Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups From C5.zedo.com And Cannot Remove


  • This topic is locked This topic is locked
8 replies to this topic

#1 bluedawncamel

bluedawncamel

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 17 June 2008 - 12:29 AM

I have run several scans and tried to remove this please help. I have attached Deckards scans.

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:35 PM

Posted 17 June 2008 - 02:46 PM

Hi,

Please do not attach your logs, but copy and paste them in the thread instead.

Please uninstall the following programs via add/remove:

CPV
Internet Speed Monitor
Svconr

Reboot afterwards.

After reboot, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that..
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 bluedawncamel

bluedawncamel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 18 June 2008 - 01:07 PM

It may take me a few days to get this accomplished. I appreciate your quick response. I will followup. Thanks

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:35 PM

Posted 18 June 2008 - 01:23 PM

Ok, just don't wait too long with this, because malware installs more malware all the time and it damages a LOT.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 bluedawncamel

bluedawncamel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 23 June 2008 - 10:41 PM

Okay I removed the programs and ran per instructions. I thought I disabled all of the anti-v etc and then My computer did restart in xp home edition (I have to use the pfkeys to maneuver thru startup) Anyway some of the programs came up in autostart so I am hoping I didn't mess this up. After prompt, Do I restart in recovery console mode or XP? I appreciate your help. I have way too many things starting up automatically.
ComboFix 08-06-16.5 - Tina 2008-06-23 21:02:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.598 [GMT -6:00]
Running from: C:\Documents and Settings\Tina\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tina\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\CPV.stt
C:\Program Files\Spcron
C:\WINDOWS\17PHolmes2073.exe
C:\WINDOWS\Config\csrss.exe
C:\WINDOWS\mrofinu2050.exe.tmp
C:\WINDOWS\mrofinu2073.exe.tmp
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\version69ie7fix.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.

2008-06-21 04:47 . 2008-06-21 04:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-06-20 06:45 . 2008-06-20 06:45 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-06-17 23:35 . 2008-06-21 17:09 <DIR> d-------- C:\Program Files\Vcsron
2008-06-16 22:45 . 2008-06-16 22:45 <DIR> d-------- C:\Deckard
2008-06-16 20:58 . 2008-06-16 20:58 <DIR> d-------- C:\VundoFix Backups
2008-06-16 19:59 . 2008-06-23 19:50 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-16 19:59 . 2008-06-16 19:59 <DIR> d-------- C:\Documents and Settings\Tina\Application Data\PC Tools
2008-06-16 19:59 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-16 19:59 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-16 19:59 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-16 19:59 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-16 19:57 . 2008-06-23 03:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-16 18:49 . 2008-06-16 18:49 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-14 21:01 . 2008-06-14 21:01 <DIR> d-------- C:\Program Files\Safari
2008-06-14 14:14 . 2008-06-14 14:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-14 12:49 . 2008-06-14 12:48 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-14 12:49 . 2008-06-14 12:49 2,545 --a------ C:\WINDOWS\unins000.dat
2008-06-14 12:40 . 2008-06-14 17:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-14 12:40 . 2008-06-14 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-14 05:51 . 2008-06-14 07:21 <DIR> d-------- C:\Program Files\mjc
2008-06-13 08:52 . 2008-06-13 05:52 214,016 --------- C:\WINDOWS\b148.exe_old
2008-06-11 01:23 . 2008-06-13 07:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 01:23 . 2008-06-13 07:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 16:45 . 2008-06-05 16:45 <DIR> d-------- C:\Microgaming
2008-06-05 15:11 . 2008-06-05 15:12 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-30 08:40 . 2008-05-30 05:40 542,208 --------- C:\WINDOWS\b159.exe_old

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 02:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-23 16:44 --------- d-----w C:\Program Files\PokerStars
2008-06-21 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-18 04:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-17 04:32 --------- d-----w C:\Program Files\Google
2008-06-17 03:59 --------- d-----w C:\Program Files\Java
2008-06-15 18:36 --------- d-----w C:\Documents and Settings\Tina\Application Data\Apple Computer
2008-06-15 18:28 --------- d-----w C:\Program Files\World of Warcraft
2008-06-15 03:14 --------- d-----w C:\Program Files\Warcraft III
2008-06-15 03:13 --------- d-----w C:\Program Files\Legend Of Ares
2008-06-15 03:11 --------- d-----w C:\Program Files\MySpace
2008-06-15 03:10 --------- d--h--r C:\Documents and Settings\Tina\Application Data\yahoo!
2008-06-15 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-06 23:43 --------- d-----w C:\Documents and Settings\Tina\Application Data\Microgaming
2008-06-05 21:24 --------- d-----w C:\Program Files\QuickTime
2008-05-30 22:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-30 22:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-30 22:09 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-30 22:09 --------- d-----w C:\Program Files\Symantec
2008-05-26 07:59 --------- d-----w C:\Program Files\Full Tilt Poker
2008-05-18 07:30 --------- d-----w C:\Program Files\Ventrilo
2008-05-18 07:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-04 08:13 --------- d-----w C:\Program Files\InnerSpace
2008-05-04 08:08 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-04 08:08 --------- d-----w C:\Program Files\MSBuild
2008-05-04 08:06 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-03 16:46 --------- d-----w C:\Program Files\LimeWire
2007-05-09 02:46 374 ----a-w C:\Documents and Settings\Tina\Application Data\internaldb6334.dat
2007-05-09 02:46 18,432 ----a-w C:\Documents and Settings\Tina\Application Data\internaldb41.dat
2007-05-09 02:45 538 ----a-w C:\Documents and Settings\Tina\Application Data\internaldb8467.dat
2007-04-07 02:36 2,010,624 ----a-w C:\Program Files\ventrilo-2.3.0-Windows-i386.exe
2006-11-24 18:46 56 --sh--r C:\WINDOWS\system32\4DBD426A73.sys
2006-11-24 18:46 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBowlingSetup.exe"="C:\DOWNLO~1\SSBOWL~1.exe" [ ]
"Antwar_Setup.exe"="C:\DOWNLO~1\ANTWAR~1.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 14:21 3461120]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
"mjc"="C:\Program Files\mjc\mjc.exe" [2008-06-14 05:51 145408]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"@"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZCfgSvc.exe"="C:\WINDOWS\system32\ZCfgSvc.exe" [2004-06-17 12:12 409664]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2004-05-24 15:59 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CTSVolFE"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 15:57 57344]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23 114688]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 17:22 53096]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\PrintMaster Platinum 17\Remind.exe [2006-02-22 12:45:54 344064]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2004-06-17 12:14 180290 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6119:UDP"= 6119:UDP:wacraft
"6112:TCP"= 6112:TCP:wacraft

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-11-22 20:01]
S3 XDva008;XDva008;C:\WINDOWS\system32\XDva008.sys []
S3 XDva030;XDva030;C:\WINDOWS\system32\XDva030.sys []

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-22 02:59:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-24 03:03:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-21 02:00:19 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Tina.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 21:08:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-06-23 21:14:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-24 03:14:21

Pre-Run: 89,447,583,744 bytes free
Post-Run: 90,494,631,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

217 --- E O F --- 2008-06-20 09:00:51

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:35 PM

Posted 24 June 2008 - 12:08 AM

Hi,

after prompt, Do I restart in recovery console mode or XP?

No, just let it reboot as usual.

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\b148.exe_old
C:\WINDOWS\b159.exe_old
Folder::
C:\Program Files\mjc
C:\VundoFix Backups
Driver::
XDva008
XDva030
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBowlingSetup.exe"=-
"Antwar_Setup.exe"=-
"mjc"=-
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=-


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 bluedawncamel

bluedawncamel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 25 June 2008 - 09:57 PM

Here is the Combo Fix log and HijackThis log. Thank you
ComboFix 08-06-16.5 - Tina 2008-06-25 20:28:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.594 [GMT -6:00]
Running from: C:\Documents and Settings\Tina\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tina\Desktop\CFScript.txt.lnk
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-21 04:47 . 2008-06-21 04:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-06-20 06:45 . 2008-06-20 06:45 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-06-17 23:35 . 2008-06-21 17:09 <DIR> d-------- C:\Program Files\Vcsron
2008-06-16 22:45 . 2008-06-16 22:45 <DIR> d-------- C:\Deckard
2008-06-16 19:57 . 2008-06-25 05:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-16 18:49 . 2008-06-16 18:49 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-14 21:01 . 2008-06-14 21:01 <DIR> d-------- C:\Program Files\Safari
2008-06-14 14:14 . 2008-06-14 14:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-14 12:40 . 2008-06-25 20:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-14 12:40 . 2008-06-25 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-11 01:23 . 2008-06-13 07:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 01:23 . 2008-06-13 07:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 16:45 . 2008-06-05 16:45 <DIR> d-------- C:\Microgaming
2008-06-05 15:11 . 2008-06-05 15:12 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 02:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-26 02:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 07:18 --------- d-----w C:\Program Files\PokerStars
2008-06-21 09:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-17 04:32 --------- d-----w C:\Program Files\Google
2008-06-17 03:59 --------- d-----w C:\Program Files\Java
2008-06-15 18:36 --------- d-----w C:\Documents and Settings\Tina\Application Data\Apple Computer
2008-06-15 18:28 --------- d-----w C:\Program Files\World of Warcraft
2008-06-15 03:14 --------- d-----w C:\Program Files\Warcraft III
2008-06-15 03:13 --------- d-----w C:\Program Files\Legend Of Ares
2008-06-15 03:11 --------- d-----w C:\Program Files\MySpace
2008-06-15 03:10 --------- d--h--r C:\Documents and Settings\Tina\Application Data\yahoo!
2008-06-15 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-06 23:43 --------- d-----w C:\Documents and Settings\Tina\Application Data\Microgaming
2008-06-05 21:24 --------- d-----w C:\Program Files\QuickTime
2008-05-30 22:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-30 22:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-30 22:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-30 22:09 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-30 22:09 --------- d-----w C:\Program Files\Symantec
2008-05-26 07:59 --------- d-----w C:\Program Files\Full Tilt Poker
2008-05-18 07:30 --------- d-----w C:\Program Files\Ventrilo
2008-05-18 07:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 08:13 --------- d-----w C:\Program Files\InnerSpace
2008-05-04 08:08 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-04 08:08 --------- d-----w C:\Program Files\MSBuild
2008-05-04 08:06 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-03 16:46 --------- d-----w C:\Program Files\LimeWire
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2007-05-09 02:46 374 ----a-w C:\Documents and Settings\Tina\Application Data\internaldb6334.dat
2007-05-09 02:46 18,432 ----a-w C:\Documents and Settings\Tina\Application Data\internaldb41.dat
2007-05-09 02:45 538 ----a-w C:\Documents and Settings\Tina\Application Data\internaldb8467.dat
2007-04-07 02:36 2,010,624 ----a-w C:\Program Files\ventrilo-2.3.0-Windows-i386.exe
2006-11-24 18:46 56 --sh--r C:\WINDOWS\system32\4DBD426A73.sys
2006-11-24 18:46 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-25_20.17.54.80 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 02:11:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 02:25:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 14:21 3461120]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZCfgSvc.exe"="C:\WINDOWS\system32\ZCfgSvc.exe" [2004-06-17 12:12 409664]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2004-05-24 15:59 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CTSVolFE"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 15:57 57344]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23 114688]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 17:22 53096]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\PrintMaster Platinum 17\Remind.exe [2006-02-22 12:45:54 344064]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2004-06-17 12:14 180290 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6119:UDP"= 6119:UDP:wacraft
"6112:TCP"= 6112:TCP:wacraft

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-11-22 20:01]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-22 02:59:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-26 02:03:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-21 02:00:19 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Tina.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 20:31:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-25 20:34:15
ComboFix-quarantined-files.txt 2008-06-26 02:34:11
ComboFix2.txt 2008-06-26 02:18:15
ComboFix3.txt 2008-06-24 03:14:29

Pre-Run: 90,398,814,208 bytes free
Post-Run: 90,386,059,264 bytes free

149 --- E O F --- 2008-06-20 09:00:51
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:57 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Tina\LOCALS~1\Temp\Rar$EX01.969\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSVolFE] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: Magic Holdem.lnk = C:\Program Files\Magic Holdem\MagicHoldem.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Platinum 17\Remind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by137fd.bay137.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11575 bytes

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:35 PM

Posted 26 June 2008 - 12:10 AM

Hi,

This looks OK again.

Check and fix next orphaned entries in HijackThis:

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:35 PM

Posted 04 July 2008 - 07:27 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users