,536	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll.-- Snapshot reset to current date --.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{240A2128-ACD4-4124-87AF-527124CAAC38}]			C:\WINDOWS\system32\rqRJDSkJ.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31466821-3C42-4E4F-B3F4-8F98061EED73}]			C:\WINDOWS\system32\nnnmMEXO.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{440476B5-DF56-4578-93B5-69A0BD878281}]			C:\WINDOWS\system32\byXQJDtr.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{917DEAF8-FB33-4768-8831-E15D5A1A6969}]			C:\WINDOWS\system32\iifgGAtr.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF770AB3-808C-4D31-8D00-3200E679AFAC}]			C:\WINDOWS\system32\mlJArspm.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2E5FE60-C0CB-4FC5-93D5-9736FA10A01B}]			C:\WINDOWS\fvowketqksn.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{EEDEF161-573C-4CC0-83E5-1F4CD35BB459}"= "C:\WINDOWS\pvnsmfor.dll" [ ][HKEY_CLASSES_ROOT\clsid\{eedef161-573c-4cc0-83e5-1f4cd35bb459}][HKEY_CLASSES_ROOT\pvnsmfor.1][HKEY_CLASSES_ROOT\TypeLib\{DC44D3D7-2664-453B-83B8-44F14C048B7E}][HKEY_CLASSES_ROOT\pvnsmfor][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]@={747E722C-CB46-4A9D-BDFE-192AAD5099B1}[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]@={EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]2008-01-04 18:47	2389296	--a------	C:\Program Files\MozyHome\mozyshell.dll[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]2008-01-04 18:47	2389296	--a------	C:\Program Files\MozyHome\mozyshell.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 23:31 68856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 17:48 155648]"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 17:44 126976]"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-16 23:48 1177368][hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]"{0976BE78-EA53-4DD6-91E6-E6175940032B}"= C:\WINDOWS\system32\winstyle32.dll [ ][hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]"{240A2128-ACD4-4124-87AF-527124CAAC38}"= C:\WINDOWS\system32\rqRJDSkJ.dll [ ][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"vbksrofa"= {18CA2654-0913-4E15-BFBB-20AB862F9F51} - C:\WINDOWS\vbksrofa.dll [ ]"mpfanvqg"= {CE4623C8-43C8-43C8-ABC9-1DFB92CE33AF} - C:\WINDOWS\mpfanvqg.dll [ ][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cabeula]C:\WINDOWS\system32\3COM_DMI\cabeula.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DAD]C:\WINDOWS\system32\DAD.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]LMIinit.dll 2006-07-21 13:15 11496 C:\WINDOWS\SYSTEM32\LMIinit.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJDSkJ]rqRJDSkJ.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"MSACM.CEGSM"= mobilev.acm[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnkbackup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnkbackup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnkbackup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnkbackup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DllCmd32.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DllCmd32.lnkbackup=C:\WINDOWS\pss\DllCmd32.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.1.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.1.lnkbackup=C:\WINDOWS\pss\eFax 4.1.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP LaserJet 3100 Status.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet 3100 Status.lnkbackup=C:\WINDOWS\pss\HP LaserJet 3100 Status.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet d series) - 1.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet d series) - 1.lnkbackup=C:\WINDOWS\pss\HPAiODevice(hp officejet d series) - 1.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnkbackup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnkbackup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnkbackup=C:\WINDOWS\pss\MozyHome Status.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkbackup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnkbackup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnkbackup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Mathis^Start Menu^Programs^Startup^Free WebSite Tools.lnk]path=C:\Documents and Settings\Mathis\Start Menu\Programs\Startup\Free WebSite Tools.lnkbackup=C:\WINDOWS\pss\Free WebSite Tools.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Mathis^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]path=C:\Documents and Settings\Mathis\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkbackup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\583545f2]C:\WINDOWS\system32\aalnagjg.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]--a------ 2002-04-10 17:44 679936 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]C:\Program Files\AIM\aim.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]--a------ 2006-10-16 00:31 106496 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]--a------ 2007-01-12 11:57 292336 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.1]--a------ 2005-12-16 18:59 107008 C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Nuker]C:\Program Files\Error Nuker\bin\ErrorNuker.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]C:\Program Files\Dell PC Fax\fm3032.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallProgram]C:\DOCUME~1\Mathis\LOCALS~1\Temp\setup_526_1_.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]--a------ 2006-07-21 13:15 303856 C:\Program Files\LogMeIn\LogMeInSystray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]--a------ 2006-11-03 17:04 304008 C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]--a------ 2004-04-20 13:24 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]--a------ 2001-07-25 10:00 241714 C:\Program Files\Microsoft Money\System\Activation.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]C:\Program Files\MSN Messenger\msnmsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]--a------ 2007-10-29 18:14 323216 C:\Program Files\Napster\napster.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFConverterReminder]C:\PROGRA~1\ScanSoft\PDFCON~1\EReg\EReg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]C:\Program Files\Registry Mechanic\RegMech.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]-ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spiceworks]--a------ 2007-09-13 11:40 61440 C:\Program Files\Spiceworks\bin\spicetray_silent.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]--a------ 2007-07-21 23:31 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray32]--a------ 2003-10-03 18:43 114688 C:\WINDOWS\System32\netdd\registry\mru\dllhost.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\warez]C:\Program Files\Warez P2P Client\Warez.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]c:\program files\zango\zango.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"SSWebSvr"=2 (0x2)"SSCollect"=2 (0x2)"mozybackup"=2 (0x2)"Bonjour Service"=2 (0x2)"Microsoft Office Groove Audit Service"=3 (0x3)"dnetc"=2 (0x2)"dlcx_device"=2 (0x2)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\rundll32.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Synergy\\synergys.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\WINDOWS\\SYSTEM32\\mmc.exe"="C:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\WINDOWS\\SYSTEM32\\dlcxcoms.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\Woopra\\Woopra.exe"="C:\\Program Files\\WinHTTrack\\WinHTTrack.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-16 23:48]R1 mozyFilter;mozyFilter;C:\WINDOWS\system32\DRIVERS\mozy.sys [2008-01-04 18:47]R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-16 23:48]R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\RaInfo.sys [2006-07-21 13:15]R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]R2 Synergy Server;Synergy Server;C:\Program Files\Synergy\synergys.exe [2006-04-02 15:20]R3 Esdpdx01;Esdpdx01;C:\WINDOWS\System32\Drivers\ESDPDX01.SYS [2002-07-02 22:28]R3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-06-15 12:26]S3 chyunikb;Cherry Universal PS/2 Keyboard Driver;C:\WINDOWS\system32\DRIVERS\chyunikb.sys [2000-11-16 14:08]S3 LpBk;RC-X USB Device;C:\WINDOWS\system32\Drivers\RcxUsbA.sys [1999-12-16 18:18]S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);C:\WINDOWS\system32\DRIVERS\pc22nd5.sys [2001-11-09 12:58]S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;C:\WINDOWS\system32\DRIVERS\pc22unic.sys [2001-11-09 12:58]S3 USB10T2B;Linksys USB 10Base-T Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\USB10T2B.sys [2001-06-18 14:24]S3 USBENET;%USBENET.DriverDesc%;C:\WINDOWS\system32\DRIVERS\USB10T2N.SYS [2000-01-11 04:00]S4 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-10-11 16:48]S4 SSCollect;SmarterStats Service;"C:\Program Files\SmarterTools\SmarterStats\Service\SSSvc.exe" [2007-07-24 13:21]S4 SSWebSvr;SmarterStats Web Server;"C:\Program Files\SmarterTools\SmarterStats\Web Server\SSWebSvr.exe" [2003-07-21 17:32].Contents of the 'Scheduled Tasks' folder"2008-05-16 19:02:36 C:\WINDOWS\Tasks\User_Feed_Synchronization-{E1E03728-5B7D-4E44-B77D-0F226A858634}.job"- C:\WINDOWS\system32\msfeedssync.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-05-17 07:48:08Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\Program Files\Synergy\synrgyhk.dll.------------------------ Other Running Processes ------------------------.C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exeC:\WINDOWS\SYSTEM32\searchindexer.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\SYSTEM32\searchprotocolhost.exeC:\WINDOWS\SYSTEM32\searchfilterhost.exe.**************************************************************************.Completion time: 2008-05-17  8:11:50 - machine was rebootedComboFix-quarantined-files.txt  2008-05-17 13:11:38ComboFix2.txt  2008-05-14 05:07:25Pre-Run: 9,945,968,640 bytes freePost-Run: 9,973,731,328 bytes free509	--- E O F ---	2008-05-17 10:08:55


#6 Markka

Markka

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 17 May 2008 - 12:03 PM

Hello :thumbsup:

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.
__________

Post these logs and don't put them into the code boxes, thanks:

- A fresh HijackThis log
- Contents of C:\Rapport
- Contents of C:\ComboFix.txt

#7 mathisjr

mathisjr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 17 May 2008 - 11:30 PM

Thank you again for the help. Sorry about the code box, I was trying to keep the messages shorter.

I have done as instructed. Here are the logs. Please let me know what else to do.

Thanks, Joe

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:50 PM, on 05/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synergy\synergys.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\mathisjr.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {240A2128-ACD4-4124-87AF-527124CAAC38} - C:\WINDOWS\system32\rqRJDSkJ.dll (file missing)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {31466821-3C42-4E4F-B3F4-8F98061EED73} - C:\WINDOWS\system32\nnnmMEXO.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {440476B5-DF56-4578-93B5-69A0BD878281} - C:\WINDOWS\system32\byXQJDtr.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {917DEAF8-FB33-4768-8831-E15D5A1A6969} - C:\WINDOWS\system32\iifgGAtr.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {BF770AB3-808C-4D31-8D00-3200E679AFAC} - C:\WINDOWS\system32\mlJArspm.dll (file missing)
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: QXK Rhythm - {D2E5FE60-C0CB-4FC5-93D5-9736FA10A01B} - C:\WINDOWS\fvowketqksn.dll (file missing)
O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: pvnsmfor - {EEDEF161-573C-4CC0-83E5-1F4CD35BB459} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100132368605
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126140474211
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.net/fvlite22/fvlite.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.iwantdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.broderbund.com/IFW/Cabs/isetup.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://ns-radio.netscape.com/radio/cabs/ampx.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.21/ttinst.cab
O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - http://download.verizon.net/sfp/Cabs/max_u...pdate_1-0-0.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/bfbbe9...0/Installer.exe
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728Ax....RichUpload.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} (LifePicsUploader.UserControl1) - http://www.hebphoto.com/common/UserUpload/...icsUploader.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Micr....RichUpload.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://stores.homestead.com/storeadmin/uti...es/pssbedit.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: cabeula - C:\WINDOWS\system32\3COM_DMI\cabeula.dll (file missing)
O20 - Winlogon Notify: cccedadab - C:\WINDOWS\
O20 - Winlogon Notify: DAD - C:\WINDOWS\system32\DAD.dll (file missing)
O20 - Winlogon Notify: rqRJDSkJ - rqRJDSkJ.dll (file missing)
O21 - SSODL: vbksrofa - {18CA2654-0913-4E15-BFBB-20AB862F9F51} - C:\WINDOWS\vbksrofa.dll (file missing)
O21 - SSODL: mpfanvqg - {CE4623C8-43C8-43C8-ABC9-1DFB92CE33AF} - C:\WINDOWS\mpfanvqg.dll (file missing)
O22 - SharedTaskScheduler: style 2 - {0976BE78-EA53-4DD6-91E6-E6175940032B} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Synergy Server - Unknown owner - C:\Program Files\Synergy\synergys.exe

--
End of file - 16909 bytes


Rapport.txt

SmitFraudFix v2.320

Scan done at 12:26:34.71, 05/17/2008
Run from C:\Documents and Settings\Mathis\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0976BE78-EA53-4DD6-91E6-E6175940032B}"="style 2"

[HKEY_CLASSES_ROOT\CLSID\{0976BE78-EA53-4DD6-91E6-E6175940032B}\InProcServer32]
@="C:\WINDOWS\system32\winstyle32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0976BE78-EA53-4DD6-91E6-E6175940032B}\InProcServer32]
@="C:\WINDOWS\system32\winstyle32.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}"="z"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: NameServer=208.67.222.222,208.67.220.220
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: NameServer=208.67.222.222,208.67.220.220
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: DhcpNameServer=208.180.42.68 208.180.42.100
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: NameServer=208.67.222.222,208.67.220.220
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.68 208.180.42.100


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0976BE78-EA53-4DD6-91E6-E6175940032B}"="style 2"



»»»»»»»»»»»»»»»»»»»»»»»» End


ComboFix

ComboFix 08-05-12.1 - Mathis 2008-05-17 12:59:54.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.560 [GMT -5:00]
Running from: C:\Documents and Settings\Mathis\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

2008-05-17 08:36 . 2008-05-17 12:26 1,262 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-05-17 00:14 . 2008-05-17 07:31 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-16 23:48 . 2008-05-17 00:12 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-05-16 23:48 . 2008-05-16 23:48 <DIR> d-------- C:\Program Files\AVG
2008-05-16 23:48 . 2008-05-16 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-16 23:48 . 2008-05-16 23:48 96,520 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-05-16 23:48 . 2008-05-16 23:48 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-05-16 23:45 . 2008-05-16 23:48 8,192 --a------ C:\Documents and Settings\BRADDA~2.000
2008-05-16 23:45 . 2008-05-16 23:48 8,192 --a------ C:\Documents and Settings\BRADDA~1.000
2008-05-16 23:45 . 2008-05-16 23:48 8,192 --a------ C:\Documents and Settings\Brad.DAD
2008-05-16 23:45 . 2008-05-16 23:48 8,192 --a------ C:\Documents and Settings\Brad
2008-05-16 13:51 . 2008-05-16 14:42 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-15 09:51 . 2008-05-15 09:51 <DIR> d-------- C:\Deckard
2008-05-15 09:31 . 2008-05-15 09:31 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-05-15 09:31 . 2008-05-15 09:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-14 07:04 . 2008-05-14 07:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-14 06:54 . 2008-05-14 06:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-14 06:54 . 2008-05-14 06:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-13 16:05 . 2008-05-13 16:05 <DIR> d-------- C:\Documents and Settings\Mathis\Application Data\TmpRecentIcons
2008-05-06 13:14 . 2008-05-06 13:14 <DIR> d-------- C:\Program Files\WinHTTrack
2008-05-03 08:10 . 2008-05-03 08:10 <DIR> d-------- C:\Documents and Settings\Mathis\Application Data\eFax Messenger
2008-04-29 20:11 . 2008-02-29 20:11 32 -ra------ C:\Documents and Settings\All Users\hash.dat
2008-04-29 19:34 . 2008-04-29 19:34 <DIR> d-------- C:\Program Files\Woopra
2008-04-29 19:34 . 2008-04-29 19:35 <DIR> d-------- C:\Documents and Settings\Mathis\Woopra
2008-04-29 19:33 . 2008-04-29 19:33 <DIR> d-------- C:\Program Files\Three Rings Design
2008-04-29 19:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-04-28 23:02 . 2008-04-28 23:02 <DIR> d-------- C:\Program Files\Excel Extract Data & Text Software
2008-04-21 22:19 . 2008-04-21 22:19 <DIR> d-------- C:\Program Files\Smart PDF Converter
2008-04-21 22:16 . 2008-04-21 22:16 <DIR> d-------- C:\Program Files\Free PDF to Word Doc Converter
2008-04-21 22:13 . 2008-04-21 22:15 663 --a------ C:\WINDOWS\SYSTEM32\winpdf.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 03:14 --------- d-----w C:\Program Files\dl_Cats
2008-05-16 19:37 --------- d-----w C:\Documents and Settings\Mathis\Application Data\Skype
2008-05-16 18:46 --------- d-----w C:\Documents and Settings\Mathis\Application Data\skypePM
2008-05-14 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 03:19 --------- d-----w C:\Program Files\Lavasoft
2008-05-14 03:19 --------- d-----w C:\Documents and Settings\Mathis\Application Data\Lavasoft
2008-05-03 03:49 3,350 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2008-04-30 00:33 --------- d-----w C:\Program Files\Java
2008-04-27 13:33 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-27 13:33 --------- d-----w C:\Program Files\FlashFXP
2008-04-22 20:10 --------- d-----w C:\Program Files\AnyEdit
2008-04-16 03:15 --------- d-----w C:\Program Files\Citrix
2008-04-12 04:08 --------- d-----w C:\Program Files\Web Text Extractor
2008-04-12 04:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 04:00 --------- d-----w C:\Program Files\Web Scraper Plus+
2008-04-12 03:53 --------- d-----w C:\Program Files\Macromedia
2008-04-12 03:53 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-04-12 03:29 --------- d-----w C:\Program Files\Evrsoft First Page 2006
2008-04-12 03:29 --------- d-----w C:\Program Files\DB Maker
2008-04-12 03:14 --------- d-----w C:\Program Files\Apperson
2008-04-12 03:13 --------- d-----w C:\Program Files\MSN Games
2008-04-08 02:04 --------- d-----w C:\Program Files\MozyHome
2008-04-04 23:20 --------- d-----w C:\Program Files\PremiumSoft
2008-04-04 22:57 --------- d-----w C:\Program Files\Napster
2008-04-03 14:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-25 16:44 --------- d-----w C:\Program Files\PuTTY
2008-03-25 12:58 --------- d-----w C:\Documents and Settings\Mathis\Application Data\SmartFTP
2008-03-25 12:57 --------- d-----w C:\Program Files\SmartFTP Client
2008-03-25 12:56 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-20 16:16 --------- d-----w C:\Program Files\Dell Photo AIO Printer 926
2008-03-20 16:16 --------- d-----w C:\Program Files\Dell
2008-03-20 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\DellFaxCtr
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-18 03:33 --------- d-----w C:\Documents and Settings\Mathis\Application Data\deskUNPDF
2008-03-01 23:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-27 18:51 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-10 20:01 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2005-04-09 03:49 100,784 ----a-w C:\Documents and Settings\Mathis\Application Data\GDIPFONTCACHEV1.DAT
2008-02-08 02:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-03-16 22:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
2004-02-25 18:10 3,080 --sha-w C:\WINDOWS\dwin.sys
2004-08-04 07:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2006-02-09 04:23 56 --sha-r C:\WINDOWS\SYSTEM32\9F8843D2C9.sys
2006-06-12 23:54 8 --sha-r C:\WINDOWS\SYSTEM32\C9D243889F.sys
2004-08-04 07:56 1,028,096 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll
2004-08-04 07:56 54,784 --sha-w C:\WINDOWS\SYSTEM32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2004-08-04 07:56 343,040 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll
2004-08-04 07:56 11,776 --sha-w C:\WINDOWS\SYSTEM32\regsvr32.exe
2005-05-18 02:32 516,881 --sha-w C:\WINDOWS\SYSTEM32\3COM_DMI\aluebac.bak1
2005-05-22 14:49 506,755 --sha-w C:\WINDOWS\SYSTEM32\3COM_DMI\aluebac.bak2
2005-05-22 19:55 508,149 --sha-w C:\WINDOWS\SYSTEM32\3COM_DMI\aluebac.ini2
.

((((((((((((((((((((((((((((( snapshot_2008-05-17_ 8.11.00.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 12:46:20 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-17 17:32:17 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{240A2128-ACD4-4124-87AF-527124CAAC38}]
C:\WINDOWS\system32\rqRJDSkJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31466821-3C42-4E4F-B3F4-8F98061EED73}]
C:\WINDOWS\system32\nnnmMEXO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{440476B5-DF56-4578-93B5-69A0BD878281}]
C:\WINDOWS\system32\byXQJDtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{917DEAF8-FB33-4768-8831-E15D5A1A6969}]
C:\WINDOWS\system32\iifgGAtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF770AB3-808C-4D31-8D00-3200E679AFAC}]
C:\WINDOWS\system32\mlJArspm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2E5FE60-C0CB-4FC5-93D5-9736FA10A01B}]
C:\WINDOWS\fvowketqksn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEDEF161-573C-4CC0-83E5-1F4CD35BB459}"= "C:\WINDOWS\pvnsmfor.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{eedef161-573c-4cc0-83e5-1f4cd35bb459}]
[HKEY_CLASSES_ROOT\pvnsmfor.1]
[HKEY_CLASSES_ROOT\TypeLib\{DC44D3D7-2664-453B-83B8-44F14C048B7E}]
[HKEY_CLASSES_ROOT\pvnsmfor]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@={747E722C-CB46-4A9D-BDFE-192AAD5099B1}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@={EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]
2008-01-04 18:47 2389296 --a------ C:\Program Files\MozyHome\mozyshell.dll

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]
2008-01-04 18:47 2389296 --a------ C:\Program Files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 23:31 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 17:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 17:44 126976]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-16 23:48 1177368]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]
"{240A2128-ACD4-4124-87AF-527124CAAC38}"= C:\WINDOWS\system32\rqRJDSkJ.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vbksrofa"= {18CA2654-0913-4E15-BFBB-20AB862F9F51} - C:\WINDOWS\vbksrofa.dll [ ]
"mpfanvqg"= {CE4623C8-43C8-43C8-ABC9-1DFB92CE33AF} - C:\WINDOWS\mpfanvqg.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cabeula]
C:\WINDOWS\system32\3COM_DMI\cabeula.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cccedadab]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DAD]
C:\WINDOWS\system32\DAD.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2006-07-21 13:15 11496 C:\WINDOWS\SYSTEM32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRJDSkJ]
rqRJDSkJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DllCmd32.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DllCmd32.lnk
backup=C:\WINDOWS\pss\DllCmd32.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.1.lnk
backup=C:\WINDOWS\pss\eFax 4.1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP LaserJet 3100 Status.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet 3100 Status.lnk
backup=C:\WINDOWS\pss\HP LaserJet 3100 Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet d series) - 1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet d series) - 1.lnk
backup=C:\WINDOWS\pss\HPAiODevice(hp officejet d series) - 1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
backup=C:\WINDOWS\pss\MozyHome Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mathis^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
path=C:\Documents and Settings\Mathis\Start Menu\Programs\Startup\Free WebSite Tools.lnk
backup=C:\WINDOWS\pss\Free WebSite Tools.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mathis^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Mathis\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\583545f2]
C:\WINDOWS\system32\aalnagjg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-04-10 17:44 679936 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]
--a------ 2006-10-16 00:31 106496 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
--a------ 2007-01-12 11:57 292336 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.1]
--a------ 2005-12-16 18:59 107008 C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Nuker]
C:\Program Files\Error Nuker\bin\ErrorNuker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallProgram]
C:\DOCUME~1\Mathis\LOCALS~1\Temp\setup_526_1_.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2006-07-21 13:15 303856 C:\Program Files\LogMeIn\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
--a------ 2006-11-03 17:04 304008 C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-04-20 13:24 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
--a------ 2001-07-25 10:00 241714 C:\Program Files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-10-29 18:14 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFConverterReminder]
C:\PROGRA~1\ScanSoft\PDFCON~1\EReg\EReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spiceworks]
--a------ 2007-09-13 11:40 61440 C:\Program Files\Spiceworks\bin\spicetray_silent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-21 23:31 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray32]
--a------ 2003-10-03 18:43 114688 C:\WINDOWS\System32\netdd\registry\mru\dllhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\warez]
C:\Program Files\Warez P2P Client\Warez.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
c:\program files\zango\zango.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SSWebSvr"=2 (0x2)
"SSCollect"=2 (0x2)
"mozybackup"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"dnetc"=2 (0x2)
"dlcx_device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Synergy\\synergys.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"C:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\SYSTEM32\\dlcxcoms.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Woopra\\Woopra.exe"=
"C:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-16 23:48]
R1 mozyFilter;mozyFilter;C:\WINDOWS\system32\DRIVERS\mozy.sys [2008-01-04 18:47]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-16 23:48]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\RaInfo.sys [2006-07-21 13:15]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 Synergy Server;Synergy Server;C:\Program Files\Synergy\synergys.exe [2006-04-02 15:20]
R3 Esdpdx01;Esdpdx01;C:\WINDOWS\System32\Drivers\ESDPDX01.SYS [2002-07-02 22:28]
R3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-06-15 12:26]
S3 chyunikb;Cherry Universal PS/2 Keyboard Driver;C:\WINDOWS\system32\DRIVERS\chyunikb.sys [2000-11-16 14:08]
S3 LpBk;RC-X USB Device;C:\WINDOWS\system32\Drivers\RcxUsbA.sys [1999-12-16 18:18]
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);C:\WINDOWS\system32\DRIVERS\pc22nd5.sys [2001-11-09 12:58]
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;C:\WINDOWS\system32\DRIVERS\pc22unic.sys [2001-11-09 12:58]
S3 USB10T2B;Linksys USB 10Base-T Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\USB10T2B.sys [2001-06-18 14:24]
S3 USBENET;%USBENET.DriverDesc%;C:\WINDOWS\system32\DRIVERS\USB10T2N.SYS [2000-01-11 04:00]
S4 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-10-11 16:48]
S4 SSCollect;SmarterStats Service;"C:\Program Files\SmarterTools\SmarterStats\Service\SSSvc.exe" [2007-07-24 13:21]
S4 SSWebSvr;SmarterStats Web Server;"C:\Program Files\SmarterTools\SmarterStats\Web Server\SSWebSvr.exe" [2003-07-21 17:32]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 18:09:57 C:\WINDOWS\Tasks\User_Feed_Synchronization-{E1E03728-5B7D-4E44-B77D-0F226A858634}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 13:06:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Synergy\synrgyhk.dll
.
Completion time: 2008-05-17 13:14:06
ComboFix-quarantined-files.txt 2008-05-17 18:13:57
ComboFix2.txt 2008-05-17 13:11:52
ComboFix3.txt 2008-05-14 05:07:25

Pre-Run: 9,901,137,920 bytes free
Post-Run: 9,892,462,592 bytes free

376 --- E O F --- 2008-05-17 10:08:55

#8 Markka

Markka

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 18 May 2008 - 04:44 AM

Hello :thumbsup:

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows except HijackThis and press fix checked.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
O2 - BHO: (no name) - {240A2128-ACD4-4124-87AF-527124CAAC38} - C:\WINDOWS\system32\rqRJDSkJ.dll (file missing)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {31466821-3C42-4E4F-B3F4-8F98061EED73} - C:\WINDOWS\system32\nnnmMEXO.dll (file missing)
O2 - BHO: (no name) - {440476B5-DF56-4578-93B5-69A0BD878281} - C:\WINDOWS\system32\byXQJDtr.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {917DEAF8-FB33-4768-8831-E15D5A1A6969} - C:\WINDOWS\system32\iifgGAtr.dll (file missing)
O2 - BHO: (no name) - {BF770AB3-808C-4D31-8D00-3200E679AFAC} - C:\WINDOWS\system32\mlJArspm.dll (file missing)
O2 - BHO: QXK Rhythm - {D2E5FE60-C0CB-4FC5-93D5-9736FA10A01B} - C:\WINDOWS\fvowketqksn.dll (file missing)
O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file)
O3 - Toolbar: pvnsmfor - {EEDEF161-573C-4CC0-83E5-1F4CD35BB459} - C:\WINDOWS\pvnsmfor.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O20 - Winlogon Notify: cabeula - C:\WINDOWS\system32\3COM_DMI\cabeula.dll (file missing)
O20 - Winlogon Notify: cccedadab - C:\WINDOWS\
O20 - Winlogon Notify: DAD - C:\WINDOWS\system32\DAD.dll (file missing)
O20 - Winlogon Notify: rqRJDSkJ - rqRJDSkJ.dll (file missing)
O21 - SSODL: vbksrofa - {18CA2654-0913-4E15-BFBB-20AB862F9F51} - C:\WINDOWS\vbksrofa.dll (file missing)
O21 - SSODL: mpfanvqg - {CE4623C8-43C8-43C8-ABC9-1DFB92CE33AF} - C:\WINDOWS\mpfanvqg.dll (file missing)
O22 - SharedTaskScheduler: style 2 - {0976BE78-EA53-4DD6-91E6-E6175940032B} - (no file)

__________________

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\winpdf.ini
C:\WINDOWS\system32\aalnagjg.dll

Folder::
C:\program files\zango

Registry::
[-HKEY_CLASSES_ROOT\clsid\{eedef161-573c-4cc0-83e5-1f4cd35bb459}]
[-HKEY_CLASSES_ROOT\pvnsmfor.1]
[-HKEY_CLASSES_ROOT\TypeLib\{DC44D3D7-2664-453B-83B8-44F14C048B7E}]
[-HKEY_CLASSES_ROOT\pvnsmfor]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\583545f2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]


Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#9 mathisjr

mathisjr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 18 May 2008 - 12:26 PM

Hello,

I have followed your last instructions and I am attached the requested log files.


Combofix

ComboFix 08-05-12.1 - Mathis 2008-05-18 12:04:20.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.529 [GMT -5:00]
Running from: C:\Documents and Settings\Mathis\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mathis\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\aalnagjg.dll
C:\WINDOWS\SYSTEM32\winpdf.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\SYSTEM32\winpdf.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-17 08:36 . 2008-05-17 12:26 1,262 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-05-17 00:14 . 2008-05-17 20:00 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-16 23:48 . 2008-05-18 05:50 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-05-16 23:48 . 2008-05-16 23:48 <DIR> d-------- C:\Program Files\AVG
2008-05-16 23:48 . 2008-05-16 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-16 23:48 . 2008-05-16 23:48 96,520 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-05-16 23:48 . 2008-05-16 23:48 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-05-16 23:45 . 2008-05-16 23:48 8,192 --a------ C:\Documents and Settings\BRADDA~2.000
2008-05-16 23:45 . 2008-05-16 23:48 8,192 --a------ C:\Documents and Settings\BRADDA~1.000
2008-05-16 23:45 . 2008-05-16 23:48 8,192 --a------ C:\Documents and Settings\Brad.DAD
2008-05-16 23:45 . 2008-05-16 23:48 8,192 --a------ C:\Documents and Settings\Brad
2008-05-16 13:51 . 2008-05-16 14:42 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-15 09:51 . 2008-05-15 09:51 <DIR> d-------- C:\Deckard
2008-05-15 09:31 . 2008-05-15 09:31 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-05-15 09:31 . 2008-05-15 09:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-14 07:04 . 2008-05-14 07:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-14 06:54 . 2008-05-14 06:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-14 06:54 . 2008-05-14 06:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-13 16:05 . 2008-05-13 16:05 <DIR> d-------- C:\Documents and Settings\Mathis\Application Data\TmpRecentIcons
2008-05-06 13:14 . 2008-05-06 13:14 <DIR> d-------- C:\Program Files\WinHTTrack
2008-05-03 08:10 . 2008-05-03 08:10 <DIR> d-------- C:\Documents and Settings\Mathis\Application Data\eFax Messenger
2008-04-29 20:11 . 2008-02-29 20:11 32 -ra------ C:\Documents and Settings\All Users\hash.dat
2008-04-29 19:34 . 2008-04-29 19:34 <DIR> d-------- C:\Program Files\Woopra
2008-04-29 19:34 . 2008-04-29 19:35 <DIR> d-------- C:\Documents and Settings\Mathis\Woopra
2008-04-29 19:33 . 2008-04-29 19:33 <DIR> d-------- C:\Program Files\Three Rings Design
2008-04-29 19:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-04-28 23:02 . 2008-04-28 23:02 <DIR> d-------- C:\Program Files\Excel Extract Data & Text Software
2008-04-21 22:19 . 2008-04-21 22:19 <DIR> d-------- C:\Program Files\Smart PDF Converter
2008-04-21 22:16 . 2008-04-21 22:16 <DIR> d-------- C:\Program Files\Free PDF to Word Doc Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 03:14 --------- d-----w C:\Program Files\dl_Cats
2008-05-16 19:37 --------- d-----w C:\Documents and Settings\Mathis\Application Data\Skype
2008-05-16 18:46 --------- d-----w C:\Documents and Settings\Mathis\Application Data\skypePM
2008-05-14 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 03:19 --------- d-----w C:\Program Files\Lavasoft
2008-05-14 03:19 --------- d-----w C:\Documents and Settings\Mathis\Application Data\Lavasoft
2008-05-03 03:49 3,350 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2008-04-30 00:33 --------- d-----w C:\Program Files\Java
2008-04-27 13:33 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-27 13:33 --------- d-----w C:\Program Files\FlashFXP
2008-04-22 20:10 --------- d-----w C:\Program Files\AnyEdit
2008-04-16 03:15 --------- d-----w C:\Program Files\Citrix
2008-04-12 04:08 --------- d-----w C:\Program Files\Web Text Extractor
2008-04-12 04:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 04:00 --------- d-----w C:\Program Files\Web Scraper Plus+
2008-04-12 03:53 --------- d-----w C:\Program Files\Macromedia
2008-04-12 03:53 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-04-12 03:29 --------- d-----w C:\Program Files\Evrsoft First Page 2006
2008-04-12 03:29 --------- d-----w C:\Program Files\DB Maker
2008-04-12 03:14 --------- d-----w C:\Program Files\Apperson
2008-04-12 03:13 --------- d-----w C:\Program Files\MSN Games
2008-04-08 02:04 --------- d-----w C:\Program Files\MozyHome
2008-04-04 23:20 --------- d-----w C:\Program Files\PremiumSoft
2008-04-04 22:57 --------- d-----w C:\Program Files\Napster
2008-04-03 14:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-25 16:44 --------- d-----w C:\Program Files\PuTTY
2008-03-25 12:58 --------- d-----w C:\Documents and Settings\Mathis\Application Data\SmartFTP
2008-03-25 12:57 --------- d-----w C:\Program Files\SmartFTP Client
2008-03-25 12:56 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-20 16:16 --------- d-----w C:\Program Files\Dell Photo AIO Printer 926
2008-03-20 16:16 --------- d-----w C:\Program Files\Dell
2008-03-20 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\DellFaxCtr
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-18 03:33 --------- d-----w C:\Documents and Settings\Mathis\Application Data\deskUNPDF
2008-03-01 23:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-27 18:51 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-10 20:01 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2005-04-09 03:49 100,784 ----a-w C:\Documents and Settings\Mathis\Application Data\GDIPFONTCACHEV1.DAT
2008-02-08 02:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-03-16 22:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
2004-02-25 18:10 3,080 --sha-w C:\WINDOWS\dwin.sys
2004-08-04 07:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2006-02-09 04:23 56 --sha-r C:\WINDOWS\SYSTEM32\9F8843D2C9.sys
2006-06-12 23:54 8 --sha-r C:\WINDOWS\SYSTEM32\C9D243889F.sys
2004-08-04 07:56 1,028,096 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll
2004-08-04 07:56 54,784 --sha-w C:\WINDOWS\SYSTEM32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2004-08-04 07:56 343,040 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll
2004-08-04 07:56 11,776 --sha-w C:\WINDOWS\SYSTEM32\regsvr32.exe
2005-05-18 02:32 516,881 --sha-w C:\WINDOWS\SYSTEM32\3COM_DMI\aluebac.bak1
2005-05-22 14:49 506,755 --sha-w C:\WINDOWS\SYSTEM32\3COM_DMI\aluebac.bak2
2005-05-22 19:55 508,149 --sha-w C:\WINDOWS\SYSTEM32\3COM_DMI\aluebac.ini2
.

((((((((((((((((((((((((((((( snapshot_2008-05-17_ 8.11.00.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 12:46:20 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-18 14:11:51 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 23:31 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 17:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 17:44 126976]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-16 23:48 1177368]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2006-07-21 13:15 11496 C:\WINDOWS\SYSTEM32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DllCmd32.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DllCmd32.lnk
backup=C:\WINDOWS\pss\DllCmd32.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.1.lnk
backup=C:\WINDOWS\pss\eFax 4.1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP LaserJet 3100 Status.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP LaserJet 3100 Status.lnk
backup=C:\WINDOWS\pss\HP LaserJet 3100 Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp officejet d series) - 1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet d series) - 1.lnk
backup=C:\WINDOWS\pss\HPAiODevice(hp officejet d series) - 1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
backup=C:\WINDOWS\pss\MozyHome Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=C:\WINDOWS\pss\Verizon Online Support Center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mathis^Start Menu^Programs^Startup^Free WebSite Tools.lnk]
path=C:\Documents and Settings\Mathis\Start Menu\Programs\Startup\Free WebSite Tools.lnk
backup=C:\WINDOWS\pss\Free WebSite Tools.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mathis^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Mathis\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-04-10 17:44 679936 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCXCATS]
--a------ 2006-10-16 00:31 106496 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcxmon.exe]
--a------ 2007-01-12 11:57 292336 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.1]
--a------ 2005-12-16 18:59 107008 C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Nuker]
C:\Program Files\Error Nuker\bin\ErrorNuker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallProgram]
C:\DOCUME~1\Mathis\LOCALS~1\Temp\setup_526_1_.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2006-07-21 13:15 303856 C:\Program Files\LogMeIn\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
--a------ 2006-11-03 17:04 304008 C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-04-20 13:24 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
--a------ 2001-07-25 10:00 241714 C:\Program Files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-10-29 18:14 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Converter Registry Controller]
C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFConverterReminder]
C:\PROGRA~1\ScanSoft\PDFCON~1\EReg\EReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spiceworks]
--a------ 2007-09-13 11:40 61440 C:\Program Files\Spiceworks\bin\spicetray_silent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-21 23:31 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray32]
--a------ 2003-10-03 18:43 114688 C:\WINDOWS\System32\netdd\registry\mru\dllhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\warez]
C:\Program Files\Warez P2P Client\Warez.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SSWebSvr"=2 (0x2)
"SSCollect"=2 (0x2)
"mozybackup"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"dnetc"=2 (0x2)
"dlcx_device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Synergy\\synergys.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"C:\\Program Files\\Spiceworks\\bin\\spiceworks.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\SYSTEM32\\dlcxcoms.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Woopra\\Woopra.exe"=
"C:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-16 23:48]
R1 mozyFilter;mozyFilter;C:\WINDOWS\system32\DRIVERS\mozy.sys [2008-01-04 18:47]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-16 23:48]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\RaInfo.sys [2006-07-21 13:15]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 Synergy Server;Synergy Server;C:\Program Files\Synergy\synergys.exe [2006-04-02 15:20]
R3 Esdpdx01;Esdpdx01;C:\WINDOWS\System32\Drivers\ESDPDX01.SYS [2002-07-02 22:28]
R3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-06-15 12:26]
S3 chyunikb;Cherry Universal PS/2 Keyboard Driver;C:\WINDOWS\system32\DRIVERS\chyunikb.sys [2000-11-16 14:08]
S3 LpBk;RC-X USB Device;C:\WINDOWS\system32\Drivers\RcxUsbA.sys [1999-12-16 18:18]
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);C:\WINDOWS\system32\DRIVERS\pc22nd5.sys [2001-11-09 12:58]
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;C:\WINDOWS\system32\DRIVERS\pc22unic.sys [2001-11-09 12:58]
S3 USB10T2B;Linksys USB 10Base-T Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\USB10T2B.sys [2001-06-18 14:24]
S3 USBENET;%USBENET.DriverDesc%;C:\WINDOWS\system32\DRIVERS\USB10T2N.SYS [2000-01-11 04:00]
S4 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-10-11 16:48]
S4 SSCollect;SmarterStats Service;"C:\Program Files\SmarterTools\SmarterStats\Service\SSSvc.exe" [2007-07-24 13:21]
S4 SSWebSvr;SmarterStats Web Server;"C:\Program Files\SmarterTools\SmarterStats\Web Server\SSWebSvr.exe" [2003-07-21 17:32]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 19:34:28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{E1E03728-5B7D-4E44-B77D-0F226A858634}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 12:09:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Synergy\synrgyhk.dll
.
Completion time: 2008-05-18 12:19:50
ComboFix-quarantined-files.txt 2008-05-18 17:18:46
ComboFix2.txt 2008-05-17 18:14:07
ComboFix3.txt 2008-05-17 13:11:52
ComboFix4.txt 2008-05-14 05:07:25

Pre-Run: 9,805,955,072 bytes free
Post-Run: 9,786,798,080 bytes free

344 --- E O F --- 2008-05-17 10:08:55


Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:47 PM, on 05/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synergy\synergys.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\mathisjr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100132368605
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126140474211
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.net/fvlite22/fvlite.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.iwantdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.broderbund.com/IFW/Cabs/isetup.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://ns-radio.netscape.com/radio/cabs/ampx.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.21/ttinst.cab
O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - http://download.verizon.net/sfp/Cabs/max_u...pdate_1-0-0.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/bfbbe9...0/Installer.exe
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728Ax....RichUpload.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} (LifePicsUploader.UserControl1) - http://www.hebphoto.com/common/UserUpload/...icsUploader.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Micr....RichUpload.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://stores.homestead.com/storeadmin/uti...es/pssbedit.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Synergy Server - Unknown owner - C:\Program Files\Synergy\synergys.exe

--
End of file - 15393 bytes

#10 Markka

Markka

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 18 May 2008 - 01:17 PM

Hello :thumbsup:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Post:
- A fresh HijackThis log
- Logfile of MBAM

#11 mathisjr

mathisjr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 18 May 2008 - 02:21 PM

Hello,

Here are the logs you requested.

Malwarebytes

Malwarebytes' Anti-Malware 1.12
Database version: 762

Scan type: Quick Scan
Objects scanned: 41859
Time elapsed: 14 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.bgxw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{240a2128-acd4-4124-87af-527124caac38} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:52 PM, on 05/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synergy\synergys.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\mathisjr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100132368605
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126140474211
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.net/fvlite22/fvlite.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.iwantdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.broderbund.com/IFW/Cabs/isetup.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://ns-radio.netscape.com/radio/cabs/ampx.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.21/ttinst.cab
O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - http://download.verizon.net/sfp/Cabs/max_u...pdate_1-0-0.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/bfbbe9...0/Installer.exe
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728Ax....RichUpload.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} (LifePicsUploader.UserControl1) - http://www.hebphoto.com/common/UserUpload/...icsUploader.CAB
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Micr....RichUpload.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://stores.homestead.com/storeadmin/uti...es/pssbedit.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Synergy Server - Unknown owner - C:\Program Files\Synergy\synergys.exe

--
End of file - 15362 bytes

#12 Markka

Markka

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 19 May 2008 - 09:56 AM

Hello :thumbsup:

Kaspersky online scanner works only with Internet Explorer!

Please run an online scanner with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
____________

Post:
- A fresh HijackThis log
- Kaspersky's report

#13 mathisjr

mathisjr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 20 May 2008 - 08:17 PM

Hello and thank you again for the advice. Here are the log files requested.

Kaspersky

KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 20, 2008 7:55:25 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/05/2008
Kaspersky Anti-Virus database records: 788306


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 211848
Number of viruses found 9
Number of infected objects 50
Number of suspicious objects 0
Duration of the scan process 05:21:58

Infected Object Name Virus Name Last Action
C:\526a4f20388087a7a1798a\SP2QFE\acadproc.dll Object is locked skipped

C:\526a4f20388087a7a1798a\SP2QFE\apphelp.sdb Object is locked skipped

C:\526a4f20388087a7a1798a\SP2QFE\apph_sp.sdb Object is locked skipped

C:\526a4f20388087a7a1798a\SP2QFE\sysmain.sdb Object is locked skipped

C:\526a4f20388087a7a1798a\spmsg.dll Object is locked skipped

C:\526a4f20388087a7a1798a\spuninst.exe Object is locked skipped

C:\526a4f20388087a7a1798a\update\branches.inf Object is locked skipped

C:\526a4f20388087a7a1798a\update\eula.txt Object is locked skipped

C:\526a4f20388087a7a1798a\update\KB926239.CAT Object is locked skipped

C:\526a4f20388087a7a1798a\update\spcustom.dll Object is locked skipped

C:\526a4f20388087a7a1798a\update\update.exe Object is locked skipped

C:\526a4f20388087a7a1798a\update\update.ver Object is locked skipped

C:\526a4f20388087a7a1798a\update\updatebr.inf Object is locked skipped

C:\526a4f20388087a7a1798a\update\update_SP2QFE.inf Object is locked skipped

C:\526a4f20388087a7a1798a\update\updspapi.dll Object is locked skipped

C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.1 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.5.Crwl Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.5.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.ci Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wsb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010027.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy80.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy81.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf3.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf4.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_580.dat Object is locked skipped

C:\Documents and Settings\All Users\Documents\rockxp.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\All Users\Documents\rockxp.exe/data.rar/keyms.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\All Users\Documents\rockxp.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\All Users\Documents\rockxp.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\All Users\Documents\rockxp.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\All Users\Documents\rockxp.exe RarSFX: infected - 5 skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mathis\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\cert8.db Object is locked skipped

C:\Documents and Settings\Mathis\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\history.dat Object is locked skipped

C:\Documents and Settings\Mathis\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\key3.db Object is locked skipped

C:\Documents and Settings\Mathis\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\parent.lock Object is locked skipped

C:\Documents and Settings\Mathis\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Mathis\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-41328f65/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-41328f65/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-41328f65/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-41328f65 ZIP: infected - 3 skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\6.0\34\4e8812a2-6a7c88f2 Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-46fdd70b/vmain.class Infected: Exploit.Java.Gimsh.b skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-46fdd70b ZIP: infected - 1 skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-50c771fb/vmain.class Infected: Exploit.Java.Gimsh.b skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-50c771fb ZIP: infected - 1 skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-593ebb39-4e1cd656.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ehp2_stdneh.jar-42e05065-43e6c606.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ehp2_stdneh.jar-42e05065-43e6c606.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ehp2_stdneh.jar-42e05065-43e6c606.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ehp2_stdneh.jar-42e05065-43e6c606.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-7246bdf3.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-7246bdf3.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-24ae3996.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-24ae3996.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Mathis\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Mathis\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mathis\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mathis\Desktop\SmitfraudFix.exe RAR: infected - 1 skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/05 Mar 2006 03:26 to 'Joe_Mathis@Dell.com':/rockxp.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/05 Mar 2006 03:26 to 'Joe_Mathis@Dell.com':/rockxp.exe/data.rar/keyms.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/05 Mar 2006 03:26 to 'Joe_Mathis@Dell.com':/rockxp.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/05 Mar 2006 03:26 to 'Joe_Mathis@Dell.com':/rockxp.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/05 Mar 2006 03:26 to 'Joe_Mathis@Dell.com':/rockxp.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/05 Mar 2006 03:26 to 'Joe_Mathis@Dell.com':/rockxp.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst MailMSMaill: infected - 6 skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\Cache\63329BDCd01/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\Cache\63329BDCd01 RAR: infected - 1 skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\History\History.IE5\MSHist012008052020080521\index.dat Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Temp\~DF138F.tmp Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Temp\~DF13F5.tmp Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Temp\~DF1D8.tmp Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Temp\~DF3FA6.tmp Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mathis\My Documents\Boosters\2008\Committees.xls Object is locked skipped

C:\Documents and Settings\Mathis\My Documents\JDLB Companies, LLC\FlyRecipes.com\Business Files\BOJ Development\Filtering for Flies.xls Object is locked skipped

C:\Documents and Settings\Mathis\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Mathis\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_754.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\LogMeIn\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\Program Files\LogMeIn\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c skipped

C:\Program Files\LogMeIn\update\2-30-523.bak\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\Program Files\LogMeIn\update\2-30-523.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\Program Files\LogMeIn\update\2-30-537.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c skipped

C:\Program Files\LogMeIn\update\2-30-547.bak\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\Program Files\LogMeIn\update\2-30-547.bak\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\Program Files\LogMeIn\update\2-30-547.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_114.trc Object is locked skipped

C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Program Files\MozyHome\Config\conf.dat Object is locked skipped

C:\Program Files\MozyHome\Data\mozy.log Object is locked skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP415\A0042291.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP415\A0042293.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP421\A0044084.dll Object is locked skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP430\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\ODiag.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\OSession.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\WINDOWS\SYSTEM32\LMIinit.dll.000.bak Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:30 PM, on 05/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synergy\synergys.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Macromedia\HomeSite 5\HomeSite5.Exe
C:\Program Files\Bradbury\TopStyle3\TopStyle3_.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\FileZilla\FileZilla.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Trend Micro\HijackThis\mathisjr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100132368605
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126140474211
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.net/fvlite22/fvlite.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.iwantdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.broderbund.com/IFW/Cabs/isetup.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://ns-radio.netscape.com/radio/cabs/ampx.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.21/ttinst.cab
O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - http://download.verizon.net/sfp/Cabs/max_u...pdate_1-0-0.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/bfbbe9...0/Installer.exe
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728Ax....RichUpload.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} (LifePicsUploader.UserControl1) - http://www.hebphoto.com/common/UserUpload/...icsUploader.CAB
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Micr....RichUpload.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://stores.homestead.com/storeadmin/uti...es/pssbedit.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Synergy Server - Unknown owner - C:\Program Files\Synergy\synergys.exe

--
End of file - 15784 bytes

#14 Markka

Markka

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 21 May 2008 - 08:17 AM

Hello :thumbsup:

Delete these files:

C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\Documents and Settings\All Users\Documents\rockxp.exe
_______________

Please clear Sun Java Runtime Environment (JRE) Cache.
  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
  • Select the General Tab
  • Click Settings under Temporary Internet Files
  • Click Delete Files.
  • Place a check next to Applications and Applets and Trace and Log Files
  • Click OK
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Close the Java Control Panel
_______________

Disable system restore:
  • Right click on my computer icon
  • Choose properties
  • Click on system restore tab
  • Select Turn off System Restore
  • Click apply and click OK
  • Reboot!
Enable system restore:
  • Right click on my computer icon
  • Choose properties
  • Click on system restore tab
  • un-check Turn off System Restore
  • Click apply and click OK
  • Reboot!
________________

Re-run with Kaspersky online scanner!

Post:
- A fresh HijackThis log
- Kaspersky's report

#15 mathisjr

mathisjr
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 21 May 2008 - 10:09 PM

Hi, I have done as requested. Here are the log files.

Kaspersky

KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 21, 2008 10:05:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/05/2008
Kaspersky Anti-Virus database records: 791182


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 202694
Number of viruses found 7
Number of infected objects 32
Number of suspicious objects 0
Duration of the scan process 04:49:36

Infected Object Name Virus Name Last Action
C:\526a4f20388087a7a1798a\SP2QFE\acadproc.dll Object is locked skipped

C:\526a4f20388087a7a1798a\SP2QFE\apphelp.sdb Object is locked skipped

C:\526a4f20388087a7a1798a\SP2QFE\apph_sp.sdb Object is locked skipped

C:\526a4f20388087a7a1798a\SP2QFE\sysmain.sdb Object is locked skipped

C:\526a4f20388087a7a1798a\spmsg.dll Object is locked skipped

C:\526a4f20388087a7a1798a\spuninst.exe Object is locked skipped

C:\526a4f20388087a7a1798a\update\branches.inf Object is locked skipped

C:\526a4f20388087a7a1798a\update\eula.txt Object is locked skipped

C:\526a4f20388087a7a1798a\update\KB926239.CAT Object is locked skipped

C:\526a4f20388087a7a1798a\update\spcustom.dll Object is locked skipped

C:\526a4f20388087a7a1798a\update\update.exe Object is locked skipped

C:\526a4f20388087a7a1798a\update\update.ver Object is locked skipped

C:\526a4f20388087a7a1798a\update\updatebr.inf Object is locked skipped

C:\526a4f20388087a7a1798a\update\update_SP2QFE.inf Object is locked skipped

C:\526a4f20388087a7a1798a\update\updspapi.dll Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwdsvc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.6.Crwl Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.6.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wsb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy115.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_7a0.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-593ebb39-4e1cd656.class Infected: Trojan-Downloader.Java.OpenStream.y skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ehp2_stdneh.jar-42e05065-43e6c606.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ehp2_stdneh.jar-42e05065-43e6c606.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ehp2_stdneh.jar-42e05065-43e6c606.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ehp2_stdneh.jar-42e05065-43e6c606.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-7246bdf3.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-7246bdf3.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-24ae3996.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped

C:\Documents and Settings\Mathis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-24ae3996.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Mathis\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Mathis\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mathis\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mathis\Desktop\SmitfraudFix.exe RAR: infected - 1 skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/05 Mar 2006 03:26 to 'Joe_Mathis@Dell.com':/rockxp.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/05 Mar 2006 03:26 to 'Joe_Mathis@Dell.com':/rockxp.exe/data.rar/keyms.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/05 Mar 2006 03:26 to 'Joe_Mathis@Dell.com':/rockxp.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/05 Mar 2006 03:26 to 'Joe_Mathis@Dell.com':/rockxp.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/05 Mar 2006 03:26 to 'Joe_Mathis@Dell.com':/rockxp.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/05 Mar 2006 03:26 to 'Joe_Mathis@Dell.com':/rockxp.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst MailMSMaill: infected - 6 skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\Cache\63329BDCd01/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mathis\Local Settings\Application Data\Mozilla\Firefox\Profiles\9q12hgil.default\Cache\63329BDCd01 RAR: infected - 1 skipped

C:\Documents and Settings\Mathis\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\History\History.IE5\MSHist012008052120080522\index.dat Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Mathis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mathis\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Mathis\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_684.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\LogMeIn\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\Program Files\LogMeIn\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c skipped

C:\Program Files\LogMeIn\update\2-30-523.bak\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\Program Files\LogMeIn\update\2-30-523.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\Program Files\LogMeIn\update\2-30-537.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c skipped

C:\Program Files\LogMeIn\update\2-30-547.bak\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\Program Files\LogMeIn\update\2-30-547.bak\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\Program Files\LogMeIn\update\2-30-547.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.c skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_117.trc Object is locked skipped

C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Program Files\MozyHome\Config\conf.dat Object is locked skipped

C:\Program Files\MozyHome\Data\manifest.dat Object is locked skipped

C:\Program Files\MozyHome\Data\mozy.log Object is locked skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\ODiag.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\OSession.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\WINDOWS\SYSTEM32\LMIinit.dll.000.bak Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:41 PM, on 05/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synergy\synergys.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Macromedia\HomeSite 5\HomeSite5.Exe
C:\Program Files\FileZilla\FileZilla.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Bradbury\TopStyle3\TopStyle3_.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\mathisjr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100132368605
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126140474211
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.net/fvlite22/fvlite.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.iwantdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.broderbund.com/IFW/Cabs/isetup.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://ns-radio.netscape.com/radio/cabs/ampx.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.21/ttinst.cab
O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - http://download.verizon.net/sfp/Cabs/max_u...pdate_1-0-0.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/bfbbe9...0/Installer.exe
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728Ax....RichUpload.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DADE1C2F-5A48-445C-82B5-3A5F102E84DF} (LifePicsUploader.UserControl1) - http://www.hebphoto.com/common/UserUpload/...icsUploader.CAB
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Micr....RichUpload.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://stores.homestead.com/storeadmin/uti...es/pssbedit.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify214.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBB0CFC1-C2FB-424B-A45E-6A4D1F47FC1D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Synergy Server - Unknown owner - C:\Program Files\Synergy\synergys.exe

--
End of file - 15686 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users